This comprehensive introduction to the information security field covers the industry’s essential concepts, using real-world security breaches to illustrate key lessons.Cybersecurity is critical to protecting data, systems, and people. Whether you’re new to the field, an IT professional strengthening your skills, or a manager shaping security policy,
Foundations of Cybersecurity provides the knowledge and practice you need.
Building on the first edition (
Foundations of Information Security), this updated guide covers the essentials: authentication, authorization, and auditing; cryptography; security architecture; threat assessment; network and OS hardening; application and IoT security; incident response; compliance; and the human factors attackers exploit.
You’ll learn how to:
- Apply the core principles of security across systems and networks
- Defend against emerging threats like AI-driven attacks and IoT vulnerabilities
- Manage incident response and governance, risk, and compliance (GRC)
- Strengthen defenses against social engineering and insider threats
- Explore career paths and skills for a future in cybersecurity
What’s New in This EditionIncludes a new chapter on AI security, expanded coverage of security operations and governance, and practical “Down the Rabbit Hole” labs in every chapter to help you practice real-world skills.
Whether you’re new to the field, strengthening your skills, or guiding a team, this book will help you build a solid foundation for protecting systems, data, and people.
Acknowledgments
Introduction
PART I: CORE PRINCIPLES
Chapter 1: What Is Cybersecurity?
Chapter 2: The Threat Landscape
Chapter 3: Identification and Authentication
Chapter 4: Authorization and Access Controls
Chapter 5: Auditing and Accountability
Chapter 6: Cryptography
PART II: ARCHITECTURE, INFRASTRUCTURE, AND SYSTEM SECURITY
Chapter 7: Security Architecture
Chapter 8: Network Security
Chapter 9: Operating System Security
Chapter 10: Mobile, Embedded, and Internet of Things Security
Chapter 11: Application Security
Chapter 12: AI Security
PART III: SECURITY OPERATIONS AND MANAGEMENT
Chapter 13: SecOps, the SOC, and Incident Response
Chapter 14: Governance, Risk, and Compliance
Chapter 15: Vulnerability Assessments and Penetration Testing
PART IV: HUMAN FACTORS AND PROFESSIONAL DEVELOPMENT
Chapter 16: Social Engineering
Chapter 17: Security Awareness
Chapter 18: So You Want to Be a Security Professional
Notes
Index
Dr. Jason Andress is a cybersecurity professional and researcher with over 20 years of experience across financial services, retail, and technology. His career spans penetration testing, forensic analysis, security architecture, vulnerability research, and threat intelligence, including senior roles at Oracle, Nordstrom, and HP.
