Computer security Books

Book SynopsisUncover hidden patterns of data and respond with countermeasures Security professionals need all the tools at their disposal to increase their visibility in order to prevent security breaches and attacks. This careful guide explores two of the most powerful data analysis and visualization. You''ll soon understand how to harness and wield data, from collection and storage to management and analysis as well as visualization and presentation. Using a hands-on approach with real-world examples, this book shows you how to gather feedback, measure the effectiveness of your security methods, and make better decisions. Everything in this book will have practical application for information security professionals. Helps IT and security professionals understand and use data, so they can thwart attacks and understand and visualize vulnerabilities in their networks Includes more than a dozen real-world examples and hands-on exercises that demonstrate hTable of ContentsIntroduction xv Chapter 1 The Journey to Data-Driven Security 1 A Brief History of Learning from Data 2 Nineteenth Century Data Analysis 2 Twentieth Century Data Analysis 3 Twenty-First Century Data Analysis 4 Gathering Data Analysis Skills 5 Domain Expertise 6 Programming Skills 8 Data Management 10 Statistics 12 Visualization (aka Communication) 14 Combining the Skills 15 Centering on a Question 16 Creating a Good Research Question 17 Exploratory Data Analysis 18 Summary 18 Recommended Reading 19 Chapter 2 Building Your Analytics Toolbox: A Primer on Using R and Python for Security Analysis 21 Why Python? Why R? And Why Both? 22 Why Python? 23 Why R? 23 Why Both? 24 Jumpstarting Your Python Analytics with Canopy 24 Understanding the Python Data Analysis and Visualization Ecosystem 25 Setting Up Your R Environment 29 Introducing Data Frames 33 Organizing Analyses 36 Summary 37 Recommended Reading 38 Chapter 3 Learning the "Hello World" of Security Data Analysis 39 Solving a Problem 40 Getting Data41 Reading In Data 43 Exploring Data 47 Homing In on a Question 58 Summary 70 Recommended Reading 70 Chapter 4 Performing Exploratory Security Data Analysis 71 Dissecting the IP Address73 Representing IP Addresses 73 Segmenting and Grouping IP Addresses 75 Locating IP Addresses 77 Augmenting IP Address Data80 Association/Correlation, Causation, and Security Operations Center Analysts Gone Rogue 86 Mapping Outside the Continents90 Visualizing the ZeuS Botnet 92 Visualizing Your Firewall Data 98 Summary 100 Recommended Reading101 Chapter 5 From Maps to Regression 103 Simplifying Maps 105 How Many ZeroAccess Infections per Country? 108 Changing the Scope of Your Data 111 The Potwin Effect 113 Is This Weird? 117 Counting in Counties 120 Moving Down to Counties 122 Introducing Linear Regression 125 Understanding Common Pitfalls in Regression Analysis 130 Regression on ZeroAccess Infections 131 Summary 136 Recommended Reading 136 Chapter 6 Visualizing Security Data 137 Why Visualize? 138 Unraveling Visual Perception 139 Understanding the Components of Visual Communications 144 Avoiding the Third Dimension 144 Using Color 146 Putting It All Together 148 Communicating Distributions 154 Visualizing Time Series 156 Experiment on Your Own 157 Turning Your Data into a Movie Star 158 Summary 159 Recommended Reading 160 Chapter 7 Learning from Security Breaches 161 Setting Up the Research 162 Considerations in a Data Collection Framework 164 Aiming for Objective Answers 164 Limiting Possible Answers 164 Allowing "Other," and "Unknown" Options 164 Avoiding Conflation and Merging the Minutiae 165 An Introduction to VERIS 166 Incident Tracking 168 Threat Actor 168 Threat Actions 169 Information Assets 173 Attributes 173 Discovery/Response 176 Impact 176 Victim 177 Indicators 179 Extending VERIS with Plus 179 Seeing VERIS in Action 179 Working with VCDB Data 181 Getting the Most Out of VERIS Data 185 Summary 189 Recommended Reading 189 Chapter 8 Breaking Up with Your Relational Database 191 Realizing the Container Has Constraints 195 Constrained by Schema 196 Constrained by Storage 198 Constrained by RAM 199 Constrained by Data 200 Exploring Alternative Data Stores 200 BerkeleyDB 201 Redis 203 Hive 207 MongoDB 210 Special Purpose Databases 214 Summary 215 Recommended Reading 216 Chapter 9 Demystifying Machine Learning 217 Detecting Malware 218 Developing a Machine Learning Algorithm 220 Validating the Algorithm 221 Implementing the Algorithm 222 Benefiting from Machine Learning 226 Answering Questions with Machine Learning 226 Measuring Good Performance 227 Selecting Features 228 Validating Your Model 230 Specific Learning Methods 230 Supervised 231 Unsupervised 234 Hands On: Clustering Breach Data 236 Multidimensional Scaling on Victim Industries 238 Hierarchical Clustering on Victim Industries 240 Summary 242 Recommended Reading 243 Chapter 10 Designing Effective Security Dashboards 245 What Is a Dashboard, Anyway? 246 A Dashboard Is Not an Automobile 246 A Dashboard Is Not a Report 248 A Dashboard Is Not a Moving Van 251 A Dashboard Is Not an Art Show 253 Communicating and Managing "Security" through Dashboards 258 Lending a Hand to Handlers 258 Raising Dashboard Awareness 260 The Devil (and Incident Response Delays) Is in the Details 262 Projecting "Security" 263 Summary 267 Recommended Reading 267 Chapter 11 Building Interactive Security Visualizations 269 Moving from Static to Interactive270 Interaction for Augmentation 271 Interaction for Exploration 274 Interaction for Illumination 276 Developing Interactive Visualizations 281 Building Interactive Dashboards with Tableau 281 Building Browser-Based Visualizations with D3 284 Summary 294 Recommended Reading 295 Chapter 12 Moving Toward Data-Driven Security 297 Moving Yourself toward Data-Driven Security 298 The Hacker 299 The Statistician 302 The Security Domain Expert 302 The Danger Zone 303 Moving Your Organization toward Data-Driven Security 303 Ask Questions That Have Objective Answers 304 Find and Collect Relevant Data 304 Learn through Iteration 305 Find Statistics 306 Summary 308 Recommended Reading 308 Appendix A Resources and Tools 309 Appendix B References 313 Index 321

Read more less

a huge range and FREE tracked UK delivery on ALL orders.

