This book addresses the broad sweep of issues above: the nature of the threat and system vulnerabilities; cryptography; software vulnerabilities; the Common Criteria; the World Wide Web and Internet; managing risk; and legal, ethical and privacy issues. The book also describes security controls that are currently available such as encryption protocols, software development practices, firewalls, and intrusion-detection systems. Overall, this book provides a broad and sound foundation for the information-system specialist who is charged with planning and organizing or managing and/or implementing a comprehensive information-system security program. Yet to be solved are many technical aspects of information security - R&D for hardware, software, systems, and architecture; and the corresponding products.