In this authoritative book, widely respected practitioner and teacher Matt Bishop presents a clear and useful introduction to the art and science of information security. Bishop's insights and realistic examples will help any practitioner or student understand the crucial links between security theory and the day-to-day security challenges of IT environments.Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.Coverage includes Confidentiality, integrity, and availability Operational issues, cost-benefit and risk analyses, legal and human factors Planning and implementing effective access control Defining security, confidentiality, and integrity policies Using cryptography and public-key systems, and recognizing their limits Understanding and using authentication: from passwords to biometrics Security design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and more Controlling information flow through systems and networks Assuring security throughout the system lifecycle Malicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against them Vulnerability analysis, penetration studies, auditing, and intrusion detection and prevention Applying security principles to networks, systems, users, and programsIntroduction to Computer Security is adapted from Bishop's comprehensive and widely praised book, Computer Security: Art and Science. This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.
Cited By
- khobzaoui A, Benhamouda M and Fahsi M Data mining Contribution to Intrusion Detection Systems Improvement Proceedings of the 10th International Conference on Information Systems and Technologies, (1-8)
- Weichbroth P, Łysik Ł and Li Q (2020). Mobile Security, Mobile Information Systems, 2020, Online publication date: 1-Jan-2020.
- Mamonov S and Benbunan-Fich R (2018). The impact of information security threat awareness on privacy-protective behaviors, Computers in Human Behavior, 83:C, (32-44), Online publication date: 1-Jun-2018.
- Albalawi T, Melton A and Rothstein M A New Approach to Data Dynamic Integrity Control Proceedings of the International Conference on Internet of things and Cloud Computing, (1-8)
- Taylor B and Kaza S (2016). Security Injections@Towson, ACM Transactions on Computing Education, 16:4, (1-20), Online publication date: 13-Oct-2016.
- Schmeelk S, Yang J and Aho A Android Malware Static Analysis Techniques Proceedings of the 10th Annual Cyber and Information Security Research Conference, (1-8)
- Jensen M Applying the protection goals for privacy engineering to mobile devices Proceedings of the 8th ACM Conference on Security & Privacy in Wireless and Mobile Networks, (1-2)
- Simpson A, Martin A, Cremers C, Flechais I, Martinovic I and Rasmussen K Experiences in developing and delivering a programme of part-time education in software and systems security Proceedings of the 37th International Conference on Software Engineering - Volume 2, (435-444)
- Williams J (2015). Paula Rice: The C-Suite via the Rabbit Hole, IT Professional, 17:3, (70-72), Online publication date: 1-May-2015.
- Boyes H (2015). Security, Privacy, and the Built Environment, IT Professional, 17:3, (25-31), Online publication date: 1-May-2015.
- Rachapalli J, Khadilkar V, Kantarcioglu M and Thuraisingham B Towards fine grained RDF access control Proceedings of the 19th ACM symposium on Access control models and technologies, (165-176)
- Krishnan V, Tripunitara M, Chik K and Bergstrom T Relating declarative semantics and usability in access control Proceedings of the Eighth Symposium on Usable Privacy and Security, (1-13)
- Kiertscher T, Vielhauer C and Leich M Automated forensic fingerprint analysis Proceedings of the COST 2101 European conference on Biometrics and ID management, (262-273)
- Azadmanesh M and Sharifi M Towards a system-wide and transparent security mechanism using language-level information flow control Proceedings of the 3rd international conference on Security of information and networks, (19-26)
- Hoke C Internet voting Proceedings of the 2010 Workshop on Governance of Technology, Information and Policies, (61-70)
- Steinbacher P, Fankhauser F, Schanes C and Grechenig T Black-box approach for testing quality of service in case of security incidents on the example of a SIP-based VoIP service Principles, Systems and Applications of IP Telecommunications, (101-110)
- Schleinzer B and Yoshioka N A security pattern for data integrity in P2P systems Proceedings of the 17th Conference on Pattern Languages of Programs, (1-5)
- Abawajy J Design and Delivery of Undergraduate IT Security Management Course Proceedings of the 3rd International Conference and Workshops on Advances in Information Security and Assurance, (402-411)
- Marchand H, Dubreil J and Jéron T Automatic Testing of Access Control for Security Properties Proceedings of the 21st IFIP WG 6.1 International Conference on Testing of Software and Communication Systems and 9th International FATES Workshop, (113-128)
- Monteiro S and Erbacher R (2008). An authentication and validation mechanism for analyzing syslogs forensically, ACM SIGOPS Operating Systems Review, 42:3, (41-50), Online publication date: 1-Apr-2008.
- Myers J and Riela S (2008). Taming the diversity of information assurance & security, Journal of Computing Sciences in Colleges, 23:4, (173-179), Online publication date: 1-Apr-2008.
- de Oliveira A (2007). Rewriting-Based Access Control Policies, Electronic Notes in Theoretical Computer Science (ENTCS), 171:4, (59-72), Online publication date: 1-Jul-2007.
- Yu H, Liao W, Yuan X and Xu J Teaching a web security course to practice information assurance Proceedings of the 37th SIGCSE technical symposium on Computer science education, (12-16)
- Yu H, Liao W, Yuan X and Xu J (2006). Teaching a web security course to practice information assurance, ACM SIGCSE Bulletin, 38:1, (12-16), Online publication date: 31-Mar-2006.
- Aura T, Kuhn T and Roe M Scanning electronic documents for personally identifiable information Proceedings of the 5th ACM workshop on Privacy in electronic society, (41-50)
Index Terms
- Introduction to Computer Security