Information Systems Security

This book is probably a "first" in the industry. It was written to present a simple, effective, complete, structured approach for the design of data security in computerized systems. Equally or perhaps even more important, it provides guidance as to where attention should be focused before resources are committed so such an endeavor. That is, what cost effective actions may be taken immediately to secure information systems to an acceptable level of risk?

This book is not intended as an in-depth technical presentation on data security. Nor is it a treatise on specific designs for each issue within the data security framework (such as data libraries, passwords, or functional organization). Rather it has been written to present a suggested structure or methodology wherein the main issues of data security may be effectively considered. It sets forth several approaches for recognizing and handling the data security issues existing in automated information systems. And it provides a useful overview of the factors to be considered before embarking on a data security program.

1. A Top Management Priority
2. Critical Control Areas
3. Basic Principles, Properties, and Functions
4. Management Contributions
• Part 1: Management Policy, Plans and Programs
• Part 2: Role of the Security Administrator
5. Identifying Exposures
6. Exposure Control Points
7. Applying the Methodology
8. Limiting Risk
9. Risk Analysis
10. Basic Controls
11. Cost-Effectiveness Selection Process
12. "Quik" Approach

Probably one of the first IT-security books ever written. There exists a certain historical value, but is otherwise without any value whatsoever.