Security in Computing, 4th Edition
- By Charles P. Pfleeger, Shari Lawrence Pfleeger
- Published Oct 13, 2006 by Prentice Hall.
- Copyright 2007
- Dimensions: 7x9-1/4
- Pages: 880
- Edition: 4th
- ISBN-10: 0-13-239077-9
- ISBN-13: 978-0-13-239077-4
- eBook (Adobe DRM)
- ISBN-10: 0-13-134794-2
- ISBN-13: 978-0-13-134794-6
Register your product to gain access to bonus material or receive a coupon.
Product Author Bios
Charles P. Pfleeger is an independent information security consultant and principal of the Pfleeger Consulting Group. He specializes in threat/vulnerability analysis, system design review, certification preparation, expert witness testimony, and training.
Shari Lawrence Pfleeger, a senior information scientist at the RAND Corporation, has written ten books on software engineering, measurement, and quality, including Software Engineering: Theory and Practice, Third Edition (Prentice Hall, 2006). She was named one of the world's top software engineering researchers by the Journal of Systems and Software.
The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security
For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.
The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.
Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.
New coverage also includes
- Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
- Web application threats and vulnerabilities
- Networks of compromised systems: bots, botnets, and drones
- Rootkits--including the notorious Sony XCP
- Wi-Fi network security challenges, standards, and techniques
- New malicious code attacks, including false interfaces and keystroke loggers
- Improving code quality: software engineering, testing, and liability approaches
- Biometric authentication: capabilities and limitations
- Using the Advanced Encryption System (AES) more effectively
- Balancing dissemination with piracy control in music and other digital content
- Countering new cryptanalytic attacks against RSA, DES, and SHA
- Responding to the emergence of organized attacker groups pursuing profit
This site contains material supplemental to Security in Computing, 4/e, including:
- PowerPoint slides of the text illustrations: figures-1.zip
- Links to related videos.
- Links to security-related Web sites picked by the authors.
- Updated sidebars abstracting computer security reports and articles, with
links to the full text.
- Sample syllabi for using the book in college-level courses.
- Instructor's Manual - Professors, please contact your local Prentice
Hall Sales Representative.
(Link check: After links in this list you will find a month and year in parentheses
to show when the link was last checked and found to be valid. Please help us
maintain the currency of this list by reporting any inactive links.)
Nova sometimes does interesting one-hour stories on things related to computer
security. For example, there was a program called "Secrets,
Lies and Atomic Spies," that chronicles the spies in the 1940s and
how they operated. There is information about coded messages, examples of ciphers,
and so on. Others
are called "Decoding Nazi Secrets," "Secrets of Making Money,"
and "The KGB, the Computer and Me" (a version of Cliff Stoll's "Stalking
the Wily Hacker"). (Dec 06)
The PBS program Frontline is also an excellent source of good, accurate
stories of interest in computer security. In "Hackers"
they interview people from security professionals to hackers to understand the
hacker threat. Read the interviews at http://www.pbs.org/wgbh/pages/frontline/shows/hackers/risks/dangers.html.
Related to the economics of cybersecurity (Chapter 9) Frontline also interviewed
professionals on measuring the costs of cybercrime. Read the interviews at http://www.pbs.org/wgbh/pages/frontline/shows/hackers/risks/cost.html.
The interviews also covered web surfing privacy (Chapter 10) and web bugs, cookies,
and tracking. The interviews are at http://www.pbs.org/wgbh/pages/frontline/shows/hackers/risks/corphack.html.
The BBC program Panorama does hard-hitting documentaries, and some of their programs are available on video. Examples that might interest you are "Cyber Attack" (With the world still reeling from the Lovebug virus, which infected millions of computers Panorama viewer John Chamberlain decided to test the security of the Powergen website after seeing the program, and exposed flaws in their protection of personal information.) See http://news.bbc.co.uk/1/hi/programmes/panorama/817114.stm ) and "Attack of the Cyber Pirates". Unfortunately, Panorama has not done any episodes on computer security topics recently. (Dec 06)
Commercial Portals and Private Links Lists
Many security portals have links to web sites related to security. And although
they are not portals in the commercial sense, some computer security researchers
maintain extensive lists of links. Several good portal sites are:
Purdue University's Center for Education and Research in Information Assurance and Security (CERIAS) provides a hotlist of links to websites, publications, and events in security. (Dec 06)
The Computer Emergency Response Team Coordinating
Center (CERT-CC), located at the Software Engineering Institute at Carnegie
Mellon University, is a center of Internet security expertise. The center's
research involves handling computer security incidents and vulnerabilities,
publishing security alerts, researching long-term changes in networked systems,
and developing information and training to help improve security at your site.
