Why Read This Book?

Are your data or programs at risk? If you answer "yes" to any of the following questions, you have a potential security risk.

• Do you connect to the Internet?

• Do you read e-mail?

• Have you gotten any new programs ”or any new versions of old programs ”within, say, the last year?

• Is there any important program or data item of which you do not have a second copy stored somewhere other than on your computer?

Almost every computer user today meets at least one of these conditions, and so you, and almost every other computer user , are at risk of some harmful computer security event. Risk does not mean you should stop using computers. You are at risk of being hit by a falling meteorite or of being robbed by a thief on the street, but you do not hide in a fortified underground bunker all day. You learn what puts you at risk and how to control it. Controlling a risk is not the same as eliminating it; you simply want to bring it to a tolerable level.

How do you control the risk of computer security?

• Learn about the threats to computer security.

• Understand what causes these threats by studying how vulnerabilities arise in the development and use of computer systems.

• Survey the controls that can reduce or block these threats.

• Develop a computing style ”as a user, developer, manager, consumer, and voter ”that balances security and risk.