Read more less

Book SynopsisAs a result of a rigorous, methodical process that (ISC) follows to routinely update its credential exams, it has announced that enhancements will be made to both the Certified Information Systems Security Professional (CISSP) credential, beginning April 15, 2015. (ISC) conducts this process on a regular basis to ensure that the examinations and subsequent training and continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing information security professionals.Refreshed technical content has been added to the official (ISC) CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced informationTable of ContentsDomain 1 — Security & Risk Management. Domain 2 — Asset Security. Domain 3 — Security Engineering. Domain 4 — Communications & Network Security. Domain 5 — Identity & Access Management. Domain 6 — Security Assessment & Testing. Domain 7 — Security Operations. Domain 8 — Security in the Software Development Life Cycle.

Read more less

Book SynopsisDr. William Stallings has authored 19 titles and, counting revised editions, more than 40 books on computer security, computer networking and computer architecture. His writings have appeared in numerous publications, including the Proceedings of the IEEE, ACM Computing Reviews and Cryptologia. He has 13 times received the award for the best Computer Science textbook of the year from the Text and Academic Authors Association. In over 30 years in the field, he has been a technical contributor, technical manager and an executive with several high-technology firms. He has designed and implemented both TCP/IP-based and OSI-based protocol suites on a variety of computers and operating systems, ranging from microcomputers to mainframes. As a consultant, he has advised government agencies, computer and software vendors, and major users on the design, selection and use of networking software and products. He created and maintains the

