Muutke küpsiste eelistusi

Foundations of Information Security: A Straightforward Introduction [Pehme köide]

4.06/5 (233 hinnangut Goodreads-ist)
  • Formaat: Paperback / softback, 248 pages, kõrgus x laius: 235x178 mm
  • Ilmumisaeg: 07-Oct-2019
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718500041
  • ISBN-13: 9781718500044
Teised raamatud teemal:
Foundations of Information Security: A Straightforward IntroductionSuurem pilt
  • Formaat: Paperback / softback, 248 pages, kõrgus x laius: 235x178 mm
  • Ilmumisaeg: 07-Oct-2019
  • Kirjastus: No Starch Press,US
  • ISBN-10: 1718500041
  • ISBN-13: 9781718500044
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781718500044.html
Märksõnad:
"Begins with an introduction to information security, including key topics such as confidentiality, integrity, and availability, and then moves on to practical applications of these ideas in the areas of operational, physical, network, application, and operating system security"--

High-level overview of the information security field. Covers key concepts like confidentiality, integrity, and availability, then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.

In this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.

Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.

You'll also learn the basics of topics like:
  *  Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process
  *  The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates
  *  The laws and regulations that protect systems and data
  *  Anti-malware tools, firewalls, and intrusion detection systems
  *  Vulnerabilities such as buffer overflows and race conditions

A valuable resource for beginning security professionals, network systems administrators, or anyone new to the field, Foundations of Information Security is a great place to start your journey into the dynamic and rewarding field of information security.

Arvustused

This book is an excellent starting point for future security professionals but also network and system administrators. Help Net Security

"A thorough overview for many different areas within security. The author explains what and more importantly why, then illustrates each concept with concrete, realistic examples. Definitely a great addition to any security engineer's library, but also less technical people who want to learn more about common topics like defense in depth." Seth Foley

"If youre new to info security or are looking to refresh your knowledge, then this is an ideal book. Its easy to read and makes the information fun to consume." HaXez, Blogger and YouTuber

