INTRODUCTION TO PART I

FOUNDATIONS OF COMPUTER SECURITY

The foundations of computer security include answers to the superficially simple question “What is this all about?” Our first part establishes a technological and historical context for information assurance so that readers will have a broad understanding of why information assurance matters in the real world. Chapters focus on principles that will underlie the rest of the text: historical perspective on the development of our field; how to conceptualize the goals of information assurance in a well-ordered schema that can be applied universally to all information systems; computer hardware and network elements underlying technical security; history and modern developments in cryptography; and how to discuss breaches of information security using a common technical language so that information can be shared, accumulated, and analyzed.

Readers also learn or review the basics of commonly used mathematical models of information security concepts and how to interpret survey data and, in particular, the pitfalls of self-selection in sampling about crimes. Finally, the first section of the text introduces elements of law (U.S. and international) applying to information assurance. This legal framework from a layman's viewpoint, provides a basis for understanding later chapters; in particular, when examining privacy laws and management's fiduciary responsibilities.

Chapter titles and topics in Part I include:

1. Brief History and Mission of Information System Security. An overview focusing primarily on developments in the second half of the twentieth century and the first decade of the twenty-first
2. History of Computer Crime. A review of key computer crimes and notorious computer criminals from the 1970s to the mid-2000s
3. Toward a New Framework for Information Security. A systematic and thorough conceptual framework and terminology for discussing the nature and goals of securing all aspects of information, not simply the classic triad of confidentiality, integrity, and availability
4. Hardware Elements of Security. A review of computer and network hardware underlying discussions of computer and network security
5. Data Communications and Information Security. Fundamental principles and terminology of data communications, and their implications for information assurance
6. Network Topologies, Protocols, and Design. Information assurance of the communications infrastructure
7. Encryption. Historical perspectives on cryptography and steganography from ancient times to today as fundamental tools in securing information
8. Using a Common Language for Computer Security Incident Information. An analytic framework for understanding, describing, and discussing security breaches by using a common language of well-defined terms
9. Mathematical Models of Computer Security. A review of the most commonly referenced mathematical models used to describe information security functions
10. Understanding Studies and Surveys of Computer Crime. Scientific and statistical principles for understanding studies and surveys of computer crime
11. Fundamentals of Intellectual Property Law. An introductory review of cyberlaw: laws governing computer-related crime, including contracts, and intellectual property (trade secrets, copyright, patents, open-source-models). Also, violations (piracy, circumvention of technological defenses), computer intrusions, and international frameworks for legal cooperation