Read more less

Book SynopsisTable of ContentsIntroduction xxxi Chapter 1 Today’s Security Professional 1 Cybersecurity Objectives 2 Data Breach Risks 3 The DAD Triad 4 Breach Impact 5 Implementing Security Controls 7 Gap Analysis 7 Security Control Categories 8 Security Control Types 9 Data Protection 10 Data Encryption 11 Data Loss Prevention 11 Data Minimization 12 Access Restrictions 13 Segmentation and Isolation 13 Summary 13 Exam Essentials 14 Review Questions 16 Chapter 2 Cybersecurity Threat Landscape 21 Exploring Cybersecurity Threats 23 Classifying Cybersecurity Threats 23 Threat Actors 25 Attacker Motivations 31 Threat Vectors and Attack Surfaces 32 Threat Data and Intelligence 35 Open Source Intelligence 35 Proprietary and Closed- Source Intelligence 38 Assessing Threat Intelligence 39 Threat Indicator Management and Exchange 40 Information Sharing Organizations 41 Conducting Your Own Research 42 Summary 42 Exam Essentials 43 Review Questions 45 Chapter 3 Malicious Code 49 Malware 50 Ransomware 51 Trojans 52 Worms 54 Spyware 55 Bloatware 56 Viruses 57 Keyloggers 59 Logic Bombs 60 Rootkits 60 Summary 62 Exam Essentials 62 Review Questions 64 Chapter 4 Social Engineering and Password Attacks 69 Social Engineering and Human Vectors 70 Social Engineering Techniques 71 Password Attacks 76 Summary 78 Exam Essentials 78 Review Questions 80 Chapter 5 Security Assessment and Testing 85 Vulnerability Management 87 Identifying Scan Targets 87 Determining Scan Frequency 89 Configuring Vulnerability Scans 91 Scanner Maintenance 95 Vulnerability Scanning Tools 98 Reviewing and Interpreting Scan Reports 101 Confirmation of Scan Results 111 Vulnerability Classification 112 Patch Management 112 Legacy Platforms 113 Weak Configurations 115 Error Messages 115 Insecure Protocols 116 Weak Encryption 117 Penetration Testing 118 Adopting the Hacker Mindset 119 Reasons for Penetration Testing 120 Benefits of Penetration Testing 120 Penetration Test Types 121 Rules of Engagement 123 Reconnaissance 125 Running the Test 125 Cleaning Up 126 Audits and Assessments 126 Security Tests 127 Security Assessments 128 Security Audits 129 Vulnerability Life Cycle 131 Vulnerability Identification 131 Vulnerability Analysis 132 Vulnerability Response and Remediation 132 Validation of Remediation 132 Reporting 133 Summary 133 Exam Essentials 134 Review Questions 136 Chapter 6 Application Security 141 Software Assurance Best Practices 143 The Software Development Life Cycle 143 Software Development Phases 144 DevSecOps and DevOps 146 Designing and Coding for Security 147 Secure Coding Practices 148 API Security 149 Software Security Testing 149 Analyzing and Testing Code 150 Injection Vulnerabilities 151 SQL Injection Attacks 151 Code Injection Attacks 155 Command Injection Attacks 155 Exploiting Authentication Vulnerabilities 156 Password Authentication 156 Session Attacks 157 Exploiting Authorization Vulnerabilities 160 Insecure Direct Object References 161 Directory Traversal 161 File Inclusion 163 Privilege Escalation 163 Exploiting Web Application Vulnerabilities 164 Cross- Site Scripting (XSS) 164 Request Forgery 167 Application Security Controls 168 Input Validation 168 Web Application Firewalls 170 Parameterized Queries 170 Sandboxing 171 Code Security 171 Secure Coding Practices 173 Source Code Comments 174 Error Handling 174 Hard- Coded Credentials 175 Package Monitoring 175 Memory Management 176 Race Conditions 177 Unprotected APIs 178 Automation and Orchestration 178 Use Cases of Automation and Scripting 179 Benefits of Automation and Scripting 179 Other Considerations 180 Summary 181 Exam Essentials 181 Review Questions 183 Chapter 7 Cryptography and the PKI 189 An Overview of Cryptography 190 Historical Cryptography 191 Goals of Cryptography 196 Confidentiality 197 Integrity 199 Authentication 200 Non-repudiation 200 Cryptographic Concepts 200 Cryptographic Keys 201 Ciphers 202 Modern Cryptography 202 Cryptographic Secrecy 202 Symmetric Key Algorithms 204 Asymmetric Key Algorithms 205 Hashing Algorithms 208 Symmetric Cryptography 208 Data Encryption Standard 208 Advanced Encryption Standard 209 Symmetric Key Management 209 Asymmetric Cryptography 211 RSA 212 Elliptic Curve 213 Hash Functions 214 Sha 215 md 5 216 Digital Signatures 216 HMAC 217 Public Key Infrastructure 218 Certificates 218 Certificate Authorities 219 Certificate Generation and Destruction 220 Certificate Formats 223 Asymmetric Key Management 224 Cryptographic Attacks 225 Brute Force 225 Frequency Analysis 225 Known Plain Text 226 Chosen Plain Text 226 Related Key Attack 226 Birthday Attack 226 Downgrade Attack 227 Hashing, Salting, and Key Stretching 227 Exploiting Weak Keys 228 Exploiting Human Error 228 Emerging Issues in Cryptography 229 Tor and the Dark Web 229 Blockchain 229 Lightweight Cryptography 230 Homomorphic Encryption 230 Quantum Computing 230 Summary 231 Exam Essentials 231 Review Questions 233 Chapter 8 Identity and Access Management 237 Identity 239 Authentication and Authorization 240 Authentication and Authorization Technologies 241 Authentication Methods 246 Passwords 247 Multifactor Authentication 251 One- Time Passwords 252 Biometrics 254 Accounts 256 Account Types 256 Provisioning and Deprovisioning Accounts 257 Access Control Schemes 259 Filesystem Permissions 260 Summary 262 Exam Essentials 262 Review Questions 264 Chapter 9 Resilience and Physical Security 269 Resilience and Recovery in Security Architectures 271 Architectural Considerations and Security 273 Storage Resiliency 274 Response and Recovery Controls 280 Capacity Planning for Resilience and Recovery 283 Testing Resilience and Recovery Controls and Designs 284 Physical Security Controls 285 Site Security 285 Detecting Physical Attacks 291 Summary 291 Exam Essentials 292 Review Questions 294 Chapter 10 Cloud and Virtualization Security 299 Exploring the Cloud 300 Benefits of the Cloud 301 Cloud Roles 303 Cloud Service Models 303 Cloud Deployment Models 307 Private Cloud 307 Shared Responsibility Model 309 Cloud Standards and Guidelines 312 Virtualization 314 Hypervisors 314 Cloud Infrastructure Components 316 Cloud Compute Resources 316 Cloud Storage Resources 319 Cloud Networking 322 Cloud Security Issues 325 Availability 325 Data Sovereignty 326 Virtualization Security 327 Application Security 327 Governance and Auditing of Third- Party Vendors 328 Hardening Cloud Infrastructure 328 Cloud Access Security Brokers 328 Resource Policies 329 Secrets Management 330 Summary 331 Exam Essentials 331 Review Questions 333 Chapter 11 Endpoint Security 337 Operating System Vulnerabilities 339 Hardware Vulnerabilities 340 Protecting Endpoints 341 Preserving Boot Integrity 342 Endpoint Security Tools 344 Hardening Techniques 350 Hardening 350 Service Hardening 350 Network Hardening 352 Default Passwords 352 Removing Unnecessary Software 353 Operating System Hardening 353 Configuration, Standards, and Schemas 356 Encryption 357 Securing Embedded and Specialized Systems 358 Embedded Systems 358 SCADA and ICS 361 Securing the Internet of Things 362 Communication Considerations 363 Security Constraints of Embedded Systems 364 Asset Management 365 Summary 368 Exam Essentials 369 Review Questions 371 Chapter 12 Network Security 375 Designing Secure Networks 377 Infrastructure Considerations 380 Network Design Concepts 380 Network Segmentation 383 Zero Trust 385 Network Access Control 387 Port Security and Port- Level Protections 388 Virtual Private Networks and Remote Access 390 Network Appliances and Security Tools 392 Deception and Disruption Technology 399 Network Security, Services, and Management 400 Secure Protocols 406 Using Secure Protocols 406 Secure Protocols 407 Network Attacks 410 On- Path Attacks 411 Domain Name System Attacks 412 Credential Replay Attacks 414 Malicious Code 415 Distributed Denial- of- Service Attacks 415 Summary 418 Exam Essentials 419 Review Questions 421 Chapter 13 Wireless and Mobile Security 425 Building Secure Wireless Networks 426 Connection Methods 427 Wireless Network Models 431 Attacks Against Wireless Networks and Devices 432 Designing a Network 435 Controller and Access Point Security 438 Wi- Fi Security Standards 438 Wireless Authentication 440 Managing Secure Mobile Devices 442 Mobile Device Deployment Methods 442 Hardening Mobile Devices 444 Mobile Device Management 444 Summary 448 Exam Essentials 449 Review Questions 450 Chapter 14 Monitoring and Incident Response 455 Incident Response 457 The Incident Response Process 458 Training 462 Threat Hunting 463 Understanding Attacks and Incidents 464 Incident Response Data and Tools 466 Monitoring Computing Resources 466 Security Information and Event Management Systems 466 Alerts and Alarms 469 Log Aggregation, Correlation, and Analysis 470 Rules 471 Benchmarks and Logging 478 Reporting and Archiving 478 Mitigation and Recovery 479 Secure Orchestration, Automation, and Response (SOAR) 479 Containment, Mitigation, and Recovery Techniques 479 Root Cause Analysis 482 Summary 483 Exam Essentials 484 Review Questions 485 Chapter 15 Digital Forensics 489 Digital Forensic Concepts 490 Legal Holds and e- Discovery 491 Conducting Digital Forensics 493 Acquiring Forensic Data 493 Acquisition Tools 497 Validating Forensic Data Integrity 500 Data Recovery 502 Forensic Suites and a Forensic Case Example 503 Reporting 507 Digital Forensics and Intelligence 508 Summary 508 Exam Essentials 509 Review Questions 511 Chapter 16 Security Governance and Compliance 515 Security Governance 518 Corporate Governance 518 Governance, Risk, and Compliance Programs 520 Information Security Governance 520 Types of Governance Structures 521 Understanding Policy Documents 521 Policies 522 Standards 524 Procedures 526 Guidelines 528 Exceptions and Compensating Controls 529 Monitoring and Revision 530 Change Management 531 Change Management Processes and Controls 532 Version Control 534 Documentation 535 Personnel Management 535 Least Privilege 535 Separation of Duties 535 Job Rotation and Mandatory Vacations 536 Clean Desk Space 536 Onboarding and Offboarding 536 Nondisclosure Agreements 537 Social Media 537 Third- Party Risk Management 537 Vendor Selection 537 Vendor Assessment 538 Vendor Agreements 538 Vendor Monitoring 539 Winding Down Vendor Relationships 540 Complying with Laws and Regulations 540 Common Compliance Requirements 541 Compliance Reporting 541 Consequences of Noncompliance 542 Compliance Monitoring 543 Adopting Standard Frameworks 543 NIST Cybersecurity Framework 544 NIST Risk Management Framework 546 ISO Standards 547 Benchmarks and Secure Configuration Guides 549 Security Awareness and Training 550 User Training 551 Ongoing Awareness Efforts 553 Summary 554 Exam Essentials 555 Review Questions 557 Chapter 17 Risk Management and Privacy 561 Analyzing Risk 563 Risk Identification 564 Risk Assessment 565 Risk Analysis 567 Managing Risk 570 Risk Mitigation 571 Risk Avoidance 572 Risk Transference 572 Risk Acceptance 573 Risk Tracking 574 Risk Register 575 Risk Reporting 576 Disaster Recovery Planning 577 Disaster Types 577 Business Impact Analysis 578 Privacy 578 Data Inventory 579 Information Classification 580 Data Roles and Responsibilities 581 Information Life Cycle 583 Privacy Enhancing Technologies 584 Privacy and Data Breach Notification 585 Summary 585 Exam Essentials 585 Review Questions 587 Appendix Answers to Review Questions 591 Chapter 1: Today’s Security Professional 592 Chapter 2: Cybersecurity Threat Landscape 593 Chapter 3: Malicious Code 595 Chapter 4: Social Engineering and Password Attacks 597 Chapter 5: Security Assessment and Testing 600 Chapter 6: Application Security 602 Chapter 7: Cryptography and the PKI 604 Chapter 8: Identity and Access Management 605 Chapter 9: Resilience and Physical Security 607 Chapter 10: Cloud and Virtualization Security 609 Chapter 11: Endpoint Security 611 Chapter 12: Network Security 614 Chapter 13: Wireless and Mobile Security 616 Chapter 14: Monitoring and Incident Response 619 Chapter 15: Digital Forensics 621 Chapter 16: Security Governance and Compliance 623 Chapter 17: Risk Management and Privacy 626 Index 629