The SANS (SysAdmin, Audit, Network, Security) Institute site
offers resources such as their lists of top vulnerabilities and FAQs on topics
such as malware and intrusion detection. In addition, SANS provides a reading
room with over 1700 articles and references related to information security.
InfosysSec is a comprehensive portal
for information security links. In addition to a scrolling list of pointers
to security news items, they publish links to many newsletters, tools, research
resources, commercial white papers. The site is indexed and searchable. (Dec
SecurityFocus, Inc. provides a
library of vulnerabilities, news articles, and white papers related to computer
security. Especially noteworthy is its famous bugtraq archive/mailing list of
security-relevant flaws. (Dec 06)
The Institute for Electrical and Electronics Engineers (IEEE) Computer
Society, Technical Committee on Security and Privacy maintains a good listing
of journals and conferences in security. Its newsletter, Cipher,
provides information on past and upcoming workshops and conferences, book reviews,
and reports all related to computer security. It calendar
of events is a comprehensive listing of upcoming computer security conferences.
The National Institute of Standards and Technology (NIST) early security papers archive has copies of some of the original and sometimes hard-to-find papers in security. (Dec 06)
Ross Anderson's web page at
is a veritable treasure trove of good links. One of the top researchers in computer
security, Anderson organizes his web page by his own research interest topics.
But because he is interested in so many facets of computer security, his links
will lead you many of the important topics in computer security. (Dec 06)
Similarly, Bruce Schneier is an eminent computer security researcher with broad
interests. Schneier's web site
covers his blog of current incidents and issues in the field, with some well-based
predictions for the future. (Dec 06)
Tom Dunigan's web page has lots of resources, although he is not maintaining it regularly these days. (Dec 06)<
14 of 14 people found the following review helpful
Best textbook on the market,
10 of 10 people found the following review helpful
An outstanding text and reference in the INFOSEC Field,Read more
11 of 12 people found the following review helpful
An excellent text book and reference,
All in all, this is the best general purpose computer security book available. It belongs on the bookshelf of every practicing professional. But you won't want to leave it there - take it down when you need to work in an unfamiliar area. It will help bring you up to... Read more
› See all 41 customer reviews...
Online Sample Chapter
Download the Index from this book.
Download the Foreword from this book.
Table of Contents
Preface xxv Chapter 1: Is There a Security Problem in Computing? 1
1.1 What Does "Secure" Mean? 1
1.2 Attacks 5
1.3 The Meaning of Computer Security 9
1.4 Computer Criminals 21
1.5 Methods of Defense 23
1.6 What's Next 30
1.7 Summary 32
1.8 Terms and Concepts 32
1.9 Where the Field Is Headed 33
1.10 To Learn More 34
1.11 Exercises 34
2.1 Terminology and Background 38
2.2 Substitution Ciphers 44
2.3 Transpositions (Permutations) 55
2.4 Making "Good" Encryption Algorithms 59
2.5 The Data Encryption Standard 68
2.6 The AES Encryption Algorithm 72
2.7 Public Key Encryption 75
2.8 The Uses of Encryption 79
2.9 Summary of Encryption 91
2.10 Terms and Concepts 92
2.11 Where the Field Is Headed 93
2.12 To Learn More 94
2.13 Exercises 94
3.1 Secure Programs 99
3.2 Nonmalicious Program Errors 103
3.3 Viruses and Other Malicious Code 111
3.4 Targeted Malicious Code 141
3.5 Controls Against Program Threats 160
3.6 Summary of Program Threats and Controls 181
3.7 Terms and Concepts 182
3.8 Where the Field Is Headed 183
3.9 To Learn More 185
3.10 Exercises 185
4.1 Protected Objects and Methods of Protection 189
4.2 Memory and Address Protection 193
4.3 Control of Access to General Objects 204
4.4 File Protection Mechanisms 215
4.5 User Authentication 219
4.6 Summary of Security for Users 236
4.7 Terms and Concepts 237
4.8 Where the Field Is Headed 238
4.9 To Learn More 239
4.10 Exercises 239
5.1 What Is a Trusted System? 243
5.2 Security Policies 245
5.3 Models of Security 252
5.4 Trusted Operating System Design 264
5.5 Assurance in Trusted Operating Systems 287
5.6 Summary of Security in Operating Systems 312
5.7 Terms and Concepts 313
5.8 Where the Field Is Headed 315
5.9 To Learn More 315
5.10 Exercises 316
6.1 Introduction to Databases 319
6.2 Security Requirements 324
6.3 Reliability and Integrity 329
6.4 Sensitive Data 335
6.5 Inference 341
6.6 Multilevel Databases 351
6.7 Proposals for Multilevel Security 356
6.8 Data Mining 367
6.9 Summary of Database Security 371
6.10 Terms and Concepts 371
6.11 Where the Field Is Headed 372
6.12 To Learn More 373
6.13 Exercises 373
7.1 Network Concepts 377
7.2 Threats in Networks 396
7.3 Network Security Controls 440
7.4 Firewalls 474
7.5 Intrusion Detection Systems 484
7.6 Secure E-mail 490
7.7 Summary of Network Security 496
7.8 Terms and Concepts 498
7.9 Where the Field Is Headed 500
7.10 To Learn More 502
7.11 Exercises 502
8.1 Security Planning 509
8.2 Risk Analysis 524
8.3 Organizational Security Policies 547
8.4 Physical Security 556
8.5 Summary 566
8.6 Terms and Concepts 567
8.7 To Learn More 568
8.8 Exercises 569
9.1 Making a Business Case 572
9.2 Quantifying Security 578
9.3 Modeling Cybersecurity 589
9.5 Summary 599
9.6 Terms and Concepts 600
9.7 To Learn More 601
9.8 Exercises 601
10.1 Privacy Concepts 604
10.2 Privacy Principles and Policies 608
10.3 Authentication and Privacy 619
10.4 Data Mining 623
10.5 Privacy on the Web 626
10.6 E-mail Security 635
10.7 Impacts on Emerging Technologies 638
10.8 Summary 643
10.9 Terms and Concepts 643
10.10 Where the Field Is Headed 645
10.11 To Learn More 645
10.12 Exercises 646
11.1 Protecting Programs and Data 649
11.2 Information and the Law 663
11.3 Rights of Employees and Employers 670
11.4 Redress for Software Failures 673
11.5 Computer Crime 679
11.6 Ethical Issues in Computer Security 692
11.7 Case Studies of Ethics 698
11.8 Terms and Concepts 714
11.9 To Learn More 714
11.10 Exercises 715
12.1 Mathematics for Cryptography 718
12.2 Symmetric Encryption 730
12.3 Public Key Encryption Systems 757
12.4 Quantum Cryptography 774
12.5 Summary of Encryption 778
12.6 Terms and Concepts 778
12.7 Where the Field Is Headed 779
12.8 To Learn More 779
12.9 Exercises 779
Downloadable Sample Chapter
Download the Sample Chapter from this book.
This book includes free shipping!
This book includes free shipping!
eBook (Adobe DRM)
This eBook requires the free Adobe® Digital Editions software.
Before downloading this DRM-encrypted PDF, be sure to:
- Install the free Adobe Digital Editions software on your machine. Adobe Digital Editions only works on Macintosh and Windows, and requires the Adobe Flash Player. Please see the official system requirements.
- Authorize your copy of Adobe Digital Editions using your Adobe ID. If you don't already have an Adobe ID, you can create one here.
Get access to thousands of books and training videos about technology, professional development and digital media from more than 40 leading publishers, including Addison-Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media, Wrox, Apress, and many more. If you continue your subscription after your 30-day trial, you can receive 30% off a monthly subscription to the Safari Library for up to 12 months. That's a total savings of $199.