In Mathematical Foundations of Public Key Cryptography, the authors integrate the results of more than 20 years of research and teaching experience to help students bridge the gap between math theory and crypto practice. The book provides a theoretical structure of fundamental number theory and algebra knowledge supporting public-key cryptography. Rather than simply combining number theory and modern algebra, this textbook features the interdisciplinary characteristics of cryptography-revealing the integrations of mathematical theories and public-key cryptographic applications. Incorporating the complexity theory of algorithms throughout, it introduces the basic number theoretic and algebraic algorithms and their complexities to provide a preliminary understanding of the applications of mathematical theories in cryptographic algorithms. Supplying a seamless integration of cryptography and mathematics, the book includes coverage of elementary number theory; algebraic structure and attributes of group, ring, and field; cryptography-related computing complexity and basic algorithms, as well as lattice and fundamental methods of lattice cryptanalysis. The text consists of 11 chapters. Basic theory and tools of elementary number theory, such as congruences, primitive roots, residue classes, and continued fractions, are covered in Chapters 1-6. The basic concepts of abstract algebra are introduced in Chapters 7-9, where three basic algebraic structures of groups, rings, and fields and their properties are explained. Chapter 10 is about computational complexities of several related mathematical algorithms, and hard problems such as integer factorization and discrete logarithm. Chapter 11 presents the basics of lattice theory and the lattice basis reduction algorithm-the LLL algorithm and its application in the cryptanalysis of the RSA algorithm. Containing a number of exercises on key algorithms, the book is suitable for use as a textbook for undergraduate students and first-year graduate students in information security programs. It is also an ideal reference book for cryptography professionals looking to master public-key cryptography.

Integer Algorithms in Cryptology and Information Assurance is a collection of the author's own innovative approaches in algorithms and protocols for secret and reliable communication. It concentrates on the "what" and "how" behind implementing the proposed cryptographic algorithms rather than on formal proofs of "why" these algorithms work.The book consists of five parts (in 28 chapters) and describes the author's research results in:This text contains innovative cryptographic algorithms; computationally efficient algorithms for information assurance; new methods to solve the classical problem of integer factorization, which plays a key role in cryptanalysis; and numerous illustrative examples and tables that facilitate the understanding of the proposed algorithms.The fundamental ideas contained within are not based on temporary advances in technology, which might become obsolete in several years. The problems addressed in the book have their own intrinsic computational complexities, and the ideas and methods described in the book will remain important for years to come.

Cyber Crime and Cyber Terrorism Investigator's Handbook is a vital tool in the arsenal of today's computer programmers, students, and investigators. As computer networks become ubiquitous throughout the world, cyber crime, cyber terrorism, and cyber war have become some of the most concerning topics in today's security landscape. News stories about Stuxnet and PRISM have brought these activities into the public eye, and serve to show just how effective, controversial, and worrying these tactics can become. Cyber Crime and Cyber Terrorism Investigator's Handbook describes and analyzes many of the motivations, tools, and tactics behind cyber attacks and the defenses against them. With this book, you will learn about the technological and logistic framework of cyber crime, as well as the social and legal backgrounds of its prosecution and investigation. Whether you are a law enforcement professional, an IT specialist, a researcher, or a student, you will find valuable insight into the world of cyber crime and cyber warfare. Edited by experts in computer security, cyber investigations, and counter-terrorism, and with contributions from computer researchers, legal experts, and law enforcement professionals, Cyber Crime and Cyber Terrorism Investigator's Handbook will serve as your best reference to the modern world of cyber crime.

Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, PRAGMATIC Security Metrics: Applying Metametrics to Information Security breaks the mold. This is the ultimate how-to-do-it guide for security metrics.
Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system" "(a comprehensive suite of metrics) to help:

• Security professionals systematically improve information security, demonstrate the value they are adding, and gain management support for the things that need to be done
• Management address previously unsolvable problems rationally, making critical decisions such as resource allocation and prioritization of security relative to other business activities
• Stakeholders, both within and outside the organization, be assured that information security is being competently managed

The PRAGMATIC approach lets you hone in on your problem areas and identify the few metrics that will generate real business value. The book:

• Helps you figure out exactly "what" needs to be measured, "how" to measure it, and most importantly, "why" it needs to be measured
• Scores and ranks more than 150 candidate security metrics to demonstrate the value of the PRAGMATIC method
• Highlights security metrics that are widely used and recommended, yet turn out to be rather poor in practice
• Describes innovative and flexible measurement approaches such as capability maturity metrics with continuous scales
• Explains how to minimize both measurement and security risks using complementary metrics for greater assurance in critical areas such as governance and compliance

In addition to its obvious utility in the information security realm, the PRAGMATIC approach, introduced for the first time in this book, has broader application across diverse fields of management including finance, human resources, engineering, and production in fact any area that suffers a surplus of data but a deficit of useful information.