Read more less

Book SynopsisProvides 100% coverage of every objective on the 2022 CISM examThis integrated self-study guide enables you to take the 2022 version of the challenging CISM exam with complete confidence. Written by an expert in the field, the book offers exam-focused coverage of information security governance, information risk management, information security program development and management, and information security incident management.CISM Certified Information Security Manager All-in-One Exam Guide, Second Edition features learning objectives, exam tips, practice questions, and in-depth explanations. All questions closely match those on the live test in tone, format, and content. Special design elements throughout provide real-world insight and call out potentially harmful situations. Beyond fully preparing you for the exam, the book also serves as a valuable on-the-job reference. Features complete coverage of all 2022 CISM exam domains Online co

Read more less

Book SynopsisToday, companies find themselves targeted by sophisticated nation state cyber attackers armed with the resources to craft scarily effective campaigns. This book is a detailed guide to understanding the major players, the techniques they use, and the process of analysing their advanced attacks. Whether you're an individual researcher or part of a team within a Security Operations Center (SoC), you'll learn to approach, track, and attribute attacks to these advanced actors. Jon DiMaggio demonstrates some of the techniques he has employed to uncover crucial information about the 2021 Colonial Pipeline attacks, among others.Trade Review"Encompasses useful knowledge from the past and modern advanced threats seen today. Regardless of your expertise level, this book is an insightful read . . .”—Brittany Day, Director of Communications, Guardian Digital“For those looking for a guide to help them understand the new world of cyberwar, The Art of Cyberwarfare provides readers with a good overview of this expanding threat and what they can do to avoid being victims.”—Ben Rothke, Senior Information Security Manager, Tapad"An informative and explanatory guide for cybersecurity experts and an enlightening read for novices. DiMaggio effectively details both the history of cybercrime and how it is seen today."—Justice Levine, Communications Manager and Cloud Email Security Expert, Guardian Digital"This book deserves to find a place on the shelf of everyone whose role involves protecting networks."—Ian Barker, BetaNews"A cross between an IBM presentation . . . and a Tom Clancy novel!"—The Shepherdess, Amazon Reviewer

Read more less

Book SynopsisCryptography is a part of everyday life for almost all of us, though we may not realise we''re using it.We are a far cry from the historical prediction that cryptography would only be used by militaries and governments. With vast quantities of sensitive information transferred online by individuals, companies, organizations, and nation states, cryptography is increasingly important to everyone, and most of us, often without realising, use it daily. Cryptography: A Very Short Introduction demystifies the art of cryptography by tracing its historical use, explaining how it works, and providing examples of its practical use. These include online shopping, chip and PIN bank cards, and communicating via mobile phone. While many of these uses have been mainstream for some time now, the development and deployment of cryptography has changed enormously in the last twenty years.In this second edition, Sean Murphy and Rachel Player highlight the important advances in both academic cryptography research and its everyday use. Using non-technical language and without assuming advanced mathematical knowledge, they introduce symmetric and public-key cryptography and provide a detailed discussion of the design of cryptographic algorithms that are secure against quantum computers and the development of cryptographic algorithms with advanced functionalities. They also consider the new applications of cryptography such as blockchain, secure messaging apps, and electronic voting.ABOUT THE SERIES: The Very Short Introductions series from Oxford University Press contains hundreds of titles in almost every subject area. These pocket-sized books are the perfect way to get ahead in a new subject quickly. Our expert authors combine facts, analysis, perspective, new ideas, and enthusiasm to make interesting and challenging topics highly readable.

