What do you think?
Rate this book
An Introduction to Computer Security: The NIST Handbook
For the most part, the concepts presented in
the handbook are also applicable to the
private sector.4 While there are differences
between federal and private-sector
computing, especially in terms of priorities
and legal constraints, the underlying
principles of computer security and the
available safeguards managerial,
operational, and technical are the same.
The handbook is therefore useful to anyone
who needs to learn the basics of computer
security or wants a broad overview of the
subject. However, it is probably too detailed
to be employed as a user awareness guide,
and is not intended to be used as an audit
guide.
Organization
The first section of the handbook contains background and overview material, briefly
discusses of threats, and explains the roles and responsibilities of individuals and
organizations involved in computer security.
It explains the executive principles of computer security that are used throughout
the handbook. For example, one important principle that is repeatedly stressed is that
only security measures that are cost-effective should be implemented. A familiarity with
the principles is fundamental to understanding the handbook's philosophical approach to the issue of security.
The next three major sections deal with security controls: Management Controls5 (II),
Operational Controls (III), and Technical Controls (IV). Most controls cross the boundaries
between management, operational, and technical. Each chapter in the three sections provides a
basic explanation of the control; approaches to implementing the control, some cost
considerations in selecting, implementing, and using the control; and selected interdependencies
that may exist with other controls. Each chapter in this portion of the handbook also provides
references that may be useful in actual implementation.
The Management Controls section addresses security topics that can be characterized as
managerial. They are techniques and concerns that are normally addressed by management
in the organization's computer security program. In general, they focus on the management
of the computer security program and the management of risk within the organization.
The Operational Controls section addresses security controls that focus on controls that are,
broadly speaking, implemented and executed by people (as opposed to systems). These
controls are put in place to improve the security of a particular system (or group of
systems). They often require technical or specialized expertise and often rely upon
management activities as well as technical controls.
The Technical Controls section focuses on security controls that the computer system
executes. These controls are dependent upon the proper functioning of the system for their
effectiveness. The implementation of technical controls, however, always requires
significant operational considerations and should be consistent with the management of
security within the organization.
Finally, an example is presented to aid the reader in correlating some of the major topics
discussed in the handbook. It describes a hypothetical system and discusses some of the controls
that have been implemented to protect it. This section helps the reader better understand the
decisions that must be made in securing a system, and illustrates the interrelationships among
controls.
the handbook are also applicable to the
private sector.4 While there are differences
between federal and private-sector
computing, especially in terms of priorities
and legal constraints, the underlying
principles of computer security and the
available safeguards managerial,
operational, and technical are the same.
The handbook is therefore useful to anyone
who needs to learn the basics of computer
security or wants a broad overview of the
subject. However, it is probably too detailed
to be employed as a user awareness guide,
and is not intended to be used as an audit
guide.
Organization
The first section of the handbook contains background and overview material, briefly
discusses of threats, and explains the roles and responsibilities of individuals and
organizations involved in computer security.
It explains the executive principles of computer security that are used throughout
the handbook. For example, one important principle that is repeatedly stressed is that
only security measures that are cost-effective should be implemented. A familiarity with
the principles is fundamental to understanding the handbook's philosophical approach to the issue of security.
The next three major sections deal with security controls: Management Controls5 (II),
Operational Controls (III), and Technical Controls (IV). Most controls cross the boundaries
between management, operational, and technical. Each chapter in the three sections provides a
basic explanation of the control; approaches to implementing the control, some cost
considerations in selecting, implementing, and using the control; and selected interdependencies
that may exist with other controls. Each chapter in this portion of the handbook also provides
references that may be useful in actual implementation.
The Management Controls section addresses security topics that can be characterized as
managerial. They are techniques and concerns that are normally addressed by management
in the organization's computer security program. In general, they focus on the management
of the computer security program and the management of risk within the organization.
The Operational Controls section addresses security controls that focus on controls that are,
broadly speaking, implemented and executed by people (as opposed to systems). These
controls are put in place to improve the security of a particular system (or group of
systems). They often require technical or specialized expertise and often rely upon
management activities as well as technical controls.
The Technical Controls section focuses on security controls that the computer system
executes. These controls are dependent upon the proper functioning of the system for their
effectiveness. The implementation of technical controls, however, always requires
significant operational considerations and should be consistent with the management of
security within the organization.
Finally, an example is presented to aid the reader in correlating some of the major topics
discussed in the handbook. It describes a hypothetical system and discusses some of the controls
that have been implemented to protect it. This section helps the reader better understand the
decisions that must be made in securing a system, and illustrates the interrelationships among
controls.
269 pages, Kindle Edition
First published November 4, 2013
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
No one has reviewed this book yet.