Information and computer security has moved from the confines of academia to mainstream America in the last decade. The Slammer and SoBig attacks were heavily covered in the media and broadcast into the average American's home. It has increasingly become obvious to everybody that something needs to be done in order to secure not only our nation's critical infrastructure but the businesses we deal with on a daily basis. The question is, "Where do we begin?" What can the average information technology professional do in order to secure the systems that they are hired to maintain? One immediate answer is education and training. If we want to secure our computer systems and networks, our IT professionals need to know how to do this, and what security entails. Computer security education is an essential foundational element for today's computer science and information systems professionals.

Complacency is not an option in today's hostile network environment. While we once considered the insider to be the major threat to corporate networks, and the "script kiddie" to be the standard external threat (often thought of as only a nuisance), the highly interconnected network world of today is a much different place. The U.S. government identified eight critical infrastructures a few years ago that were thought to be so critical to the nation's daily operation that if one were to be lost, it would have a catastrophic impact on the nation. To this original set of eight sectors, more have recently been added. A common thread throughout all of these, however, is technology-especially technology related to computers and communication. Thus, if an individual, organization, or nation wanted to cause damage to this nation, it could attack it not just with traditional weapons but with computers through the Internet. It is not surprising to hear that among the other information seized in raids on terrorist organizations, computers and information about the Internet are present. While the insider can certainly still do tremendous damage to an organization, the external threat is again becoming the chief concern among many. While many may argue the source and credibility of specific threats, the fact remains that computer security plays an essential role in reducing risk to our national economy and way of life.

So, where do you, the IT professional seeking more knowledge on security, start your studies? The IT world is overflowing with certifications that can be obtained by those attempting to learn more about their chosen profession. The security sector is no different, and the Security+ exam offers a basic level of certification for security. In the pages of this introductory text on computer security can be found not only material that can help you build a solid foundation in computer security, but also prepare for taking the Security+ examination. The basic information that you will need in order to understand the issues involved in securing our computer systems and networks today will act as a foundational element in your education as a computer science or information systems professional. In no way is this textbook the final source you will need in order to learn all about protecting your organization's systems, but it serves as a point from which to launch your security studies and career.

One thing is certainly true about this field of study-it never gets boring. It constantly changes as technology itself advances. Something else you will find as you progress in your security studies is that no matter how much technology advances and no matter how many new security devices are developed, at its most basic level, the human is still the weak link in the security chain. If you are looking for an exciting area to delve into, then you have certainly chosen wisely. Security offers a challenging blend of technology and people issues. We, the authors of this textbook, wish you luck as you embark on an exciting and challenging career path.

Wm. Arthur Conklin

Gregory B. White, Ph.D.

Chuck Cothren

Dwayne Williams

Roger L. Davis