Abstract
this handbook provides assistance in securing computer-based resources (including hardware, software, and information) by explaining important concepts, cost considerations, and interrelationships of security controls. It illustrates the benefits of security controls, the major techniques or approaches for each control, and important related considerations.
The handbook provides a broad overview of computer security to help readers understand their computer security needs and develop a sound approach to the selection of appropriate security controls. It does not describe detailed steps necessary to implement a computer security program,provide detailed implementation procedures for security controls, or give guidance for auditing the security of specific systems. General references are provided at teh end of this chapter, and references of \"how-to\" books and articls are provided at the end of each chapter in Part II, II, and IV.
the purpose of this handbook is not to specify requirements but, rather, to discuss the benefits of various computer security controls and situations in which their application may be appropriate. SOme requirements for federal systems are noted in the text. Thsi document provides advice and guidance; no penaltie are stipulated.
Contents
1. Introduction
2. Elements of Computer Security
3. Roles and Responsibilities
4. Common Threats: A Brief Overview
5. Computer Security Policy
6. COmputer Security Program Management
7. Copmuter Security risk management
8. Security and Planning in the Computer System Life Cycle
9. Assurance
10. Personnel/User Issues
11. Preparing for Contingencies and Disasters
12. Computer Security Incident Handling
13. Awareness, Training, and Education
14. Security Considerations in Computer Support Operations
15. Physical and Environmental Security
16. Identification and Authentication
17. Logical Access Control
18. Audit Trails
19. Cryptography
20. Assessing and Mitigating the Risks to a Hypothetical Computer System