RISS 학술연구정보서비스

검색
다국어 입력

http://chineseinput.net/에서 pinyin(병음)방식으로 중국어를 변환할 수 있습니다.

변환된 중국어를 복사하여 사용하시면 됩니다.

예시)
  • 中文 을 입력하시려면 zhongwen을 입력하시고 space를누르시면됩니다.
  • 北京 을 입력하시려면 beijing을 입력하시고 space를 누르시면 됩니다.
닫기
    인기검색어 순위 펼치기

    RISS 인기검색어

      Information security handbook

      한글로보기

      https://www.riss.kr/link?id=M361177

      • 저자
      • 발행사항

        New York : Stockton Press ; Houndmills, Basingstoke : Macmillan, 1991

      • 발행연도

        1991

      • 작성언어

        영어

      • ISBN

        0333511727
        1561590185 (U.S.)

      • 자료형태

        일반단행본

      • 발행국(도시)

        New York(State)

      • 서명/저자사항

        Information security handbook / William Caelli, Dennis Longley, Michael Shain.

      • 형태사항

        xxxi, 833 p. : ill. ; 24 cm.

      • 소장기관
        • 강남대학교 도서관 소장기관정보
        • 강원대학교 도서관 소장기관정보
        • 경북대학교 중앙도서관 소장기관정보
        • 경성대학교 도서관 소장기관정보
        • 광운대학교 중앙도서관 소장기관정보
        • 광주대학교 도서관 소장기관정보
        • 국립중앙도서관 국립중앙도서관 우편복사 서비스
        • 대구대학교 학술정보원 소장기관정보
        • 서울대학교 중앙도서관 소장기관정보 Deep Link
        • 세종대학교 도서관 소장기관정보
        • 숭실대학교 도서관 소장기관정보
        • 아주대학교 도서관 소장기관정보
        • 연세대학교 학술문화처 도서관 소장기관정보 Deep Link
        • 우석대학교 중앙도서관 소장기관정보
        • 인천대학교 학산도서관 소장기관정보
        • 전남대학교 중앙도서관 소장기관정보
        • 청주대학교 도서관 소장기관정보
        • 한국외국어대학교 글로벌캠퍼스 도서관 소장기관정보
        • 한국외국어대학교 서울캠퍼스 도서관 소장기관정보
        • 홍익대학교 세종캠퍼스 문정도서관 소장기관정보
      • 0

        상세조회
      • 0

        다운로드
      서지정보 열기
      • 내보내기
      • 내책장담기
      • 공유하기
      • 오류접수

      부가정보

      목차 (Table of Contents)

