Printer Friendly

Computer and Communications Security.

Computer and Communications Security

Cooper has written Computer and Communications Security in the time-honored textbook manner - more for students than practitioners; however, today's practitioners can use it as a reference.

Overall, the author has performed a yeoman's service for the security field in his selection and compilation of reference materials. His use of problems and dilemma discussions at the end of each chapter is an excellent technique, as it challenges readers to use the principles set forth in each chapter. The author provides answers to the problems at the end of the book so readers can compare their thinking and methodology with the author's.

The book has several drawbacks, however. In many chapters, the author submits mathematical proof to illustrate his point. Unfortunately, the proofs are, in general, only understandable to people with extensive backgrounds in advanced mathematics.

The proofreader also missed a few easily correctable points. Public Law 100-235 is printed as 100-35, and the extraneous word commercial is added to communications security (COMSEC).

In some places, entire statements are misleading. For instance, the author's statement on the DoD Computer Security Center and the National Computer Security Center makes them appear to be two separate entities when they are the same organization. Also, the author's discussion of contingency planning does not mention control centers, which are vital to contingency planning and recovery activities.

In the discussion on TEMPEST and tapping techniques, the author uses the word pedestal when he is referring to the telephone frame room. In his discourse on TEMPEST vulnerability, he leaves out any reference to radio frequency interference (RFI) in-connection with electromagnetic interference (EMI). RFI is part and parcel of compromising emanations. Also, an explanation of acronyms when they first appear would be helpful to readers rather than defining them several pages or chapters later.

Another problem with the text is the author's treatment of environments. While he is thorough, Herman does not mention the computer or communications facility itself, which affects all the other elements. In contingency planning, the need for a backup operational site is not specifically mentioned until later in the commercial/business section.

Two more points need to be made. First, passwords should never be issued on a CRT display message. Second, passwords must be removed from the system as soon as possible after an employee's termination - within an hour or so - rather than the author's suggestion that they "should be changed on termination."

The author achieved his overall purpose. His graphics and matrices are well done, and his problems and dilemma discussions are helpful. I also liked his views on security goals for the 1990s. The descriptions of weaknesses and research perspectives are excellent. Computer and Communications Security is a good reference for security professionals and a worthwhile textbook for students.

Author: James Arlin Cooper Publisher: McGraw-Hill Book Company, New York, NY, 1989; 411 pages, hardback: $44.95 Reviewer: Howard R. Keough, CPP; Consultant, Jaehne Division of Mantech Inc.; Vice Chairman of the ASIS Standing Committee on Computer Security
COPYRIGHT 1989 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Keough, Howard R.
Publication:Security Management
Article Type:Book Review
Date:Dec 1, 1989
Previous Article:Keeping the contagion at bay.
Next Article:Succeed with report support.

Related Articles
Can existing networks facilitate global monitoring?
Computer Communications Security: Principles, Standard Protocols, and Techniques.
Firewalls and Internet Security: Repelling the Wily Hacker.
Computer Security Sourcebook and Communications Security Sourcebook.
Computers and communications; proceedings. (CD-ROM included).
Security and privacy for emerging areas in communications networks; proceedings.
Knowledge structures for communications in human-computer systems; general automata-based.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters