chapter 0 reader's and instructor's guide
0.1 outline of this book
0.2 a roadmap for readers and instructors
0.3 support for cissp certification
0.4 internet and web resources
0.5 standards

chapter 1 overview
1.1 computer security concepts
1.2 threats�� attacks�� and assets
1.3 security functional requirements
1.4 a security architecture for open systems
1.5 computer security trends
1.6 computer security strategy
1.7 recommended reading and web sites
1.8 key terms�� review questions�� and problems
part one�� computer security technology and principles

chapter 2 cryptographic tools
2.1 confidentiality with symmetric encryption
2.2 message authentication and hash functions
2.3 public-key encryption
2.4 digital signatures and key management
2.5 random and pseudorandom numbers
2.6 practical application�� encryption of stored data
2.7 recommended reading and web sites
2.8 key terms�� review questions�� and problems

chapter 3 user authentication
3.1 means of authentication
3.2 password-based authentication
3.3 token-based authentication
3.4 biometric authentication
3.5 remote user authentication
3.6 security issues for user authentication
3.7 practical application�� an iris biometric system
3.8 case study�� security problems for atm systems
3.9 recommended reading and web sites
3.10�� key terms�� review questions�� and problems

chapter 4 access control
4.1 access control principles
4.2 subjects�� objects�� and access rights
4.3 discretionary access control
4.4 example�� unix file access control
4.5 role-based access control
4.6 case study�� rbac system for a bank
4.7 recommended reading and web site
4.8 key terms�� review questions�� and problems

chapter 5 database security
5.1 the need for database security
5.2 database management systems
5.3 relational databases
5.4 database access control
5.5 inference
5.6 statistical databases
5.7 database encryption
5.8 cloud security
5.9 recommended reading and web site
5.10�� key terms�� review questions�� and problems

chapter 6 malicious software
6.1 types of malicious software ��malware��
6.2 propagation-infected content-viruses
6.3 propagation-vulnerability exploit-worms
6.4 propagation-social engineering-spam e-mail�� trojans
6.5 payload-system corruption
6.6 payload-attack agent-zombie�� bots
6.7 payload-information theft-keyloggers�� phishing�� spyware
6.8 payload-stealthing-backdoors�� rootkits
6.9 countermeasures
6.10 recommended reading and web sites
6.11 key terms�� review questions�� and problems

chapter 7 denial-of-service attacks
7.1 denial-of-service attacks
7.2 flooding attacks
7.3 distributed denial-of-service attacks
7.4 application-based bandwidth attacks
7.5 reflector and amplifier attacks
7.6 defenses against denial-of-service attacks
7.7 responding to a denial-of-service attack
7.8 recommended reading and web sites
7.9 key terms�� review questions�� and problems

chapter 8 intrusion detection
8.1 intruders
8.2 intrusion detection
8.3 host-based intrusion detection
8.4 distributed host-based intrusion detection
8.5 network-based intrusion detection
8.6 distributed adaptive intrusion detection
8.7 intrusion detection exchange format
8.8 honeypots
8.9 example system�� snort
8.10 recommended reading and web sites
8.11 key terms�� review questions�� and problems

chapter 9 firewalls and intrusion prevention systems
9.1 the need for firewalls
9.2 firewall characteristics
9.3 types of firewalls
9.4 firewall basing
9.5 firewall location and configurations
9.6 intrusion prevention systems
9.7 example�� unified threat management products
9.8 recommended reading and web site
9.9 key terms�� review questions�� and prob