Computers at Risk presents a comprehensive agenda for developing nationwide policies and practices for computer security. Specific recommendations are provided for industry and for government agencies engaged in computer security activities. The volume also outlines problems and opportunities in computer security research, recommends ways to improve the research infrastructure, and suggests topics for investigators. The book explores the diversity of the field, the need to engineer countermeasures based on speculation of what experts think computer attackers may do next, why the technology community has failed to respond to the need for enhanced security systems, how innovators could be encouraged to bring more options to the marketplace, and balancing the importance of security against the right of privacy.

Provides a set of good practices related to trusted recovery. Helps the vendor and evaluator community understand the requirements for trusted recovery at all applicable classes. Includes: failures, discontinuities, and recovery; properties of trusted recovery; design approaches for trusted recovery; impact on trusted recovery; and satisfying requirements. Glossary and bibliography.

Expanded into two volumes, the Second Edition of Springer’s Encyclopedia of Cryptography and Security brings the latest and most comprehensive coverage of the topic: Definitive information on cryptography and information security from highly regarded researchers Effective tool for professionals in many fields and researchers of all levels Extensive resource with more than 700 contributions in Second Edition 5643 references, more than twice the number of references that appear in the First Edition With over 300 new entries, appearing in an A-Z format, the Encyclopedia of Cryptography and Security provides easy, intuitive access to information on all aspects of cryptography and security. As a critical enhancement to the First Edition’s base of 464 entries, the information in the Encyclopedia is relevant for researchers and professionals alike. Topics for this comprehensive reference were elected, written, and peer-reviewed by a pool of distinguished researchers in the field. The Second Edition’s editorial board now includes 34 scholars, which was expanded from 18 members in the First Edition. Representing the work of researchers from over 30 countries, the Encyclopedia is broad in scope, covering everything from authentication and identification to quantum cryptography and web security. The text’s practical style is instructional, yet fosters investigation. Each area presents concepts, designs, and specific implementations. The highly-structured essays in this work include synonyms, a definition and discussion of the topic, bibliographies, and links to related literature. Extensive cross-references to other entries within the Encyclopedia support efficient, user-friendly searches for immediate access to relevant information. Key concepts presented in the Encyclopedia of Cryptography and Security include: Authentication and identification; Block ciphers and stream ciphers; Computational issues; Copy protection; Cryptanalysis and security; Cryptographic protocols; Electronic payment and digital certificates; Elliptic curve cryptography; Factorization algorithms and primality tests; Hash functions and MACs; Historical systems; Identity-based cryptography; Implementation aspects for smart cards and standards; Key management; Multiparty computations like voting schemes; Public key cryptography; Quantum cryptography; Secret sharing schemes; Sequences; Web Security. Topics covered: Data Structures, Cryptography and Information Theory; Data Encryption; Coding and Information Theory; Appl.Mathematics/Computational Methods of Engineering; Applications of Mathematics; Complexity. This authoritative reference will be published in two formats: print and online. The online edition features hyperlinks to cross-references, in addition to significant research.

For use by personnel responsible for the secure handling of sensitive computer memory and secondary and other storage media. Provides information relating to the clearing, purging, declassification, destruction, and release of most computer storage media. Addresses issue of data remanence.

Rapid progress in information and communications technologies is dramatically enhancing the strategic role of information, positioning effective exploitation of these technology advances as a critical success factor in military affairs. These technology advances are drivers and enablers for the "nervous system" of the militaryâ€"its command, control, communications, computers, and intelligence (C4I) systemsâ€"to more effectively use the "muscle" side of the military. Authored by a committee of experts drawn equally from the military and commercial sectors, Realizing the Potential of C4I identifies three major areas as fundamental challenges to the full Department of Defense (DOD) exploitation of C4I technologyâ€"information systems security, interoperability, and various aspects of DOD process and culture. The book details principles by which to assess DOD efforts in these areas over the long term and provides specific, more immediately actionable recommendations. Although DOD is the focus of this book, the principles and issues presented are also relevant to interoperability, architecture, and security challenges faced by government as a whole and by large, complex public and private enterprises across the economy.

"This document provides interpretations of the Department of Defense Trusted Computer System Evaluation Criteria (DoD 52O0.28-STD or TCSEC) for computer security subsystems. A computer security subsystem (subsystem) is defined, herein, as hardware, firmware and/or software which can be added to a computer system to enhance the security of the overall system. A subsystem's primary utility is to increase the security of a computer system. The computer system that the subsystem is to protect is referred to as the protected system in this Interpretation. When incorporated into a system environment, evaluated computer security subsystems may be very effective in reducing or eliminating certain types of vulnerabilities whenever entire evaluated systems are unavailable or impractical."--DTIC.