      • CONTENTS
      • Preface = xxv
      • Acknowledgements = xxvit
      • Author Profiles = xxix
      • 1 An Overview of Security / Michael Shain = 1
      • CONTENTS
      • Preface = xxv
      • Acknowledgements = xxvit
      • Author Profiles = xxix
      • 1 An Overview of Security / Michael Shain = 1
      • 1 Information At Risk = 1
      • 2 The Nature of Security = 5
      • 3 Management Controls and Countermeasures = 7
      • 4 Balancing Risks Against Vulnerabilities, Threats and Countermeasures = 9
      • 5 Technical Controls = 12
      • 5.1 Secure Operating Systems = 14
      • 5.2 Encryption and Decryption = 16
      • 5.3 Network and Communications Security = 18
      • 5.4 Security of Stored Data and Programs = 20
      • 6 Conclusion = 23
      • References = 25
      • 2 Security Management and Policy / Paul Dorey = 27
      • 1 Introduction = 27
      • 2 The Management Challenge of Security = 27
      • 2.1 How Should Security be Managed? = 28
      • 2.2 How Much Security is Needed? = 28
      • 2.2.1 The Culture and Direction of the Company = 28
      • 2.2.2 Industry Practice = 29
      • 2.2.3 Legal Requirements = 30
      • 2.2.4 Auditors and Regulators = 31
      • 2.3 True Business Impact = 31
      • 3 Policy = 31
      • 3.1 What is the Function of a Corporate Information Security Policy? = 31
      • 3.2 What Should the Policy Contain? = 32
      • 3.3 A Confusion of Terms = 33
      • 3.4 How to Create a Policy? = 35
      • 4 The Security Organisation = 35
      • 4.1 Where Should the Information Security Function Report? = 36
      • 4.1.1 Information Security within the Information Systems (I.S.) function = 37
      • 4.1.2 Information Security within the Corporate Security function = 37
      • 4.1.3 Information Security within the Internal Audit function = 38
      • 4.1.4 Combining the Options = 39
      • 4.1.5 Security Review Committee = 39
      • 4.2 Staffing, Roles and Responsibilities = 39
      • 4.2.1 What does the Information Security Function Do? = 40
      • 4.2.2 What Skills are Required? = 41
      • 5 Personnel Issues = 42
      • 5.1 Motivation = 42
      • 5.1.1 A Test = 43
      • 5.1.2 Maslow's Hierarchy of Needs = 43
      • 5.1.3 Staff in Key Positions = 45
      • 5.1.4 Motivation in Practice = 45
      • 5.2 Recruitment and Staff Selection = 46
      • 5.2.1 Employment History and Reference Taking = 46
      • 5.2.2 Interviews = 48
      • 5.2.3 Psychometric Assessment = 48
      • 5.2.4 Handwriting Analysis = 48
      • 5.3 Personnel Issues Once In Employment = 49
      • 5.3.1 Clearly Defined Duties = 49
      • 5.3.2 Segregation of Duties = 49
      • 5.3.3 The 'Four Eyes' (Two-person) Principle = 49
      • 5.3.4 The Rotation of Duties = 50
      • 5.3.5 'Key Man' Policies = 50
      • 5.4 Termination Procedures = 50
      • 5.5 Non Staff Members = 51
      • 5.5.1 Contractors and Consultants = 51
      • 5.5.2 Visitors = 52
      • 5.6 Security Environment = 52
      • 5.6.1 Setting a Good Example = 52
      • 5.6.2 Pay = 52
      • 5.6.3 Confessional = 53
      • 5.6.4 The Need for Security Training and Awareness = 53
      • 6 The Concept of Responsibility in Security = 54
      • 6.1 Ownership = 54
      • 6.2 Custodianship = 55
      • 6.3 Control = 55
      • 6.4 System User = 55
      • 6.5 Accounting = 56
      • 7 Managing Controls and Countermeasures = 56
      • 7.1 Selecting the 'Right' Countermeasures = 56
      • 7.1.1 What is the Integrity of the Countermeasure? = 57
      • 7.1.2 Acceptability of Countermeasures = 58
      • 7.1.3 Balancing Security and Cost = 60
      • 8 The Administration and Management of Security Systems = 61
      • 8.1 The Mal-administration of Security Systems = 61
      • 8.1.1 Problem 1: Installation = 61
      • 8.1.2 Problem 2: Configuration = 62
      • 8.1.3 Problem 3: Maintenance = 62
      • 8.1.4 Problem 4: Administration = 62
      • 8.1.5 Problem 5: Monitoring = 63
      • 8.2 Future Directions in Automating Security Management = 65
      • 8.2.1 Package Installation/Configuration = 65
      • 8.2.2 Integrated Administration = 65
      • 8.2.3 Automated Monitoring = 65
      • 8.2.4 Summary = 66
      • 9 Security Strategies = 66
      • 10 In Conclusion = 67
      • Appendix 1 - Sample Security Policy = 68
      • References = 74