Read more less

Book SynopsisSecure your applications with help from your favorite Jedi masters In Threats: What Every Engineer Should Learn From Star Wars, accomplished security expert and educator Adam Shostack delivers an easy-to-read and engaging discussion of security threats and how to develop secure systems. The book will prepare you to take on the Dark Side as you learnin a structured and memorable wayabout the threats to your systems. You'll move from thinking of security issues as clever one-offs and learn to see the patterns they follow. This book brings to light the burning questions software developers should be asking about securing systems, and answers them in a fun and entertaining way, incorporating cybersecurity lessons from the much-loved Star Wars series. You don't need to be fluent in over 6 million forms of exploitation to face these threats with the steely calm of a Jedi master. You'll also find: Understandable and memorable introductions to the most important threats that every engineer should knowStraightforward software security frameworks that will help engineers bake security directly into their systemsStrategies to align large teams to achieve application security in today's fast-moving and agile worldStrategies attackers use, like tampering, to interfere with the integrity of applications and systems, and the kill chains that combine these threats into fully executed campaignsAn indispensable resource for software developers and security engineers, Threats: What Every Engineer Should Learn From Star Wars belongs on the bookshelves of everyone delivering or operating technology: from engineers to executives responsible for shipping secure code.Table of ContentsPreface xi Introduction xv 1 Spoofing and Authenticity 1 2 Tampering and Integrity 41 3 Repudiation and Proof 63 4 Information Disclosure and Confidentiality 95 5 Denial of Service and Availability 131 6 Expansion of Authority and Isolation 151 7 Predictability and Randomness 187 8 Parsing and Corruption 211 9 Kill Chains 249 Epilogue 291 Glossary 295 Bibliography 303 Story Index 317 Index 323

Read more less

Book SynopsisCharles P. Pfleeger is an internationally known expert on computer and communications security. He spent 14 years as professor of computer science at the University of Tennessee, before moving on to computer research and consulting company, Trusted Information Systems, where he was director of European operations and senior consultant. He was also director of research, member of the staff, and chief security officer at Cable and Wireless. He has chaired the IEEE Computer Society Technical Committee on Security and Privacy and was on the editorial board of IEEE Security & Privacy magazine. Shari Lawrence Pfleeger is a widely known software engineering and computer security researcher. She served as president of Systems/Software and then as senior researcher with the Rand Corporation. As research director of the Institute for Information Infrastructure Protection, she oversaw large, high-impact computer security research projects for iTable of ContentsForeword xixPreface xxvAcknowledgments xxxiAbout the Authors xxxiii Chapter 1: Introduction 11.1 What Is Computer Security? 31.2 Threats 61.3 Harm 241.4 Vulnerabilities 301.5 Controls 301.6 Conclusion 331.7 What's Next? 341.8 Exercises 36 Chapter 2: Toolbox: Authentication, Access Control, and Cryptography 382.1 Authentication 402.2 Access Control 782.3 Cryptography 932.4 Conclusion 1372.5 Exercises 138 Chapter 3: Programs and Programming 1413.1 Unintentional (Nonmalicious) Programming Oversights 1433.2 Malicious Code--Malware 1783.3 Countermeasures 2113.4 Conclusion 2453.5 Exercises 245 Chapter 4: The Internet--User Side 2484.1 Browser Attacks 2514.2 Attacks Targeting Users 2654.3 Obtaining User or Website Data 2804.4 Mobile Apps 2894.5 Email and Message Attacks 3104.6 Conclusion 3204.7 Exercises 321 Chapter 5: Operating Systems 3235.1 Security in Operating Systems 3235.2 Security in the Design of Operating Systems 3515.3 Rootkits 3715.4 Conclusion 3825.5 Exercises 382 Chapter 6: Networks 3856.1 Network Concepts 386Part I--War on Networks: Network Security Attacks 3996.2 Threats to Network Communications 4006.3 Wireless Network Security 4216.4 Denial of Service 4436.5 Distributed Denial of Service 468Part II--Strategic Defenses: Security Countermeasures 4796.6 Cryptography in Network Security 4796.7 Firewalls 4976.8 Intrusion Detection and Prevention Systems 5226.9 Network Management 5366.10 Conclusion 5456.11 Exercises 545 Chapter 7: Data and Databases 5497.1 Introduction to Databases 5507.2 Security Requirements of Databases 5557.3 Reliability and Integrity 5617.4 Database Disclosure 5667.5 Data Mining and Big Data 5857.6 Conclusion 5997.7 Exercises 599 Chapter 8: New Territory 6018.1 Introduction 6018.2 Cloud Architectures and Their Security 6058.3 IoT and Embedded Devices 6278.4 Cloud, IoT, and Embedded Devices--The Smart Home 6388.5 Smart Cities, IoT, Embedded Devices, and Cloud 6438.6 Cloud, IoT, and Critical Services 6488.7 Conclusion 6578.8 Exercises 658 Chapter 9: Privacy 6599.1 Privacy Concepts 6609.2 Privacy Principles and Policies 6719.3 Authentication and Privacy 6889.4 Data Mining 6949.5 Privacy on the Internet 6989.6 Email and Message Security 7139.7 Privacy Impacts of Newer Technologies 7179.8 Conclusion 7249.9 Exercises 725 Chapter 10: Management and Incidents 72710.1 Security Planning 72710.2 Business Continuity Planning 73810.3 Handling Incidents 74210.4 Risk Analysis 74910.5 Physical Threats to Systems 76710.6 New Frontiers in Security Management 77610.7 Conclusion 77810.8 Exercises 779 Chapter 11: Legal Issues and Ethics 78111.1 Protecting Programs and Data 78311.2 Information and the Law 80011.3 Rights of Employees and Employers 80511.4 Redress for Software Failures 80811.5 Computer Crime 81411.6 Ethical Issues in Computer Security 82211.7 An Ethical Dive into Artificial Intelligence 82811.8 Incident Analyses with Ethics 83011.9 Conclusion 84611.10 Exercises 847 Chapter 12: Details of Cryptography 85012.1 Cryptology 85112.2 Symmetric Encryption Algorithms 86312.3 Asymmetric Encryption 87712.4 Message Digests 88312.5 Digital Signatures 88812.6 Quantum Key Distribution 88912.7 Conclusion 894 Chapter 13: Emerging Topics 89513.1 AI and Cybersecurity 89613.2 Blockchains and Cryptocurrencies 90813.3 Offensive Cyber and Cyberwarfare 92413.4 Quantum Computing and Computer Security 93613.5 Conclusion 937 Bibliography 939Index 963

