The purpose of this book is to answer the questions that all responsible managers are asking or will ask on the subject of information security. There are few managers with first hand experience of serious attacks or catastrophic occurrences with regard to integrated information systems.

Part 1: security policy and organizational structure; personnel and responsibilities; access control and cryptographic controls; information flow control; security of stored data; monitoring and audit trails; military and commercial security. Part 2: risk analysis and management; conventional computer security risk analysis and management; Courtney Technique of risk analysis; Cramm risk analysis. Part 3: physical security; access control; personal computer security; contingency planning; insurance. Part 4: network security; security on IBM systems; OSI security. Part 5: identify and authentication of the user PINS; privacy, integrity and authentication of financial messages; financial network security. Part 6: communications and logical security; physical security of office systems; procedural and personnel security. Part 7: data protection; legal protection of information assets; computer crime; law and personnel.