      • 3 Risk Management / Alison Anderson ; Michael Shain = 75
      • 1 Introduction = 75
      • 1.1 The Elements of Risk = 76
      • 1.2 Computer Security Risk = 78
      • 2 Definition of Terms = 81
      • 2.1 Methodology = 81
      • 2.2 Locating and Identifying Assets = 81
      • 2.3 Asset Value = 83
      • 2.4 Impacts = 83
      • 2.5 Threats = 83
      • 2.6 Vulnerability = 84
      • 2.7 Asset Loss Exposures = 84
      • 2.8 Safeguards (Countermeasures) = 84
      • 2.9 Cost-Benefit Analysis = 85
      • 2.10 'Qualitative' versus 'Quantitative' Risk Estimation = 85
      • 3 The Risk Analysis Task = 85
      • 3.1 The Origins of Information Systems Risk = 85
      • 3.2 The Risk Analysis Task in a Business Perspective = 87
      • 3.3 Summary = 88
      • 4 EDP Auditing and Risk Analysis = 88
      • 5 A Survey of Current Approaches to Risk Modelling = 90
      • 5.1 'Asset-driven' Techniques and Annualised Loss Exposure = 91
      • 5.2 Calculating Annualised Asset Loss Exposures an example = 94
      • 5.3 Methodologies Oriented towards Business Functions = 98
      • 5.4 'Vulnerability-Driven' Techniques: Fault Logic and Event Trees = 100
      • 5.5 Uncertainty Handling = 100
      • 5.6 Summary = 101
      • 6 Distinct Problem Areas in Risk Analysis = 101
      • 6.1 The Adverse Influence of the FIPS Guidelines = 101
      • 6.2 Why Risk Analysis is Performed Inadequately = 102
      • 6.3 Identification of Problem Areas in Risk Analysis Methodologies = 103
      • 6.4 Environment Modelling and New Methodologies = 104
      • 7 Evaluating Risk Analysis Software and Methodologies = 105
      • 8 The New Generation of Risk Analysis and Management Tools = 107
      • 9 Towards a Standard for Risk Analysis = 108
      • Appendix 1: CRAMM = 110
      • Summary = 110
      • 1 Origins and Objectives of CRAMM = 110
      • 2 The CRAMM Framework = 111
      • 3 The Risk Model in CRAMM = 112
      • 4 Asset Evaluation in CRAMM = 113
      • 5 The Stages of a CRAMM Project = 114
      • 6 CRAMM's Automated Tools = 120
      • 7 Conclusion = 122
      • Appendix 2: Methodology and Software List = 123
      • References and Bibliography = 124
      • 4 Contingency Planning and Damage Avoidance / Paul Dorey = 129
      • 1 Scope and Purpose of this Chapter = 129
      • 1.1 What can Happen? = 130
      • 1.2 What Does a Contingency Plan Achieve? = 130
      • 1.3 Definitions = 131
      • 1.3.1 Interruption = 131
      • 1.3.2 Continuity = 131
      • 1.3.3 Disaster = 131
      • 1.3.4 Crisis = 131
      • 1.3.5 Survival = 132
      • 1.3.6 Recovery = 132
      • 1.3.7 Failure = 132
      • 1.3.8 Resilience = 132
      • 1.3.9 Contingency = 132
      • 1.3.10 Backup = 132
      • 2 The Impact of Business Interruption = 132
      • 2.1 Business Losses = 133
      • 2.2 Legal Obligations = 133
      • 2.3 Long Term Impacts = 134
      • 3 Business Continuity Planning = 134
      • 3.1 Establishing the Framework = 134
      • 3.1.1 Overall Business Priorities = 134
      • 3.1.2 Who Plans? = 135
      • 3.1.3 Who Manages the Crisis? = 136
      • 3.2 The Planning Process = 137
      • 3.2.1 Planning Methodology = 137
      • 3.2.2 Business Impact Assessment = 138
      • 3.2.3 Service level agreements = 139
      • 3.2.4 Preparation = 141
      • 3.2.5 What the Plan Should Contain = 141
      • 4 Contingency and Resilience Options = 143
      • 4.1 Business Contingency Options = 143
      • 4.1.1 Buildings and Building Facilities = 143
      • 4.1.2 Staff = 143
      • 4.1.3 Paper Records and Forms = 143
      • 4.1.4 Means of Communication = 144
      • 4.1.5 Storage = 144
      • 4.2 Computer Systems Contingency Options = 145
      • 4.2.1 Some Different Types of Facility = 145
      • 4.2.2 Where to Get the Facilities = 145
      • 4.3 Computer Systems Resilience Options = 148
      • 4.3.1 Redundancy and Duplication = 148
      • 4.3.2 Additional Capacity = 148
      • 4.3.3 Future Developments = 149
      • 4.4 Communications Systems Resilience Options = 149
      • 4.5 Designing in the Continuity Requirement at the Outset = 150
      • 5 Backup = 150
      • 5.1 Off-Site Backup = 150
      • 5.1.1 In-house Backup = 151
      • 5.1.2 Third Party Backup = 151
      • 5.2 Mainframe/Minicomputer Backup Options = 151
      • 5.3 Personal Computer Backup Options = 151
      • 5.4 Mirroring, Vaulting and Remote Databases = 152
      • 5.5 Additional Security Vulnerabilities = 153
      • 6 The Importance of Testing and Maintaining Plans = 153
      • 7 Insurance = 154
      • 7.1 Available Policies = 154
      • 7.2 The Correct Role of Insurance = 155
      • 7.3 How to Determine the Level of Cover Needed = 156
      • 8 When the Worst Happens = 157
      • 8.1 Actioning/Invoking the Plan = 157
      • 8.1.1 Notification = 158
      • 8.1.2 Verification = 158
      • 8.1.3 Activation = 158
      • 8.2 Crisis Management Practicalities = 158
      • 8.2.1 Clarity of Instructions = 158
      • 8.2.2 Speed of Communication = 158
      • 8.2.3 Awareness = 159
      • 8.2.4 Different Plans = 159
      • 8.3 Corporate Co-orination = 159
      • 8.4 Human Factors in a Disaster = 159
      • 8.5 Additional Security Exposures Introduced = 160
      • 9 Protection and Damage Avoidance = 161
      • 9.1 Physical Access Control = 161
      • 9.2 Fire = 164
      • 9.2.1 Protection Through Building Construction = 164
      • 9.2.2 Procedures = 165
      • 9.2.3 Fire and Smoke Detection = 166
      • 9.2.4 Fire Extinguishing Systems = 166
      • 9.3 Flood = 168
      • 9.3.1 Building Location = 168
      • 9.3.2 Structural Design = 168
      • 9.3.3 Water Detection = 168
      • 9.3.4 Other measures = 169
      • 9.4 Loss of Power = 169
      • 9.4.1 Location = 169
      • 9.4.2 Uninterruptable Power Supply = 169
      • 9.4.3 Generators = 170
      • 9.4.4 Electrical Plant Design = 170
      • 9.5 Physical Protection = 170
      • 10 Action Plan = 171
      • 11 Conclusion = 171
      • Appendix Ⅰ Sample Contents List From a Business Continuity Plan = 172
      • Appendix Ⅱ Counting the True Cost = 173
      • References = 177
      • 5 Information Security and the Law / Ian Walden = 179
      • 1 Introduction = 179
      • 1.1 What is the nature of the legal issues raised by information security? = 179
      • 1.2 What legal status does information possess? = 180
      • 1.3 How is this chapter structured? = 181
      • 2 Legislative Solutions = 182
      • 2.1 Data Protection and Privacy = 182
      • 2.1.1 Definition = 182
      • 2.1.2 Principles/Features = 183
      • 2.1.3 Security Requirements = 184
      • 2.1.4 Non-personal data = 185
      • 2.1.5 Future Trends = 185
      • 2.1.6 International Equivalency = 186
      • 2.2 Transborder Data Flow = 187
      • 2.3 Computer Crime Legislation = 189
      • 2.4 Intellectual Property Rights = 192
      • 2.4.1 Patent and Copyright Law = 193
      • 2.4.2 Semiconductor Protection = 195
      • 2.4.3 Trade Secrets Law and Confidentiality = 196
      • 2.5 Security Legislation = 198
      • 2.6 Electronic Funds Transfer (EFT) = 200
      • 2.7 International Aspects = 200
      • 3 Contractual Solutions = 201
      • 3.1 Electronic Trading: (a) Trading Partner Contracts = 202
      • 3.1.1 Scope = 205
      • 3.1.2 User Manual = 206
      • 3.1.3 Liability and Insurance = 206
      • 3.1.4 Security, Confidentiality and Integrity = 206
      • 3.1.5 Verification, Acknowledgement, Confirmation and Action = 207
      • 3.1.6 Storage and Evidence = 208
      • 3.1.7 Third Parties = 208
      • 3.2 Electronic Trading: (b) Service Povider Contracts = 209
      • 3.2.1 Data Control and Ownership = 209
      • 3.2.2 Confidentiality and Security = 209
      • 3.2.3 Audit = 210
      • 3.2.4 Warranties and Liabilities = 210
      • 3.2.5 Internetwork Connections = 211
      • 3.2.6 Termination = 212
      • 3.3 Hardware Contracts = 212
      • 3.3.1 Intellectual Property Rights = 212
      • 3.3.2 Benchmarking and pre-acceptnce tests = 213
      • 3.3.3 Maintenance Agreements = 213
      • 3.3.4 Warranty = 213
      • 3.4 Software Contracts = 214
      • 3.4.1 Escrow Agreements = 214
      • 3.4.2 Intellectual Property Rights = 215
      • 3.4.3 Warranties = 215
      • 3.4.4 'Virus Clauses' = 216
      • 3.4.5 Benchmarking and pre-acceptance tests = 217
      • 3.5 Personnel Contracts = 217
      • 3.5.1 The Employment Relationship = 217
      • 3.5.2 Ownership of work = 218
      • 3.5.3 Ownership of intellectual property rights = 218
      • 3.5.4 Confidential Information and Trade Secret Protection = 219
      • 3.5.5 Restraint of Trade Clauses = 220
      • 3.5.6 Employment Contract = 221
      • 3.6 Liability Issues = 222
      • 3.6.1 Tortious Liability = 223
      • 3.6.2 Contractual Liability = 224
      • 3.6.3 Statutory Liability = 224
      • 4 Evidential Issues = 225
      • 4.1 Admissibility = 225
      • 4.2 Authentication = 227
      • 4.3 Audit = 229
      • 5 International Activity = 231
      • 5.1 The Organisation for Economic Cooperation and Development (OECD) = 231
      • 5.2 United Nations Commission on International Trade Law (UNCITRAL) = 232
      • 5.3 The ouncil of Europe(COE) = 232
      • 5.4 The European Economic Community(EEC) = 234
      • 6 Conclusion = 236
      • 7 Further Reading = 238
      • 6 Monitoring and Audit Control / Ken Slater = 239
      • 1 Introduction = 239
      • 2 Internal Audit = 240
      • 3 EDP Controls = 242
      • 4 The Application System Audit = 245
      • 4.1 Define Objectives and Scope of the Audit = 245
      • 4.2 Develop Understanding of, and Document, the System = 246
      • 4.3 Identify and Evaluate Controls = 246
      • 4.4 Design and Perform Audit Tests = 246
      • 4.5 Reporting and follow-up = 247
      • 5 Computer Audit Techniques = 248
      • 5.1 Tailor-Made Programs = 249
      • 5.2 Computer Audit Enquiry Packages = 249
      • 5.2.1 Advantages of Packaged Audit Software = 250
      • 5.2.2 Disadvantages of Packaged Audit Software = 250
      • 5.2.3 Audit Features = 250
      • 5.3 General Computer Software = 253
      • 5.4 Integrated Audit Monitors (See Figure 6.4) = 253
      • 5.5 Program Comparison Utilities (See Figure 6.5) = 254
      • 5.6 Logic Path Analysis Programs = 254
      • 5.7 Test Data (Figure 6.6) = 254
      • 5.8 Development and debugging tools = 256
      • 5.9 Parallel Simulation (Figure 6.7) = 256
      • 5.10 Program Auditing = 257
      • 5.11 Job Accounting Data Analysis Software = 258
      • 6 Internal Audit in Systems Development = 258
      • 7 Quality Assurance in I.T. Projects = 260
      • 8 Control of System Maintenance and Enhancement = 260
      • 8.1 Change in Real-Time Systems = 261
      • 8.2 The Auditors View of Change Control = 262
      • 9 Audit - I.T. Relationship = 262
      • 10 External Audit = 263
      • 11 The U.S. Experience = 264
      • 12 The Information Security Officer = 265
      • 12.1 The Duties of the Security Officer = 268
      • 13 The Security Review = 268
      • 13.1 Familiarisation = 269
      • 13.2 Identification of Threats = 270
      • 13.3 Risk Evaluation = 270
      • 13.4 Evaluation of Existing Protection = 271
      • 13.5 Assessment of Weaknesses = 275
      • 13.6 Recommendations for Improvement = 275
      • 14 Risk Analysis Software = 275
      • 15 Personnel Security = 276
      • 16 Security Implications of UK Regulations = 277
      • 17 Auditing the Security Function = 281
      • 18 The Law and Computer Security = 282
      • 18.1 Unauthorised Access to Computer Systems = 282
      • 18.2 Applicability of Current Laws = 284
      • 18.3 Risks and Consequences = 285
      • 19 An Audit View of Systems Programming = 286
      • 19.1 Control of Key Staff = 287
      • 19.2 Control of Dangerous Utilities = 288
      • 19.3 Remote Maintenance = 288
      • 19.4 Security of Associated Documentation = 289
      • 19.5 Expected Controls = 289
      • 19.6 The Internal Audit Activities = 291
      • 20 The 1990s-A Challenge to Auditors = 294
      • 20.1 Micro-Mainframe Links = 295
      • 20.2 Local Area Networks (LANs) = 296
      • 20.3 VADs and VANs = 297
      • 20.4 Fourth Generation Languages (4GLs) = 298
      • 21 The Auditor's Limitations = 300
      • Appendix 1 Audit Enquiry Software Checklist = 301
      • Appendix 2 I.T. Installation Audit Checklist = 304
      • 1 Organisation and Personnel = 305
      • 2 Departmental Control = 306
      • 3 Physical Security = 307
      • 4 Disaster Recovery = 308
      • 5 Computer Operations = 310
      • 6 Media Library = 312
      • 7 Data Control = 313
      • 8 Insurance = 314
      • 9 Systems Development and Maintenance = 314
      • 10 Security Officer = 315
      • 11 Terminal Controls = 315
      • 12 Communications = 315
      • 7 Applications and Theory of Cryptography / Dennis Longley ; Ed Dawson ; William Caelli = 317
      • 1 Applications of Cryptography = 317
      • 1.1 Introduction = 317
      • 1.2 Principles of the Application of Cryptography = 318
      • 1.2.1 Overview = 318