Muu info

High-level overview of the information security field. Covers key concepts like confidentiality, integrity, and availability, then dives into practical applications of these ideas in the areas of operational, physical, network, application, and operating system security.
Acknowledgments xvii
Introduction xix
Who Should Read This Book?
xx
About This Book
xx
1 What Is Information Security? 1(22)
Defining Information Security
2(1)
When Are You Secure?
2(2)
Models for Discussing Security Issues
4(4)
The Confidentiality, Integrity, and Availability Triad
4(2)
The Parkerian Hexad
6(2)
Attacks
8(9)
Types of Attacks
8(2)
Threats, Vulnerabilities, and Risk
10(1)
Risk Management
11(4)
Incident Response
15(2)
Defense in Depth
17(3)
Summary
20(1)
Exercises
21(2)
2 Identification And Authentication 23(12)
Identification
24(1)
Who We Claim to Be
24(1)
Identity Verification
24(1)
Falsifying Identification
25(1)
Authentication
25(3)
Factors
26(1)
Multifactor Authentication
27(1)
Mutual Authentication
27(1)
Common Identification and Authentication Methods
28(5)
Passwords
28(1)
Biometrics
29(3)
Hardware Tokens
32(1)
Summary
33(1)
Exercises
33(2)
3 Authorization And Access Controls 35(16)
What Are Access Controls?
36(1)
Implementing Access Controls
37(6)
Access Control Lists
38(4)
Capabilities
42(1)
Access Control Models
43(5)
Discretionary Access Control
43(1)
Mandatory Access Control
43(1)
Rule-Based Access Control
44(1)
Role-Based Access Control
44(1)
Attribute-Based Access Control
45(1)
Multilevel Access Control
45(3)
Physical Access Controls
48(2)
Summary
50(1)
Exercises
50(1)
4 Auditing And Accountability 51(10)
Accountability
52(1)
Security Benefits of Accountability
53(2)
Nonrepudiation
54(1)
Deterrence
54(1)
Intrusion Detection and Prevention
54(1)
Admissibility of Records
55(1)
Auditing
55(4)
What Do You Audit?
56(1)
Logging
56(1)
Monitoring
57(1)
Auditing with Assessments
57(2)
Summary
59(1)
Exercises
59(2)
5 Cryptography 61(18)
The History of Cryptography
62(4)
The Caesar Cipher
62(1)
Cryptographic Machines
62(4)
Kerckhoffs's Principles
66(1)
Modern Cryptographic Tools
66(8)
Keyword Ciphers and One-Time Pads
67(1)
Symmetric and Asymmetric Cryptography
68(3)
Hash Functions
71(1)
Digital Signatures
72(1)
Certificates
73(1)
Protecting Data at Rest, in Motion, and in Use
74(3)
Protecting Data at Rest
74(1)
Protecting Data in Motion
75(1)
Protecting Data in Use
76(1)
Summary
77(1)
Exercises
77(2)
6 Compliance, Laws, And Regulations 79(16)
What Is Compliance2
79(2)
Types of Compliance
80(1)
Consequences of Noncompliance
81(1)
Achieving Compliance with Controls
81(1)
Types of Controls
81(1)
Key vs. Compensating Controls
82(1)
Maintaining Compliance
82(1)
Laws and Information Security
83(4)
Government-Related Regulatory Compliance
84(1)
Industry-Specific Regulatory Compliance
85(2)
Laws Outside of the United States
87(1)
Adopting Frameworks for Compliance
87(2)
International Organization for Standardization
88(1)
National Institute of Standards and Technology
88(1)
Custom Frameworks
89(1)
Compliance amid Technological Changes
89(3)
Compliance in the Cloud
89(2)
Compliance with Blockchain
91(1)
Compliance with Cryptocurrencies
92(1)
Summary
92(1)
Exercises
93(2)
7 Operations Security 95(12)
The Operations Security Process
96(3)
Identification of Critical Information
96(1)
Analysis of Threats
97(1)
Analysis of Vulnerabilities
97(1)
Assessment of Risks
98(1)
Application of Countermeasures
98(1)
Laws of Operations Security
99(1)
First Law: Know the Threats
99(1)
Second Law: Know What to Protect
99(1)
Third Law: Protect the Information
99(1)
Operations Security in Our Personal Lives
100(1)
Origins of Operations Security
101(3)
Sun Tzu
102(1)
George Washington
102(1)
Vietnam War
103(1)
Business
103(1)
Interagency OPSEC Support Staff
103(1)
Summary
104(1)
Exercises
105(2)
8 Human Element Security 107(14)
Gathering Information for Social Engineering Attacks
108(6)
Human Intelligence
108(1)
Open Source Intelligence
108(5)
Other Kinds of Intelligence
113(1)
Types of Social Engineering Attacks
114(2)
Pretexting
114(1)
Phishing
114(2)
Tailgating
116(1)
Building Security Awareness with Security Training Programs
116(3)
Passwords
116(1)
Social Engineering Training
117(1)
Network Usage
117(1)
Malware
118(1)
Personal Equipment
118(1)
Clean Desk Policies
119(1)
Familiarity with Policy and Regulatory Knowledge
119(1)
Summary
119(1)
Exercises
120(1)
9 Physical Security 121(12)
Identifying Physical Threats
122(1)
Physical Security Controls
122(3)
Deterrent Controls
123(1)
Detective Controls
123(1)
Preventive Controls
124(1)
Using Physical Access Controls
124(1)
Protecting People
125(2)
Physical Concerns for People
125(1)
Ensuring Safety
126(1)
Evacuation
126(1)
Administrative Controls
127(1)
Protecting Data
127(2)
Physical Concerns for Data
127(1)
Accessibility of Data
128(1)
Residual Data
129(1)
Protecting Equipment
129(3)
Physical Concerns for Equipment
129(1)
Site Selection
130(1)
Securing Access
131(1)
Environmental Conditions
131(1)
Summary
132(1)
Exercises
132(1)
10 Network Security 133(12)
Protecting Networks
134(4)
Designing Secure Networks
134(1)
Using Firewalls
135(3)
Implementing Network Intrusion Detection Systems
138(1)
Protecting Network Traffic
138(2)
Using Virtual Private Networks
139(1)
Protecting Data over Wireless Networks
139(1)
Using Secure Protocols
140(1)
Network Security Tools
140(4)
Wireless Protection Tools
141(1)
Scanners
141(1)
Packet Sniffers
142(1)
Honeypots
143(1)
Firewall Tools
143(1)
Summary
144(1)
Exercises
144(1)
11 Operating System Security 145(14)
Operating System Hardening
146(5)
Remove All Unnecessary Software
146(1)
Remove All Unessential Services
147(1)
Alter Default Accounts
148(1)
Apply the Principle of Least Privilege
149(1)
Perform Updates
150(1)
Turn On Logging and Auditing
150(1)
Protecting Against Malware
151(2)
Anti-malware Tools
151(1)
Executable Space Protection
151(1)
Software Firewalls and Host Intrusion Detection
152(1)
Operating System Security Tools
153(4)
Scanners
153(2)
Vulnerability Assessment Tools
155(1)
Exploit Frameworks
156(1)
Summary
157(1)
Exercises
157(2)
12 Mobile, Embedded, And Internet Of Things Security 159(14)
Mobile Security
160(4)
Protecting Mobile Devices
160(2)
Mobile Security Issues
162(2)
Embedded Security
164(3)
Where Embedded Devices Are Used
164(2)
Embedded Device Security Issues
166(1)
Internet of Things Security
167(4)
What Is an IoT Device?
167(2)
IoT Security Issues
169(2)
Summary
171(1)
Exercises
171(2)
13 Application Security 173(18)
Software Development Vulnerabilities
174(4)
Buffer Overflows
175(1)
Race Conditions
175(1)
Input Validation Attacks
176(1)
Authentication Attacks
177(1)
Authorization Attacks
177(1)
Cryptographic Attacks
178(1)
Web Security
178(3)
Client-Side Attacks
178(1)
Server-Side Attacks
179(2)
Database Security
181(3)
Protocol Issues
182(1)
Unauthenticated Access
183(1)
Arbitrary Code Execution
183(1)
Privilege Escalation
183(1)
Application Security Tools
184(4)
Sniffers
184(2)
Web Application Analysis Tools
186(2)
Fuzzers
188(1)
Summary
188(1)
Exercises
189(2)
14 Assessing Security 191(16)
Vulnerability Assessment
191(4)
Mapping and Discovery
192(1)
Scanning
193(1)
Technological Challenges for Vulnerability Assessment
194(1)
Penetration Testing
195(7)
The Penetration Testing Process
196(1)
Classifying Penetration Tests
197(1)
Targets of Penetration Tests
198(2)
Bug Bounty Programs
200(1)
Technological Challenges for Penetration Testing
201(1)
Does This Really Mean You're Secure?
202(3)
Realistic Testing
202(1)
Can You Detect Your Own Attacks?
203(1)
Secure Today Doesn't Mean Secure Tomorrow
204(1)
Fixing Security Holes Is Expensive
205(1)
Summary
205(1)
Exercises
206(1)
Notes 207(8)
Index 215
Dr. Jason Andress is a seasoned security professional, security researcher, and technophile. He has been writing on security topics for over a decade, covering data security, network security, hardware security, penetration testing, and digital forensics, among others.