Held October 10-13, 1995. Addresses a wide range of interests from technical research and development projects to user oriented management and administration topics. Focuses on developing and implementing secure networks, technologies, applications, and policies. Papers and panel discussions address a broad spectrum of network security subjects including: security architecture, internet security, firewalls, multilevel security products and security management.
This book presents a state-of-the-art review of current perspectives in information systems security in view of the information society of the 21st century. It will be essential reading for information technology security specialists, computer professionals, EDP managers, EDP auditors, managers, researchers and students working on the subject.
Security for Software Engineers is designed to introduce security concepts to undergraduate software engineering students. The book is divided into four units, each targeting activities that a software engineer will likely be involved in within industry. The book explores the key areas of attack vectors, code hardening, privacy, and social engineering. Each topic is explored from a theoretical and a practical-application standpoint. Features: Targets software engineering students - one of the only security texts to target this audience. Focuses on the white-hat side of the security equation rather than the black-hat side. Includes many practical and real-world examples that easily translate into the workplace. Covers a one-semester undergraduate course. Describes all aspects of computer security as it pertains to the job of a software engineer and presents problems similar to that which an engineer will encounter in the industry. This text will equip students to make knowledgeable security decisions, be productive members of a security review team, and write code that protects a user’s information assets.
Disseminating Security Updates at Internet Scale describes a new system, "Revere", that addresses these problems. "Revere" builds large-scale, self-organizing and resilient overlay networks on top of the Internet to push security updates from dissemination centers to individual nodes. "Revere" also sets up repository servers for individual nodes to pull missed security updates. This book further discusses how to protect this push-and-pull dissemination procedure and how to secure "Revere" overlay networks, considering possible attacks and countermeasures. Disseminating Security Updates at Internet Scale presents experimental measurements of a prototype implementation of "Revere" gathered using a large-scale oriented approach. These measurements suggest that "Revere" can deliver security updates at the required scale, speed and resiliency for a reasonable cost. Disseminating Security Updates at Internet Scale will be helpful to those trying to design peer systems at large scale when security is a concern, since many of the issues faced by these designs are also faced by "Revere". The "Revere" solutions may not always be appropriate for other peer systems with very different goals, but the analysis of the problems and possible solutions discussed here will be helpful in designing a customized approach for such systems.
The RMF allows an organization to develop an organization-wide risk framework that reduces the resources required to authorize a systems operation. Use of the RMF will help organizations maintain compliance with not only FISMA and OMB requirements but can also be tailored to meet other compliance requirements such as Payment Card Industry (PCI) or Sarbanes Oxley (SOX). With the publishing of NIST SP 800-37 in 2010 and the move of the Intelligence Community and Department of Defense to modified versions of this process, clear implementation guidance is needed to help individuals correctly implement this process. No other publication covers this topic in the detail provided in this book or provides hands-on exercises that will enforce the topics. Examples in the book follow a fictitious organization through the RMF, allowing the reader to follow the development of proper compliance measures. Templates provided in the book allow readers to quickly implement the RMF in their organization. The need for this book continues to expand as government and non-governmental organizations build their security programs around the RMF. The companion website provides access to all of the documents, templates and examples needed to not only understand the RMF but also implement this process in the reader's own organization. - A comprehensive case study from initiation to decommission and disposal - Detailed explanations of the complete RMF process and its linkage to the SDLC - Hands on exercises to reinforce topics - Complete linkage of the RMF to all applicable laws, regulations and publications as never seen before