      • 1.2.2 Attacks on Cipher Systems = 322
      • 1.2.3 Block and Stream Ciphers = 324
      • 1.2.4 Public Key Ciphers = 326
      • 1.3 Privacy = 328
      • 1.4 Integrity = 333
      • 1.4.1 Accidental Corruption of Data = 333
      • 1.4.2 Checksums to Counter Malicious Corruption of Data = 334
      • 1.4.3 Message Authentication Codes = 336
      • 1.4.4 Replay Attacks = 338
      • 1.5 Authentication = 339
      • 1.5.1 Overview = 339
      • 1.5.2 Digital Signatures = 340
      • 1.5.3 Authentication Services-User Identification = 345
      • 1.5.4 Combining Authenticity and Integrity with Privacy = 348
      • 1.6 Key Management = 348
      • 1.6.1 Introduction = 348
      • 1.6.2 Key Generation-Symmetric Ciphers = 349
      • Asymmetric Ciphers = 351
      • 1.6.3 Protection and Destruction = 352
      • Protection-Symmetric Ciphers = 352
      • Protection-Asymmetric Ciphers = 353
      • Destruction = 354
      • 1.6.4 Distribution of Cryptographic Keys = 354
      • Overview = 354
      • Master Session Key Systems = 357
      • Tagged Key Management Schemes = 364
      • Key Distribution and Translation Centres = 365
      • Transaction Key Schemes-Overview = 369
      • Determination of Transaction Keys = 371
      • Messages = 374
      • Other Card Data = 375
      • Terminal Initialisation = 375
      • Public Key Schemes Overview = 376
      • A Public Key Cipher Key Management Scheme = 378
      • 1.7 Conclusions = 380
      • 2 Theory of Cryptology = 381
      • 2.1 Introduction to Cryptology = 381
      • 2.1.1 Overview = 381
      • 2.1.2 Elementary Cryptography = 382
      • 2.1.3 Elementary Cryptanalysis = 383
      • 2.2 Classes of Codes and Cipher Systems = 386
      • 2.3 Classical Ciphers = 388
      • 2.3.1 Overview = 388
      • 2.3.2 Simple Substitution Ciphers = 388
      • 2.3.3 Transposition Ciphers = 388
      • 2.3.4 Polyalphabetic Substitution Ciphers = 389
      • 2.3.5 Product Ciphers = 390
      • 2.3.6 One-Time Pad = 390
      • 2.4 Stream Ciphers = 391
      • 2.4.1 Introduction = 391
      • 2.4.2 Cryptography of Stream Ciphers = 392
      • 2.4.3 Cryptanalysis of Stream Ciphers = 394
      • 2.4.4 Applications of Stream Ciphers = 395
      • 2.5 Symmetric Block Ciphers = 397
      • 2.5.1 Cryptography of Symmetric Block Ciphers = 397
      • 2.5.2 Public Symmetric Block Ciphers = 399
      • The Feistel Cipher = 399
      • DES Cipher = 400
      • Modified Forms of DES Ciphers = 407
      • FEAL = 408
      • 2.5.3 Modes of Operation = 409
      • Overview = 409
      • Electronic Codebook Mode (ECB) = 409
      • Output Feedback Mode (OFB) = 411
      • 2.5.4 Cipher Feedback Cipher Modes = 412
      • Cipher Block Chaining Mode = 412
      • Cipher Feedback Mode = 414
      • Applications of Cipher Block Chaining and Cipher Feedback Modes = 414
      • 2.6 Public Key Ciphers = 416
      • 2.6.1 Overview = 416
      • 2.6.2 RSA Algorithm = 419
      • Primes and Greatest Common Divisor = 419
      • Modular Arithmetic = 419
      • Exponentiation in Modular Arithmetic = 420
      • RSA = 421
      • 2.6.3 Knapsack Public Key Cipher = 423
      • 2.6.4 Discrete Log Cipher Systems = 426
      • Galois Fields = 426
      • The Discrete Log Problem = 428
      • Diffie-Hellman Public Key Exchange Algorithm = 428
      • Massey Omura Cipher System = 429
      • El Gamal Public Key Cipher = 430
      • 2.6.5 Elliptic Curve Ciphers = 432
      • Analog of Diffie-Hellman = 432
      • Analog of Massey-Omura = 432
      • Analog of El Gamal = 433
      • 2.7 Other Crypographic Techniques = 433
      • 2.7.1 Threshold Schemes = 433
      • 2.7.2 Speech Scrambling = 434
      • 2.7.3 Zero-Knowledge Proofs = 436
      • Appendix A: Number Theory = 438
      • A.1 Divisibility and the Euclidean Algorithm = 438
      • A.2 Modular Arithmetic = 439
      • Appendix B: Finite Fields = 443
      • B.1 Introduction = 443
      • B.2 Binary Polynomials = 444
      • B.3 Galois Field GF (2n) = 445
      • Appendix C: Elliptic Curves = 449
      • References = 451
      • 8 Access Control / Dennis Longley = 455
      • 1 Introduction to Access Control = 455
      • 1.1 Overview = 455
      • 1.2 Processes involved in Access Control = 456
      • 1.2.1 Allocation of Privileges = 456
      • 1.2.2 Administration of Privileges = 457
