Bishop explains the fundamentals of security: the different types of widely used policies, the mechanisms that implement these policies, the principles underlying both policies and mechanisms, and how attackers can subvert these tools--as well as how to defend against attackers. A practicum demonstrates how to apply these ideas and mechanisms to a realistic company.
Coverage includesConfidentiality, integrity, and availabilityOperational issues, cost-benefit and risk analyses, legal and human factorsPlanning and implementing effective access controlDefining security, confidentiality, and integrity policiesUsing cryptography and public-key systems, and recognizing their limitsUnderstanding and using authentication: from passwords to biometricsSecurity design principles: least-privilege, fail-safe defaults, open design, economy of mechanism, and moreControlling information flow through systems and networksAssuring security throughout the system lifecycleMalicious logic: Trojan horses, viruses, boot sector and executable infectors, rabbits, bacteria, logic bombs--and defenses against themVulnerability analysis, penetration studies, auditing, and intrusion detection and preventionApplying security principles to networks, systems, users, and programs
"Introduction to Computer Security" is adapted from Bishop's comprehensive andwidely praised book, "Computer Security: Art and Science." This shorter version of the original work omits much mathematical formalism, making it more accessible for professionals and students who have a less formal mathematical background, or for readers with a more practical than theoretical interest.