Visit Security Metametrics. Security Metametrics supports the global community of professionals adopting the innovative techniques laid out in "PRAGMATIC Security Metrics." If you, too, are struggling to make much sense of security metrics, or searching for better metrics to manage and improve information security, Security Metametrics is the place. http: //securitymetametrics.com/

RC4 Stream Cipher and Its Variants is the first book to fully cover the popular software stream cipher RC4. With extensive expertise in stream cipher cryptanalysis and RC4 research, the authors focus on the analysis and design issues of RC4. They also explore variants of RC4 and the eSTREAM finalist HC-128. After an introduction to the vast field of cryptology, the book reviews hardware and software stream ciphers and describes RC4. It presents a theoretical analysis of RC4 KSA, discussing biases of the permutation bytes toward secret key bytes and absolute values. The text explains how to reconstruct the secret key from known state information and analyzes the RC4 PRGA in detail, including a sketch of state recovery attacks. The book then describes three popular attacks on RC4: distinguishing attacks, Wired Equivalent Privacy (WEP) protocol attacks, and fault attacks. The authors also compare the advantages and disadvantages of several variants of RC4 and examine stream cipher HC-128, which is the next level of evolution after RC4 in the software stream cipher paradigm. The final chapter emphasizes the safe use of RC4. With open research problems in each chapter, this book offers a complete account of the most current research on RC4.

With rapid progress in Internet and digital imaging technology, there are more and more ways to easily create, publish, and distribute images. Considered the first book to focus on the relationship between digital imaging and privacy protection, Visual Cryptography and Secret Image Sharing is a complete introduction to novel security methods and sharing-control mechanisms used to protect against unauthorized data access and secure dissemination of sensitive information.

Image data protection and image-based authentication techniques offer efficient solutions for controlling how private data and images are made available only to select people. Essential to the design of systems used to manage images that contain sensitive data-such as medical records, financial transactions, and electronic voting systems-the methods presented in this book are useful to counter traditional encryption techniques, which do not scale well and are less efficient when applied directly to image files.

An exploration of the most prominent topics in digital imaging security, this book discusses:

• Potential for sharing multiple secrets
• Visual cryptography schemes-based either on the probabilistic reconstruction of the secret image, or on different logical operations for combining shared images
• Inclusion of pictures in the distributed shares
• Contrast enhancement techniques
• Color-image visual cryptography
• Cheating prevention
• Alignment problems for image shares
• Steganography and authentication

In the continually evolving world of secure image sharing, a growing number of people are becoming involved as new applications and business models are being developed all the time. This contributed volume gives academicians, researchers, and professionals the insight of well-known experts on key concepts, issues, trends, and technologies in this emerging field.

An essential resource for anyone preparing for the CIPM certification exam and a career in information privacy As cybersecurity and privacy become ever more important to the long-term viability and sustainability of enterprises in all sectors, employers and professionals are increasingly turning to IAPP's trusted and recognized Certified Information Privacy Manager qualification as a tried-and-tested indicator of information privacy management expertise. In IAPP CIPM Certified Information Privacy Manager Study Guide, a team of dedicated IT and privacy management professionals delivers an intuitive roadmap to preparing for the CIPM certification exam and for a new career in the field of information privacy. Make use of pre-assessments, the Exam Essentials feature, and chapter review questions with detailed explanations to gauge your progress and determine where you're proficient and where you need more practice. In the book, you'll find coverage of every domain tested on the CIPM exam and those required to succeed in your first--or your next--role in a privacy-related position. You'll learn to develop a privacy program and framework, as well as manage the full privacy program operational lifecycle, from assessing your organization's needs to responding to threats and queries. The book also includes: A head-start to obtaining an in-demand certification used across the information privacy industry Access to essential information required to qualify for exciting new career opportunities for those with a CIPM credential Access to the online Sybex learning environment, complete with two additional practice tests, chapter review questions, an online glossary, and hundreds of electronic flashcards for efficient studying An essential blueprint for success on the CIPM certification exam, IAPP CIPM Certified Information Privacy Manager Study Guide will also ensure you hit the ground running on your first day at a new information privacy-related job.

Electronic communication and financial transactions have assumed massive proportions today. But they come with high risks. Achieving cyber security has become a top priority, and has become one of the most crucial areas of study and research in IT. This book introduces readers to perhaps the most effective tool in achieving a secure environment, i.e. cryptography. This book offers more solved examples than most books on the subject, it includes state of the art topics and discusses the scope of future research.

Spectacular security failures continue to dominate the headlines despite huge increases in security budgets and ever-more draconian regulations. The 20/20 hindsight of audits is no longer an effective solution to security weaknesses, and the necessity for real-time strategic metrics has never been more critical. Information Security Management Metrics: A Definitive Guide to Effective Security Monitoring and Measurement offers a radical new approach for developing and implementing security metrics essential for supporting business activities and managing information risk. This work provides anyone with security and risk management responsibilities insight into these critical security questions:How secure is my organization? How much security is enough? What are the most cost-effective security solutions? How secure is my organization? You can't manage what you can't measure This volume shows readers how to develop metrics that can be used across an organization to assure its information systems are functioning, secure, and supportive of the organization's business objectives. It provides a comprehensive overview of security metrics, discusses the current state of metrics in use today, and looks at promising new developments. Later chapters explore ways to develop effective strategic and management metrics for information security governance, risk management, program implementation and management, and incident management and response. The book ensures that every facet of security required by an organization is linked to business objectives, and provides metrics to measure it. Case studies effectively demonstrate specific ways that metrics can be implemented across an enterprise to maximize business benefit. With three decades of enterprise information security experience, author Krag Brotby presents a workable approach to developing and managing cost-effective enterprise information security.

The second edition of the definitive guide to cybersecurity law, updated to reflect recent legal developments The revised and updated second edition of Cybersecurity Law offers an authoritative guide to the key statutes, regulations, and court rulings that pertain to cybersecurity. Written by an experienced cybersecurity lawyer and law professor, the second edition includes new and expanded information that reflects the latest changes in laws and regulations. The book includes material on recent FTC data security consent decrees and data breach litigation. Topics covered reflect new laws, regulations, and court decisions that address financial sector cybersecurity, the law of war as applied to cyberspace, and recently updated guidance for public companies' disclosure of cybersecurity risks. This important guide: Provides a new appendix, with 15 edited opinions covering a wide range of cybersecurity-related topics, for students learning via the caselaw method Includes new sections that cover topics such as: compelled access to encrypted devices, New York's financial services cybersecurity regulations, South Carolina's insurance sector cybersecurity law, the Internet of Things, bug bounty programs, the vulnerability equities process, international enforcement of computer hacking laws, the California Consumer Privacy Act, and the European Union's Network and Information Security Directive Contains a new chapter on the critical topic of law of cyberwar Presents a comprehensive guide written by a noted expert on the topic Offers a companion Instructor-only website that features discussion questions for each chapter and suggested exam questions for each chapter Written for students and professionals of cybersecurity, cyber operations, management-oriented information technology (IT), and computer science, Cybersecurity Law, Second Edition is the up-to-date guide that covers the basic principles and the most recent information on cybersecurity laws and regulations. JEFF KOSSEFF is Assistant Professor of Cybersecurity Law at the United States Naval Academy in Annapolis, Maryland. He was a finalist for the Pulitzer Prize, and a recipient of the George Polk Award for national reporting.

This book is devoted to efficient pairing computations and implementations, useful tools for cryptographers working on topics like identity-based cryptography and the simplification of existing protocols like signature schemes. As well as exploring the basic mathematical background of finite fields and elliptic curves, Guide to Pairing-Based Cryptography offers an overview of the most recent developments in optimizations for pairing implementation. Each chapter includes a presentation of the problem it discusses, the mathematical formulation, a discussion of implementation issues, solutions accompanied by code or pseudocode, several numerical results, and references to further reading and notes. Intended as a self-contained handbook, this book is an invaluable resource for computer scientists, applied mathematicians and security professionals interested in cryptography.