      • 1.2.3 Identification and Authentication of Users = 458
      • 1.2.4 Monitoring Accesses = 459
      • 1.2.5 Type of Access = 460
      • 1.2.6 Prevention of Unauthorised Access = 461
      • 1.2.7 Revocation of Access Privileges = 461
      • 2 Physical and Logical Access Control = 462
      • 3 Identification and Authentication of the User = 463
      • 3.1 Overview = 463
      • 3.2 Something the User Knows = 465
      • 3.2.1 Overview = 465
      • 3.2.2 Passwords = 470
      • 3.2.3 PIN Management = 475
      • 3.2.4 One Shot Passwords = 484
      • 3.3 Something the User Has = 485
      • 3.3.1 Overview = 485
      • 3.3.2 Magnetic Stripe Card = 489
      • 3.3.3 Password Generators = 493
      • 3.3.4 Smart Cards = 497
      • Development of Small Cards = 498
      • Technology of Smart Cards = 499
      • Standards = 501
      • Application of Smart Cards = 505
      • Electronic Purse = 505
      • Banking Transactions = 506
      • Access Control = 507
      • Personalised File = 509
      • Personalised Encryption Device = 509
      • Electronic Data Interchange = 510
      • Future Trends = 510
      • 3.4 Something the User Is = 513
      • 3.4.1 Overview = 513
      • 3.4.2 Fingerprint Scanners = 517
      • 3.4.3 Written Signature Verifiers = 519
      • 3.4.4 Miscellaneous Biometric Systems = 520
      • 4 Monitoring = 522
      • 4.1 Introduction = 522
      • 4.2 Audit Records = 523
      • 4.2.1 Overview = 523
      • 4.2.2 Intrusion Detection Models = 525
      • 5 Prevention of Unauthorised Access = 528
      • 5.1 Introduction = 528
      • 5.2 Deterrence = 528
      • 5.3 Bypassing and Attacking, an Access Control System = 530
      • 6 Operating System Access Control = 531
      • 6.1 Overview = 531
      • 6.2 A Typical Software Access Control System = 533
      • 6.2.1 Overview = 533
      • 6.2.2 Administration = 534
      • 6.3 UNIX Security = 536
      • 6.3.1 Overview = 536
      • 6.3.2 UNIX Access Control = 536
      • References = 544
      • 9 Security of Stored Data and Programs / Dennis Longley = 545
      • 1 Introduction = 545
      • 2 Database Security = 546
      • 2.1 Introduction = 546
      • 2.2 High Quality Database Service to Users = 548
      • 2.3 Security of a Conventional Database against Malicious Attack = 550
      • 2.4 Inference Control = 556
      • 2.4.1 Overview = 556
      • 2.4.2 Restriction on the Set of Allowable Queries = 558
      • 2.4.3 Perturbation Techniques = 561
      • 2.5 Multilevel Database Security = 563
      • 2.5.1 Introduction = 563
      • 2.5.2 Secure Compartment Systems = 569
      • 2.5.3 Integrity Locking = 570
      • 2.5.4 Denning Relational Model = 573
      • Views Model = 573
      • 1977 Model = 579
      • Integrity Rules = 581
      • Polyinstantiation = 583
      • Decomposition = 587
      • 3 Malicious Code = 589
      • 3.1 Introduction = 589
      • 3.2 Taxonomy of Malicious Code = 590
      • 3.2.1 Overview = 590
      • 3.2.2 Trojan Horse = 591
      • 3.2.3 Time Bomb/Logic Bomb = 593
      • 3.2.4 Miscellaneous = 594
      • 3.2.5 Virus/Worm = 595
      • 3.3 Viruses = 596
      • 3.3.1 Early work on Viruses = 596
      • 3.3.2 Types of Viruses = 599
      • Overview = 599
      • Overwriting Viruses = 601
      • Non-overwriting Viruses = 601
      • Source Code Viruses = 602
      • Memory Resident Viruses = 604
      • Personal Computer Viruses = 607
      • 3.3.3 Anti-Viral Measures = 608
      • 3.4 Worms = 612
      • 3.4.1 Introduction = 612
      • 3.4.2 Operation of the Morris Worm-Overview = 613
      • Attack = 614
      • Defence = 618
      • Population Control = 619
      • 3.4.3 Lessons of the Worm = 620
      • References = 622
      • Appendix-The 'Brain' Virus = 623
      • 10 Communications Security / William Caelli ; Alan Tickle = 649
      • 1 Introduction = 649
      • 2 Scope of Corporate Telecommunications = 650
      • 2.1 Profiles of Telecommunications Services = 650
      • 2.2 Communications Network Elements = 652
      • 2.3 Communications Architectures = 653
      • 2.4 Telecommunications Network Services = 657
      • 2.5 Distinguishing Characteristics = 658
      • 3 Risk Assessment and Risk Management = 659
      • 3.1 Asset Identification and Valuation = 660
      • 3.2 Peril Identification; Threat/Vulnerability Identification and Assessment = 661
      • 3.3 Specific Threats to Communications Networks = 662
      • 3.4 Risk Management = 663
      • 4 Architectures for Communications Security = 664
      • 4.1 Security Services = 665
      • 4.2 Security Mechanisms = 666
      • 4.3 Relationship between Services and Mechanisms = 668
      • 4.4 Management Aspects of Security in OSI Based Networks and Systems Security Policies = 674
      • 4.5 Security Services and Measures Outside the Scope of the OSI Model = 675
      • 4.6 Management of Cryptographic Keys = 675
      • 4.7 Other Approaches to Communications Network Security = 677
      • 5 Security in Electronic Data Interchange = 678
      • 5.1 EDI Architecture = 678
      • 5.2 EDI Security Issues = 680
      • 5.3 EDI Security Implementation = 682
      • 6 Security of Computer Systems with PSTN Access = 685
      • 7 Facsimile Systems Security = 687
      • 8 Local Area Network Security = 688
      • 9 Security for Cable and Satellite TV = 692
      • 10 ISDN Security = 694
      • 11 Security in Electronic Funds Transfer Systems (EFTS) = 696
      • 12 Security in Proprietary Network Architectures = 699
      • 13 Conclusion = 699
      • Appendix 1 Placement of Security Services in the Formatting Service Layer = 700
      • 1 Introduction = 700
      • 2 Security through existing EDIFACT data elements = 700
      • 2.1 Authentication = 700
      • 2.2 Integrity = 702
      • 2.3 Confidentiality = 702
      • 2.4 Non-Repudiation = 702
      • 2.5 Implementation Issues = 703
      • 3 Security through separate EDIFACT segments = 703
      • 4 Conclusion = 703
      • References = 704
      • 11 Formal Models of Secure Systems / Dennis Longley = 707
      • 1 Introduction = 707
      • 2 Confidentiality and Integrity Models = 709
      • 2.1 Bell La Padula Model = 709
      • 2.1.1 Overview = 709
      • 2.1.2 Description of the Model = 710
      • 2.1.3 Discussion on Bell La Padula Model = 714
      • 2.2 Biba Integrity Model = 715
      • 2.3 Denning Information Flow Model = 716
      • 2.3.1 Introduction = 716
      • 2.3.2 Information Flow Model = 716
      • 2.3.3 Lattice Model = 718
      • 2.3.4 Control of Information Flow = 721
      • 2.4 Rushby Separability Model = 723
      • 2.4.1 Introduction = 723
      • 2.4.2 Separation Model = 725
      • 2.5 Take-Grant Model = 728
      • 2.5.1 Informal view of the Take-Grant Model = 728
      • 2.5.2 Formal Analysis of Take-Grant Model = 735
      • 2.6 Landwehr's Security Model for Military Message Systems = 739
      • 2.6.1 Overview = 739
      • 2.6.2 Military Message System Model = 740
      • 3 Models for Commercial Systems Security = 743
      • 3.1 Clark Wilson Model = 743
      • 3.1.1 Introduction = 743
      • 3.1.2 Mandatory Access Control = 745
      • 3.1.3 Formal Model of Commercial Integrity = 745
      • 3.1.4 Conclusions = 749
      • 3.2 Brewer-Nash Chinese Wall Security Policy = 750
      • 3.2.1 Chinese Walls = 750
      • 3.2.2 Comments on the Chinese Wall Security Model = 753
      • 4 Security Evaluation Criteria = 754
      • 4.1 Introduction = 754
      • 4.2 Department of Defense Trusted Computer System Evaluation Criteria = 755
      • 4.2.1 Introduction = 755
      • 4.2.2 Trusted Computer System = 756
      • 4.2.3 Formal Security Policy = 759
      • 4.2.4 Fundamental Computer Security Requirements = 759
      • 4.2.5 The Evaluation Classes = 761
      • 4.2.6 The Aftermath of the Orange Book = 763
      • 4.3 Information Technology Security Evaluation Criteria (ITSEC) = 764
      • 4.3.1 Introduction = 764
      • 4.3.2 Security Features Specification = 765
      • 4.3.3 Security Functionality = 766
      • 4.3.4 Assurance Overview = 768
      • 4.3.5 Conclusions = 772
      • 5 Conclusions = 772
      • References = 776
      • Appendix = 778
      • Trusted Computer Systems Evaluation Criteria (TCSEC) = 778
      • Division D = 778
      • Division C = 778
      • Class C1 = 778
      • Class C2 = 780
      • Class B1 = 782
      • Class B2 = 787
      • Class B3 = 792
      • Class A1 = 795
      • Index = 799
      더보기

      분석정보

      View

      상세정보조회

      0

      Usage

      원문다운로드

      0

      대출신청

      0

      복사신청

      0

      EDDS신청

      0

      동일 주제 내 활용도 TOP

      더보기

      이 자료와 함께 이용한 RISS 자료

      나만을 위한 추천자료

      해외이동버튼