Read more less

Book SynopsisYou'll learn how REST and GraphQL APIs work in the wild and set up a streamlined API testing lab with Burp Suite and Postman. Then you'll master tools useful for reconnaissance, endpoint analysis, and fuzzing, such as Kiterunner. Next, you'll learn to perform common attacks, like those targeting an API's authentication mechanisms and the injection vulnerabilities commonly found in web applications. You'll also learn techniques for bypassing protections against these attacks so that you can uncover API bugs other hackers aren't finding and improve the security of applications on the web.Trade Review"Corey Ball takes you on a journey through the lifecycle of APIs in such a manner that you’re wanting to not only know more, but also anticipating trying out your newfound knowledge on the next legitimate target. From concepts to examples, through to identifying tools and demonstrating them in fine detail, this book has it all. It IS the motherload for API hacking, and should be found next to the desk, well-read by ANYONE wanting to take this level of adversarial research, assessment, or DevSecOps seriously."—Chris Roberts, @Sidragon1, vCISO/Researcher/Hacker"This book opens the doors to the field of API Hacking, a subject not very well understood. Using real-world examples that emphasize Access Control issues, this book will help you understand the ins and outs of securing APIs, hunt great bounties, and help organizations improve their API Security!"—Inon Shkedy, @InonShkedy, Security Researcher"Even though the internet is filled with information on any topic possible in cybersecurity, it is still hard to find solid insight on performing penetration tests on APIs. Corey's book satisfies this demand—not only for the beginner cybersecurity practitioner, but also for the seasoned expert."—Cristi Vlad, @CristiVlad25, Cybersecurity Researcher"Hacking APIs is extremely helpful for anyone who wants to get into penetration testing. In particular, this book gives you the tools to start testing the security of APIs, which are becoming a weak point for many modern web applications. Experienced security folks can get something out of the book too, as it features automation tips and protection bypass techniques that will up any pentesters' game."—Vickie Li, @vickieli7, Developer Evangelist, Author of Bug Bounty Bootcamp"[Hacking APIs is] the best source of API info I've seen. If you're curious about what APIs are and how they work, read it once. If you work with or create APIs, read it twice. If you break APIs, read it three times."—Graham Helton, @GrahamHelton3"One of the few books that is actually dedicated to API hacking. . . . a great resource for anyone who wants to learn more about API security and how to hack into web applications. It provides in-depth information on how to break through various types of APIs, as well as tips on how to stay ahead of the curve in this rapidly changing field." —Dana Epp, Security Boulevard"This book has more to offer than hacking APIs but sets down a solid foundation of tools and techniques that would benefit any developer or QA Engineer that has to develop, test, or otherwise work with APIs." —John Wenning, Cybersecurity Researcher, Fortra"A thorough guide to what APIs are, how they work, what technologies they use, the various common insecurities that APIs have, and, most importantly, how to exploit them. . . . I would recommend Hacking APIs as a great read for anyone interested in learning more about the vulnerable side of APIs."—Darlene Hibbs, Senior Cybersecurity Researcher, Fortra

Read more less

Book SynopsisThreats to application security continue to evolve just as quickly as the systems that protect against cyber-threats. In many instances, traditional firewalls and other conventional controls can no longer get the job done. The latest line of defense is to build security features into software as it is being developed. Drawing from the author's extensive experience as a developer, Secure Software Development: Assessing and Managing Security Risks illustrates how software application security can be best, and most cost-effectively, achieved when developers monitor and regulate risks early on, integrating assessment and management into the development life cycle. This book identifies the two primary reasons for inadequate security safeguards: Development teams are not sufficiently trained to identify risks; and developers falsely believe that pre-existing perimeter security controls are adequate to protect newer software. Examining curreTable of ContentsCurrent trends in application security. Risk assessment methodologies. Identifying threats. Identification of Vulnerabilities. Identification of Assets. Analyzing Risks. Managing Risks. Looking at risk assessment and risk management within the phases of the software development life cycle. Maintaining a risk assessment and risk management process.

Read more less

Book SynopsisReaders learn how to leverage human psychology and publicly available information to attack a target. The book includes sections on how to evade detection, spear phish, generate reports, and protect victims to ensure their well-being. Readers learn how to collect information about a target and how to exploit that information to make their attacks more effective. They also learn how to defend themselves or their workplace against social engineering attacks.Trade Review"Gray provides a very accessible look at social engineering that should be essential reading for pentesters and ethical hackers." -Ian Barker, BetaNews "I really liked the way that [Joe] lays out tools to use, including walking through where to download them from and install them . . . as beginner-friendly and as easy to use as possible." -Patrick Laverty, Layer 8 PodcastTable of ContentsIntroduction Part 1: The Basics Chapter 1: What is Social Engineering? Chapter 2: Ethical Considerations in Social Engineering Part 2: Offensive Social Engineering Chapter 3: Preparing for an Attack Chapter 4: Gathering Business OSINT Chapter 5: Social Media and Public Documents Chapter 6: Gathering OSINT About People Chapter 7: Phishing Chapter 8: Cloning a Landing Page Chapter 9: Detection, Measurement, and Reporting Part 3: Defending Against Social Engineering Chapter 10: Proactive Defense Techniques Chapter 11: Technical Email Controls Chapter 12: Producing Threat Intelligence Appendix A: Scoping Worksheet Appendix B: Reporting Template Appendix C: Information Gathering Worksheet Appendix D: Pretexting Samples Appendix E: Exercises to Improve Your Social Engineering

