Computer security: theory, process and management

Quantified Score

Visualization

Abstract

The Internet backbone servers were attacked and Web traffic slowed for a few hours, the Nimbda worm used Microsoft Web servers to infect all those downloading Web pages until appropriate patches were applied and credit card information is stolen every day. These are just some well known examples of breaches in computer security, but it is difficult to define computer security. Even when you get a good dictionary definition it is difficult to give a systematic description of the entire field. This paper gives a high-level overview of computer security that organizes the mass of seemingly unrelated subjects of computer security into a manageable whole. They key concept of the organization is that computer security consists of some basic theory, like cryptography and network protocols; a software engineering process that is used to systematically develop computer security systems and management techniques that are used to keep a computer security system operating.The organization of computer security described in the paper is the result of experiences gained in developing a one semester course on computer security that gives students a real understanding of all aspects of computer security. The course has an introduction to cryptography, but is not overly mathematical. It uses software engineering techniques to develop computer security systems, but does not follow any one known modeling technique. And, while discussing intrusion detection, it is not a dictionary on hacking. The course is a Web-based distance education course and has some unique assignments, described in the paper that can be done by students who do not have access to university labs.