Cryptology is the practice of hiding digital information by means of various obfuscatory and steganographic techniques. The application of said techniques facilitates message confidentiality and sender/receiver identity authentication, and helps to ensure the integrity and security of computer passwords, ATM card information, digital signatures, DVD and HDDVD content, and electronic commerce. Cryptography is also central to digital rights management (DRM), a group of techniques for technologically controlling the use of copyrighted material that is being widely implemented and deployed at the behest of corporations that own and create revenue from the hundreds of thousands of mini-transactions that take place daily on programs like iTunes.
This new edition of our best-selling book on cryptography and information hiding delineates a number of different methods to hide information in all types of digital media files. These methods include encryption, compression, data embedding and watermarking, data mimicry, and scrambling. During the last 5 years, the continued advancement and exponential increase of computer processing power have enhanced the efficacy and scope of electronic espionage and content appropriation. Therefore, this edition has amended and expanded outdated sections in accordance with new dangers, and includes 5 completely new chapters that introduce newer more sophisticated and refined cryptographic algorithms and techniques (such as fingerprinting, synchronization, and quantization) capable of withstanding the evolved forms of attack.
Each chapter is divided into sections, first providing an introduction and high-level summary for those who wish to understand theconcepts without wading through technical explanations, and then presenting concrete examples and greater detail for those who want to write their own programs. This combination of practicality and theory allows programmers and system designers to not only implement tried and true encryption procedures, but also consider probable future developments in their designs, thus fulfilling the need for preemptive caution that is becoming ever more explicit as the transference of digital media escalates.
* Includes 5 completely new chapters that delineate the most current and sophisticated cryptographic algorithms, allowing readers to protect their information against even the most evolved electronic attacks.
* Conceptual tutelage in conjunction with detailed mathematical directives allows the reader to not only understand encryption procedures, but also to write programs which anticipate future security developments in their design.
* Grants the reader access to online source code which can be used to directly implement proven cryptographic procedures such as data mimicry and reversible grammar generation into their own work.

"Safeguard Your Organization's Information!"

Now that information has become the lifeblood of your organization, you must be especially vigilant about assuring it. The hacker, spy, or cyber-thief of today can breach any barrier if it remains unchanged long enough or has even the tiniest leak. In Information Assurance Architecture, Keith D. Willett draws on his over 25 years of technical, security, and business experience to provide a framework for organizations to align information assurance with the enterprise and their overall mission.

"The Tools to Protect Your Secrets from Exposure"

This work provides the security industry with the know-how to create a formal information assurance architecture that complements an enterprise architecture, systems engineering, and the enterprise life cycle management (ELCM). Information Assurance Architecture consists of a framework, a process, and many supporting tools, templates and methodologies. The framework provides a reference model for the consideration of security in many contexts and from various perspectives; the process provides direction on how to apply that framework. Mr. Willett teaches readers how to identify and use the right tools for the right job. Furthermore, he demonstrates a disciplined approach in thinking about, planning, implementing and managing security, emphasizing that solid solutions can be made impenetrable when they are seamlessly integrated with the whole of an enterprise.

"Understand the Enterprise Context"

This book covers many information assurance subjects, including disaster recovery and firewalls. The objective is to present security services and security mechanisms in the context of informationassurance architecture, and in an enterprise context of managing business risk. Anyone who utilizes the concepts taught in these pages will find them to be a valuable weapon in the arsenal of information protection.

The marriage of computers and telecommunications, the integration of these technologies into a multimedia system of communication that has global reach, and the fact that they are available worldwide at low cost seems to be bringing about a fundamental transformation in the way humans communicate and interact. But however much consensus there may be on the growing importance of information technology today, agreement is far more elusive when it comes to pinning down the impact of this development on security issues.This volume focuses on the role of the state in defending against cyber-threats and in securing the information age. The notion that is most uncritically accepted within the overall information security debate is that state power is eroding due to the effects of information and communication technology and that the state is unable to provide security in the information age. This volume challenges the unidimensionality of this statement. Without denying that new challenges for the state have arisen, authors in this volume argue that too much credence is often given to the spectre of an erosion of sovereignty.Written by scholars in international relations, the manuscript is captivating with the significance and actuality of the issues discussed, and the logical, knowledgeable, and engaged manner of presenting the issues. The essays intrigue and provoke with a number of fresh hypotheses, observations, and suggestions and contribute to mapping the diverse layers, actors, approaches, and policies of the cybersecurity realm.

Information Security is usually achieved through a mix of technical, organizational and legal measures. These may include the application of cryptography, the hierarchical modeling of organizations in order to assure confidentiality, or the distribution of accountability and responsibility by law, among interested parties.
The history of Information Security reaches back to ancient times and starts with the emergence of bureaucracy in administration and warfare. Some aspects, such as the interception of encrypted messages during World War II, have attracted huge attention, whereas other aspects have remained largely uncovered.
There has never been any effort to write a comprehensive history. This is most unfortunate, because Information Security should be perceived as a set of communicating vessels, where technical innovations can make existing legal or organisational frame-works obsolete and a breakdown of political authority may cause an exclusive reliance on technical means.
This book is intended as a first field-survey. It consists of twenty-eight contributions, written by experts in such diverse fields as computer science, law, or history and political science, dealing with episodes, organisations and technical developments that may considered to be exemplary or have played a key role in the development of this field.
These include: the emergence of cryptology as a discipline during the Renaissance, the Black Chambers in 18th century Europe, the breaking of German military codes during World War II, the histories of the NSA and its Soviet counterparts and contemporary cryptology. Other subjects are: computer security standards, viruses and worms on the Internet, computer transparency and free software, computer crime, export regulations for encryption software and the privacy debate.
- Interdisciplinary coverage of the history Information Security
- Written by top experts in law, history, computer and information science
- First comprehensive work in Information Security

Despite recent dramatic advances in computer security regarding the proliferation of services and applications, security threats are still major impediments in the deployment of these services. Paying serious attention to these issues, Security in Distributed, Grid, Mobile, and Pervasive Computing focuses on the increasing demand to guarantee privacy, integrity, and availability of resources in networks and distributed systems. A rich and useful presentation of strategies for security issues, the book covers each computing area in separate sections. It first reviews security issues and challenges in content distribution networks, describes key agreement protocols based on the Diffie-Hellman key exchange and key management protocols for complex distributed systems like the Internet, and discusses securing design patterns for distributed systems. The next section focuses on security in mobile computing and wireless networks, covering wireless authentication methods, secure data aggregation, and anonymous routing protocol. After a section on grid computing security, the book presents an overview of security solutions for pervasive healthcare systems and surveys wireless sensor network security. With more and more vital information stored on computers, security professionals need to know how to combat threats and complications. Offering strategies to tackle these issues, this book provides essential security information for researchers, practitioners, educators, and graduate students in the field.

Computer Forensics: Evidence Collection and Management examines cyber-crime, E-commerce, and Internet activities that could be used to exploit the Internet, computers, and electronic devices. The book focuses on the numerous vulnerabilities and threats that are inherent on the Internet and networking environments and presents techniques and suggestions for corporate security personnel, investigators, and forensic examiners to successfully identify, retrieve, and protect valuable forensic evidence for litigation and prosecution. The book is divided into two major parts for easy reference. The first part explores various crimes, laws, policies, forensic tools, and the information needed to understand the underlying concepts of computer forensic investigations. The second part presents information relating to crime scene investigations and management, disk and file structure, laboratory construction and functions, and legal testimony. Separate chapters focus on investigations involving computer systems, e-mail, and wireless devices. Presenting information patterned after technical, legal, and managerial classes held by computer forensic professionals from Cyber Crime Summits held at Kennesaw State University in 2005 and 2006, this book is an invaluable resource for those who want to be both efficient and effective when conducting an investigation.

The Certified Information Security Manager(R)(CISM(R)) certification program was developed by the Information Systems Audit and Controls Association (ISACA(R)). It has been designed specifically for experienced information security managers and those who have information security management responsibilities. The Complete Guide to CISM(R) Certification examines five functional areas-security governance, risk management, information security program management, information security management, and response management.

Presenting definitions of roles and responsibilities throughout the organization, this practical guide identifies information security risks. It deals with processes and technical solutions that implement the information security governance framework, focuses on the tasks necessary for the information security manager to effectively manage information security within an organization, and provides a description of various techniques the information security manager can use. The book also covers steps and solutions for responding to an incident. At the end of each key area, a quiz is offered on the materials just presented. Also included is a workbook to a thirty-question final exam.

Complete Guide to CISM(R) Certification describes the tasks performed by information security managers and contains the necessary knowledge to manage, design, and oversee an information security program. With definitions and practical examples, this text is ideal for information security managers, IT auditors, and network and system administrators.

