FOREWORD

Decisions, decisions, decisions—selecting a book for a class is tricky for me. If a book is for personal reading pleasure, I merely decide if I would I like reading it. If the book is for my professional development, I have to decide if it will meet my needs and be a pleasure to read. Finally, if the choice is for my students, I have to decide if it will be a pleasure to read, meet their needs, and be clear and concise.

This new edition of Principles of Computer Security passes all three tests with flying colors. I enjoyed reading it. If I needed to pass the CompTIA Security+ or similar practitioner examination, it would prepare me. And finally, based on personal experience, students will like this book and find it to be valuable reading and study material. It even has practice exams for certification and has an e-book for their convenience.

For more than 40 years I have worked in some aspect of computer security. When people ask me what defines my job, I respond with “I don’t know until I read the morning newspaper because the security environment changes rapidly.” If you want to get into the computer security industry, reading and understanding this book is a great introduction. Now in its sixth edition, Principles of Computer Security focuses on a broad spectrum of important topics, across 25 chapters, to prepare you to be a certified computer security practitioner.

Dr. Conklin and his team of coauthors ease you into the meat of the topic by reviewing both security trends and concepts. They then address security from two different perspectives. First, they focus on the organization’s need for security, and, second, they focus on the important role of people within the organization. These two perspectives are intertwined; it is essential for a security practitioner to understand the security environment and how the people make it work.

Every practitioner needs to understand the underlying technology and tools of computer security. Some individuals have an idea about security topics but do not have the essential knowledge needed to address them in depth. The authors have provided a series of masterful chapters introducing these key concepts. For example, in a single chapter, they provide the basis for you to deal with security of networks. This chapter provides everything you need to know to address standards and protocols, infrastructure security, remote access and authentication, as well as wireless. The authors integrate these concepts to support public key infrastructure (PKI) and intrusion detection systems for network security without forgetting the importance of physical security in protecting the information system as well as infrastructure.

One of the most debated topics in security is the importance of cryptography. Some would assert that almost all digital security can be accomplished with cryptography—that security and cryptography are inseparable, with cryptography being the cornerstone of securing data in both transmission and storage. However, if computer security were as easy as “encrypt everything,” this would be a very short book. Although cryptography is very important and a very complex security measure, it is not a panacea—but it does provide for lively discussions. By discussing applied security and PKI separately, the authors cause you to a focus on the real world. They bring all these components together with a comprehensive chapter on intrusion detection and prevention.

Once you have mastered the basics, the authors address e-mail, malicious software, instant messaging, and web components in such a way that you can apply your knowledge of networks and security fundamentals. You will then be provided with an overview of secure software development. Poorly developed software is one of the biggest cyberthreats—perhaps 90 percent of the threats come through poor software design.

In the final analysis, security is really all about risk management. What is your organization’s appetite for risk, and how is that risk managed? The chapters covering risk management lead you through these less technical issues to gain an understanding as to how they impact the organization. Baselines and change management are essential to understanding what assets are being secured and how they are being changed. A reader who learns these skills well will be able to work in incident response, disaster recovery, and business continuity. Understanding these processes and how they work with technical issues expands career opportunities.

The authors conclude their review of the principles of computer security with an examination of privacy, legal issues, and ethics. Although these topics appear at the end of the book, they are crucial issues in the modern world. Remember, as a computer security practitioner, you will have legal access to more data and information than anyone else in the organization.

Although it’s not the topic of the last chapter in the book, forensics is covered here last. The authors have done a wonderful job of addressing this complex topic. But why mention it last? Because many times forensics is what one does after computer security fails.

Tonight it is 15 degrees and snowing outside while I sit in my study—warm, dry, and comfortable. My home is my castle. Not bad for mid-winter in Idaho; however, I should not forget that one reason I am comfortable is because certified computer security practitioners are protecting my information and privacy as well as the critical infrastructure that supports it.

For instructors:

I have taught from prior editions of this book for several years. Principles of Computer Security, Sixth Edition has instructor materials on a companion website available to adopting instructors. Instructor manuals, including the answers to the end-of-chapter questions, PowerPoint slides, and the test bank of questions for use as quizzes or exams, make preparation a snap.

Corey D. Schou, PhD
Series Editor
University Professor of Informatics
Professor of Computer Science
Director of the National Information Assurance Training and Education Center
Idaho State University

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
34.234.83.135