Computer and Communications Security.Computer and Communications Security Cooper has written Computer and Communications Security in the time-honored textbook manner - more for students than practitioners; however, today's practitioners can use it as a reference. Overall, the author has performed a yeoman's service for the security field in his selection and compilation of reference materials. His use of problems and dilemma discussions at the end of each chapter is an excellent technique, as it challenges readers to use the principles set forth in each chapter. The author provides answers to the problems at the end of the book so readers can compare their thinking and methodology with the author's. The book has several drawbacks, however. In many chapters, the author submits mathematical proof to illustrate his point. Unfortunately, the proofs are, in general, only understandable to people with extensive backgrounds in advanced mathematics. The proofreader also missed a few easily correctable points. Public Law 100-235 is printed as 100-35, and the extraneous word commercial is added to communications security (COMSEC (COMmunications SECurity) A term used primarily by the military to denote measures for ensuring secure communications, including integrity and confidentiality during transmissions. ). In some places, entire statements are misleading. For instance, the author's statement on the DoD Computer Security Center and the National Computer Security Center makes them appear to be two separate entities when they are the same organization. Also, the author's discussion of contingency planning does not mention control centers, which are vital to contingency planning and recovery activities. In the discussion on TEMPEST and tapping techniques, the author uses the word pedestal when he is referring to the telephone frame room. In his discourse on TEMPEST vulnerability, he leaves out any reference to radio frequency interference See RFI. (hardware, testing) Radio Frequency Interference - (RFI) Electromagnetic radiation which is emitted by electrical circuits carrying rapidly changing signals, as a by-product of their normal operation, and which causes unwanted signals (interference or noise) to be (RFI (Radio Frequency Interference) High-frequency electromagnetic waves that emanate from electronic devices such as chips. RFI - Radio Frequency Interference ) in-connection with electromagnetic interference See EMI. (EMI (ElectroMagnetic Interference) An electrical disturbance in a system due to natural phenomena, low-frequency waves from electromechanical devices or high-frequency waves (RFI) from chips and other electronic devices. Allowable limits are governed by the FCC. ). RFI is part and parcel of compromising emanations "Emanations" is the ninth episode of . Plot Voyager detects the signature of an as-yet undiscovered heavy element within the ring system of a planet and organise an away team to investigate the cavern systems of one of the rocks. . Also, an explanation of acronyms when they first appear would be helpful to readers rather than defining them several pages or chapters later. Another problem with the text is the author's treatment of environments. While he is thorough, Herman does not mention the computer or communications facility itself, which affects all the other elements. In contingency planning, the need for a backup operational site is not specifically mentioned until later in the commercial/business section. Two more points need to be made. First, passwords should never be issued on a CRT (1) (C RunTime) See runtime library. (2) (Cathode Ray Tube) A vacuum tube used as a display screen in a computer monitor or TV. The viewing end of the tube is coated with phosphors, which emit light when struck by electrons. display message. Second, passwords must be removed from the system as soon as possible after an employee's termination - within an hour or so - rather than the author's suggestion that they "should be changed on termination." The author achieved his overall purpose. His graphics and matrices are well done, and his problems and dilemma discussions are helpful. I also liked his views on security goals for the 1990s. The descriptions of weaknesses and research perspectives are excellent. Computer and Communications Security is a good reference for security professionals and a worthwhile textbook for students. Author: James Arlin Cooper Publisher: McGraw-Hill Book Company, New York, NY, 1989; 411 pages, hardback: $44.95 Reviewer: Howard R. Keough, CPP cpp - C preprocessor. ; Consultant, Jaehne Division of Mantech Inc.; Vice Chairman of the ASIS 1. ASIS - Application Software Installation Server. 2. (language) ASIS - Ada Semantic Interface Specification. Standing Committee on Computer Security |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion