Terms and Conditions:
Sean Boran wrote:The author must be notified of commercial usage.
Excerpts from the book:
This document has the following objectives:
1. To briefly discuss threat & risk analysis.
2. To outline the ingredients necessary to define a security policy and to provide a framework (based on standards such as ITSEC and TCSEC) for deciding how tightly systems need to be secured.
3. To outline (sample) policies, processes, structure and responsibilities required in a security organisation.
4. To present current security mechanisms.
5. To briefly present physical security (concerning IT systems).
6. To provide a detailed list of technical guidelines for
* operating systems, applications and networks used in client/server systems. For the moment this report concentrates on Client/Server and Internet systems: NT, FW, Win95, OLTP, Oracle, Sybase, Sun UNIX, Firewalls, WWW/Java and TCP/IP Networks.
* Auditing checklists and "quick overviews" are provided for several types of systems
* DEC, SGI, AIX and HP systems are only partially covered in this document. They need to be covered in more detail (especially for the comparison in the Operating Systems Overview Chapter).
* It is not intended that this document cover VAX , Mainframe, Novell or Macintosh systems.
A detailed list of Security Information resources (such as CERT, FIRST, TCSEC and ITSEC) are listed in the Appendix, along with sample scripts and programs.
This document is intended for line managers (chapters 1-4, 6), computer users (chapters 1, 2, 6.2 User Policy), system administrators, security administrators (chapters 7-22) and technical project leaders (chapters 1-7, 15).