Examining computer security from the hacker's perspective, Practical Hacking Techniques and Countermeasures employs virtual computers to illustrate how an attack is executed, including the script, compilation, and results. It provides detailed screen shots in each lab for the reader to follow along in a step-by-step process in order to duplicate and understand how the attack works. It enables experimenting with hacking techniques without fear of corrupting computers or violating any laws. Written in a lab manual style, the book begins with the installation of the VMware(R) Workstation product and guides the users through detailed hacking labs enabling them to experience what a hacker actually does during an attack. It covers social engineering techniques, footprinting techniques, and scanning tools. Later chapters examine spoofing techniques, sniffing techniques, password cracking, and attack tools. Identifying wireless attacks, the book also explores Trojans, Man-in-the-Middle (MTM) attacks, and Denial of Service (DoS) attacks. Learn how to secure your computers with this comprehensive guide on hacking techniques and countermeasures By understanding how an attack occurs the reader can better understand how to defend against it. This book shows how an attack is conceptualized, formulated, and performed. It offers valuable information for constructing a system to defend against attacks and provides a better understanding of securing your own computer or corporate network.

Digital rights management (DRM) is a type of server software developed to enable secure distribution - and perhaps more importantly, to disable illegal distribution - of paid content over the Web. DRM technologies are being developed as a means of protection against the online piracy of commercially marketed material, which has proliferated through the widespread use of Napster and other peer-to-peer file exchange programs.
With the flourish of these file exchange programs, content owners, creators and producers need to have a plan to distribute their content digitally and protect it at the same time-a seemingly impossible task. There are numerous books dealing with copyright, eBusiness, the Internet, privacy, security, content management, and related technical subjects. Additionally, there are several research papers, and almost daily newspaper and magazine articles dealing with digital piracy. However, there are only a few books and documents that bring these together as a basis for profitable exchange of digital content. Digital Rights Management can help content providers make money by unifying the confusing array of concepts that swirl around current presentations of DRM in newspapers and business publications.
* Learn from an award winning author and Emmy nominee
* Perfect for the non-technical decision maker, content owner or DRM implementation manager
* Details all the options from legal to technical

The threat that is posed by 'cyber warriors' is illustrated by recent incidents such as the Year 2000 'Millennium bug'. Strategies to reduce the risk that cyber attack poses, at both individual and national level, are described and compared with the actions being taken by a number of Western governments.

Investigators within the law enforcement and cyber forensics communities are generally aware of the concept of steganography, but their levels of expertise vary dramatically depending upon the incidents and cases that they have been exposed to. Now there is a book that balances the playing field in terms of awareness, and serves as a valuable reference source for the tools and techniques of steganography.

The Investigator's Guide to Steganography provides a comprehensive look at this unique form of hidden communication from its earliest beginnings to its most modern uses. The book begins by exploring the past, providing valuable insight into how this method of communication began and evolved from ancient times to the present day. It continues with an in-depth look at the workings of digital steganography and watermarking methods, available tools on the Internet, and a review of companies who are providing cutting edge steganography and watermarking services. The third section builds on the first two by outlining and discussing real world uses of steganography from the business and entertainment to national security and terrorism. The book concludes by reviewing steganography detection methods and what can be expected in the future.

It is an informative and entertaining resource that effectively communicates a general understanding of this complex field.

Most businesses are aware of the danger posed by malicious network intruders and other internal and external security threats. Unfortunately, in many cases the actions they have taken to secure people, information and infrastructure from outside attacks are inefficient or incomplete. Responding to security threats and incidents requires a competent mixture of risk management, security policies and procedures, security auditing, incident response, legal and law enforcement issues, and privacy.

Critical Incident Management presents an expert overview of the elements that organizations need to address in order to prepare for and respond to network and information security violations. Written in a concise, practical style that emphasizes key points, this guide focuses on the establishment of policies and actions that prevent the loss of critical information or damage to infrastructure.

CTOs, CFOs, Chief Legal Officers, and senior IT managers can rely on this book to develop plans that thwart critical security incidents. And if such incidents do occur, these executives will have a reference to help put the people and procedures in place to contain the damage and get back to business.

Computer Security, Third Edition contains the best ideas on recent advances in computer hardware and the spread of personal computer technology. It includes a complete and comprehensive introduction to computer security, as well as coverage of computer crime, systems security, and cryptology. Convinced that there is no such thing as computer security, only various degrees of insecurity, John Carroll presents the best concepts that high technology, classical security practice, and common sense have to offer to help reduce insecurity to the lowest possible level. This thoroughly enhanced third edition is an essential text for everyone involved with the operation and security of the computer complexes that are the heart of today's businesses. In addition to completely updating the original matter, Computer Security, Third Edition includes new information on: computer crime and the law; physical security; communications; surveillance; and risk management.