Introduction

Copyright(c), 1990, 1995 Fred Cohen - All Rights Reserved

In the mid-1980s, I visited the Software Engineering Institute at Carnegie-Mellon University for a summer to write a curriculum for information protection. The curriculum I developed there was fairly rudimentary, but the reviewers at the time were even more so, and they were unable to accept the stretch that information protection should encompass such a wide range of issues as integrity, management, legal and social issues, and so forth. Since most computer scientists today still seem to think of information protection as a simple issue and mostly an afterthought, I guess these reviewers were ahead of their time.

Dispite the negative reviews, I pressed on and wrote this rudimentary book based on that curriculum. During the mid-1980s I used the original edition of this book supplimented with many notes for graduate classes in information protection at Lehigh University and the University of Cincinnati, and eventually abandoned it by the end of the decade because I wasn't teaching graduate university courses any more.

When I started the all.net Web site int he mid-1990s, I decided that it would be a good idea to put lots of information about information protection on the Web for the world to see. I began the sometimes painful process of converting books and papers to html format and that eventually became Infosec Heaven - and has now evolved into The Security Database At All.Net.

Eventually, I converted this book, which has been online for about 5 years. Over time, I changed the citations to Web pointers into our annotated bibliography, made some other minor changes, and so forth, but the book is essentially unchanged since the 1980s.


Introduction to the Previous Editions

I have often defined the "information age" in my talks, as the time when our society becomes truly dependent for its very survival on information and the technologies that deal with it. That time is now. To understand just how serious this dependency is, I'll list some of the things we currently depend on computers for.

Clearly, we are in the information age. Just as clearly, we have a newly fostered dependency on information and information systems that is unprecidented in its potential for good and for harm. It is important for everyone to be aware of the nature of the problems we face and the solutions we have or don't have to them. In the information age, ignorance is not bliss, it is suicide.

The proliferation of information systems has caused widespread concern about protection issues. Widening gaps have formed between the need for protection, the state of the art in protection, and the ability of practitioners to provide protection. We need only look at the last few years to find startling examples of protection inadequacies.

There is a clear and pressing need for widespread understanding of information protection, for without this understanding, the degree of harm is liable to increase beyond our capacity to compensate. That is the reason for this book.