Read more less

Book SynopsisOmar Santos is a cybersecurity thought leader with a passion for driving industry-wide initiatives to enhance the security of critical infrastructures. Omar is the lead of the DEF CON Red Team Village, the chair of the Common Security Advisory Framework (CSAF) technical committee, and board member of the OASIS Open standards organization. Omar's collaborative efforts extend to numerous organizations, including the Forum of Incident Response and Security Teams (FIRST) and the Industry Consortium for Advancement of Security on the Internet (ICASI).   Omar is a renowned expert in ethical hacking, vulnerability research, incident response, and AI security. He employs his deep understanding of these disciplines to help organizations stay ahead of emerging threats. His dedication to cybersecurity has made a significant impact on businesses, academic institutions, law enforcement agencies, and other entities striving to bolster their security measures. OTable of Contents Introduction xxxi Chapter 1 Cybersecurity Fundamentals 2 “Do I Know This Already?” Quiz 3 Foundation Topics 6 Introduction to Cybersecurity 6 Defining What Are Threats, Vulnerabilities, and Exploits 8 Common Software and Hardware Vulnerabilities 31 Confidentiality, Integrity, and Availability 43 Cloud Security Threats 50 IoT Security Threats 54 An Introduction to Digital Forensics and Incident Response 58 Summary 76 Exam Preparation Tasks 76 Review All Key Topics 76 Define Key Terms 78 Review Questions 78 Chapter 2 Cryptography 80 “Do I Know This Already?” Quiz 80 Foundation Topics 82 Introduction to Cryptography 82 Fundamentals of PKI 97 Exam Preparation Tasks 106 Review All Key Topics 106 Define Key Terms 107 Review Questions 107 Chapter 3 Software-Defined Networking Security and Network Programmability 110 “Do I Know This Already?” Quiz 110 Foundation Topics 112 Software-Defined Networking (SDN) and SDN Security 112 Introduction to Network Programmability 136 Exam Preparation Tasks 151 Review All Key Topics 151 Define Key Terms 152 Review Questions 152 Chapter 4 Authentication, Authorization, Accounting (AAA) and Identity Management 156 “Do I Know This Already?” Quiz 157 Foundation Topics 160 Introduction to Authentication, Authorization, and Accounting 160 Authentication 162 Authorization 177 Accounting 179 Infrastructure Access Controls 179 AAA Protocols 182 Cisco Identity Services Engine (ISE) 192 Configuring TACACS+ Access 207 Configuring RADIUS Authentication 213 Additional Cisco ISE Design Tips 222 Exam Preparation Tasks 225 Review All Key Topics 225 Define Key Terms 226 Review Questions 227 Chapter 5 Network Visibility and Segmentation 232 “Do I Know This Already?” Quiz 233 Foundation Topics 236 Introduction to Network Visibility 236 NetFlow 237 IP Flow Information Export (IPFIX) 249 NetFlow Deployment Scenarios 255 Cisco Secure Network Analytics and Cisco Secure Cloud Analytics 263 Cisco Cognitive Intelligence and Cisco Encrypted Traffic Analytics (ETA) 274 NetFlow Collection Considerations and Best Practices 279 Configuring NetFlow in Cisco IOS and Cisco IOS-XE 280 Configuring NetFlow in NX-OS 295 Introduction to Network Segmentation 296 Micro-Segmentation with Cisco ACI 301 Segmentation with Cisco ISE 302 Exam Preparation Tasks 312 Review All Key Topics 312 Define Key Terms 313 Review Questions 314 Chapter 6 Infrastructure Security 316 “Do I Know This Already?” Quiz 317 Foundation Topics 320 Securing Layer 2 Technologies 320 VLAN and Trunking Fundamentals 320 Common Layer 2 Threats and How to Mitigate Them 333 Network Foundation Protection 343 Understanding and Securing the Management Plane 345 Understanding the Control Plane 347 Understanding and Securing the Data Plane 348 Securing Management Traffic 350 Implementing Logging Features 378 Configuring NTP 379 Securing the Network Infrastructure Device Image and Configuration Files 380 Securing the Data Plane in IPv6 381 Securing Routing Protocols and the Control Plane 395 Exam Preparation Tasks 404 Review All Key Topics 404 Define Key Terms 405 Review Questions 405 Chapter 7 Cisco Secure Firewall 410 “Do I Know This Already?” Quiz 410 Foundation Topics 413 Introduction to Cisco Secure Firewall 413 Comparing Network Security Solutions That Provide Firewall Capabilities 435 Deployment Modes of Network Security Solutions and Architectures That Provide Firewall Capabilities 437 High Availability and Clustering 448 Implementing Access Control 452 Cisco Firepower Intrusion Policies 472 Cisco Secure Malware Defense 478 Security Intelligence, Security Updates, and Keeping Firepower Software Up to Date 483 Exam Preparation Tasks 484 Review All Key Topics 485 Define Key Terms 486 Review Questions 486 Chapter 8 Virtual Private Networks (VPNs) 490 “Do I Know This Already?” Quiz 490 Foundation Topics 494 Virtual Private Network (VPN) Fundamentals 494 Deploying and Configuring Site-to-Site VPNs in Cisco Routers 506 Configuring Site-to-Site VPNs in Cisco ASA Firewalls 528 Configuring Remote-Access VPNs in the Cisco ASA 537 Configuring Clientless Remote Access SSL VPNs in the Cisco ASA 540 Configuring Client-Based Remote-Access SSL VPNs in the Cisco ASA 551 Configuring Remote-Access VPNs in Cisco Secure Firewall 556 Configuring Site-to-Site VPNs in the Cisco Secure Firewall 567 Cisco SD-WAN 569 Exam Preparation Tasks 573 Review All Key Topics 573 Define Key Terms 574 Review Questions 575 Chapter 9 Securing the Cloud 578 “Do I Know This Already?” Quiz 579 Foundation Topics 581 What Is Cloud and What Are the Cloud Service Models? 581 DevOps, Continuous Integration (CI), Continuous Delivery (CD), and Describing the Customer vs. Provider Security Responsibility for the Different Cloud Service Models 605 Cisco Umbrella 608 Cisco Secure Email Threat Defense 614 Cisco Attack Surface Management (Formerly Cisco Secure Cloud Insights) 616 Cisco Secure Cloud Analytics 618 AppDynamics Cloud Monitoring 619 Cisco Secure Workload 622 Cisco XDR 627 Exam Preparation Tasks 632 Review All Key Topics 633 Define Key Terms 634 Review Questions 634 Chapter 10 Content Security 638 “Do I Know This Already?” Quiz 638 Foundation Topics 641 Content Security Fundamentals 641 Cisco Secure Web Appliance 642 Cisco Secure Email 658 Cisco Content Security Management Appliance (SMA) 662 Exam Preparation Tasks 667 Review All Key Topics 668 Define Key Terms 668 Review Questions 669 Chapter 11 Endpoint Protection and Detection 672 “Do I Know This Already?” Quiz 672 Foundation Topics 674 Introduction to Endpoint Protection and Detection 674 Cisco Secure Endpoint 676 Cisco Threat Response 693 Exam Preparation Tasks 693 Review All Key Topics 693 Define Key Terms 694 Review Questions 694 Chapter 12 Final Preparation 696 Hands-on Activities 696 Suggested Plan for Final Review and Study 696 Summary 697 Chapter 13 CCNP and CCIE Security Core SCOR (350-701) Exam Updates 698 The Purpose of This Chapter 698 News about the Next Exam Release 700 Updated Technical Content 700 Appendix A Answers to the “Do I Know This Already?” Quizzes and Q&A Glossary 714 Online Element Appendix B Study Planner 9780138221263, TOC, 10/2/23

