Computing Reviews
Today's Issue Hot Topics Search Browse Recommended My Account Log In
Review Help
Introduction to data security and controls (2nd ed.)
Edward R. I., QED Information Sciences, Inc., Wellesley, MA, 1991. Type: Book (9780894353864)
Date Reviewed: Aug 1 1992

Markus Hess, a computer hacker and possibly a Soviet spy in Germany, broke into the computer systems at Lawrence Berkeley Laboratory and many other computers on the Internet with stolen user accounts and passwords in 1988. This incident, which was the subject of an episode of the television program Nova in October 1990, and many similar attacks against computers worldwide, underscore the growing importance of security as an issue in data processing.

Buck addresses the subject of data security concisely and from a practitioner’s point of view in 12 brief chapters. Basic security terms are defined in one chapter and a rationale is established for a comprehensive data security program in business organizations. Four chapters explain a stepwise approach to conducting security risk analysis in data processing environments, and computer security countermeasures against various threats are discussed in three areas: physical security, administrative security, and personnel and computer subsystems security. Buck divides computer security countermeasures into five categories: system software, databases, applications software, hardware, and communications and terminals. A separate chapter on personal computer security provides an overview of the security issues in the PC environment.

I found the chapter on viruses interesting and informative. It contains an excellent list of 112 viruses, their characteristics, and the “disinfector” programs available for them. A case study contained in the appendix demonstrates the applicability of the risk analysis and countermeasures framework for computer security discussed in the book.

Business professionals, especially accountants, will find the book useful in designing a practical program of general data security for small and medium-sized companies. Unfortunately, this book provides only a cursory view of this extremely complex subject, ignoring the larger social, organizational, technological, and legal aspects of computer security threats and countermeasures.

Reviewer:  Satya Prakash Saraswat Review #: CR123981
Bookmark and Share
Security and Protection (C.2.0 ... )
Data Communications (C.2.0 ... )
Invasive Software (K.6.5 ... )
Would you recommend this review?
Other reviews under "Security and Protection": Date
Security for computer networks: an introduction to data security in teleprocessing and electronic funds transfer
Davies D., Price W., John Wiley & Sons, Inc., New York, NY, 1984. Type: Book (9780471900634)
Oct 1 1985
The development and proof of a formal specification for a multilevel secure system
Glasgow J., Macewen G. ACM Transactions on Computer Systems 5(2): 151-184, 1987. Type: Article
Oct 1 1987
Factors affecting distributed system security
Nessett D. IEEE Transactions on Software Engineering SE-13(2): 233-248, 1987. Type: Article
Jun 1 1988

E-Mail This Printer-Friendly
Send Your Comments
Contact Us
Reproduction in whole or in part without permission is prohibited.   Copyright 1999-2023 ThinkLoud®
Terms of Use
| Privacy Policy