There's a lot more consciousness of security today, but not a lot of understanding of what it means and how far it should go. No one loves security, but most people---managers, system administrators and users alike---are starting to feel that they'd better accept it, or at least try to understand it.
For example, most U.S. Government equipment acquisitions now require "Orange Book" (Trusted Computer System Evaluation Criteria) certification. A lot of people have a vague feeling that they ought to know about the Orange Book, but few make the effort to track it down and read it. Computer Security Basics contains a more readable introduction to the Orange Book---why it exists, what it contains, and what the different security levels are all about---than any other book or government publication.
This handbook describes complicated concepts such as trusted systems, encryption, and mandatory access control in simple terms. It tells you what you need to know to understand the basics of computer security, and it will help you persuade your employees to practice safe computing.
- Introduction (basic computer security concepts, security breaches such as the Internet worm).
- Computer security and requirements of the Orange Book.
- Communications and network security.
- Peripheral types of security (including biometric devices, physical controls, and TEMPEST).
- Appendices: terms, sources, user groups, and other reference material.