Read more less

Book SynopsisIn today’s technology-driven environment there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. Written in an accessible manner, Information Security Management Principles provides practical guidance and actionable steps to better prepare your workplace and your home alike, and keep your information secure. This book is a primer for those new to the subject as well as a guide for more experienced practitioners. It explains the fundamentals of information security, how to shape good organisational security practice, and how to recover effectively should the worst happen. This third edition has been updated to reflect the latest threats and vulnerabilities in the IT security landscape, and updates to standards, good practice guides and legislation. It also includes updates to the BCS Certification in Information Security Management Principles, which this book supports. A valuable guide to both current professionals at all levels and those wishing to embark on an information security career Offers practical guidance and actionable steps for individuals and businesses to protect themselves Highly accessible and terminology is clearly explained and supported with current, real-world examples Trade Review'This book is fantastic for those studying information security management and as a desk-side reference. It is comprehensive yet concise. I would recommend this book to anybody studying for the qualification as well as anyone in senior management positions looking to understand the basics. The language used is refreshingly understandable, making the book accessible to those outside the specialism.' -- Helen Mary Jones * Group Information Security Manager, The Jockey Club *Table of Contents Information Security Principles Information Risk Information Security Framework Security Lifecycles Procedural and People Security Controls Technical Security Controls Physical and Environmental Security Disaster Recovery and Business Continuity Management Other Technical Aspects

Read more less

Book SynopsisEd Fisher, Security & Compliance Architect at Microsoft, focuses on all aspects of security and compliance within Office 365, especially Microsoft Threat Protection. He has spent nearly a decade helping Microsoft customers and partners succeed with Microsoft cloud and productivity solutions. You can learn more at https://aka.ms/edfisher. Nate Chamberlain is a Microsoft 365 Certified Enterprise Administrator Expert. He has been an Office Apps and Services MVP since 2019, frequently blogging at NateChamberlain.com and speaking at Microsoft-focused events and user groups.Table of Contents Introduction 1. Implement and Manage Identity and Access 2. Implement and Manage Threat Protection 3. Implement and Manage Information Protection 4. Manage Governance and Compliance Features in Microsoft 365

Read more less

Book SynopsisJust say "no" to piles of sticky notes and scraps of paper with your passwords and logins! Keep track of them in this elegant, yet inconspicuous, alphabetically tabbed red leatherette notebook. In this 4” × 5.75” hardcover notebook with removable cover band, record the necessarily complex passwords and user login names required to thwart hackers. You’ll find: Internet password safety and naming tips A to Z tabbed pages with space to list website, username, and five passwords for each Dedicated pages to record software license information, with spaces for license number, purchase date, renewal date, and monthly fee Dedicated pages to record network settings and passwords, including for modem, router, WAN, LAN, and wireless A notes section with blank lined pages This internet password logbook provides an easy way to keep track of website addresses, usernames, and passwords in one discreet and convenient location.

Read more less

Book SynopsisA new edition of Shon Harrisâ bestselling exam prep guideâfully updated for the 2021 version of the CISSP examThoroughly updated for the latest release of the Certified Information Systems Security Professional exam, this comprehensive resource covers all objectives in the 2021 CISSP exam developed by the International Information Systems Security Certification Consortium (ISC)2 . CISSP All-in-One Exam Guide, Ninth Edition features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Written by leading experts in information security certification and training, this completely up-to-date self-study system helps you pass the exam with ease and also serves as an essential on-the-job reference.Covers all 8 CISSP domains: Security and risk management Asset security Security architecture and engineering Communication and network security Identity and access ma

Read more less

Book SynopsisThis book, divided into three parts, describes the detailed concepts of Digital Communication, Security, and Privacy protocols. In Part One, the first chapter provides a deeper perspective on communications, while Chapters 2 and 3 focus on analog and digital communication networks. Part Two then delves into various Digital Communication protocols. Beginning first in Chapter 4 with the major Telephony protocols, Chapter 5 then focuses on important Data Communication protocols, leading onto the discussion of Wireless and Cellular Communication protocols in Chapter 6 and Fiber Optic Data Transmission protocols in Chapter 7. Part Three covers Digital Security and Privacy protocols including Network Security protocols (Chapter 8), Wireless Security protocols (Chapter 9), and Server Level Security systems (Chapter 10), while the final chapter covers various aspects of privacy related to communication protocols and associated issues. This boTable of ContentsPart OneIntroduction to Analog & Digital Communication ProtocolsChapter 01 – Evolution of Communication ProtocolsChapter 02 – Introduction to Analog Communication ProtocolsChapter 03 – Introduction to Digital Communication ProtocolsPart TwoChapter 04 – Major Telephony ProtocolsChapter 05 – Important Data Communication ProtocolsChapter 06 – Wireless and Cellular Communication ProtocolsChapter 07 – Fiber Optic Data Transmission ProtocolsPart ThreeChapter 08 – Network Security ProtocolsChapter 09 – Wireless Security ProtocolsChapter 10 – Server Level Security SystemsChapter 11 – PrivacyBibliography

Read more less

Book SynopsisTable of ContentsIntroduction xi 1 Artificial Social Intelligence 1 2 Social Engineering and Psychological Exploitation 19 3 A History of Technology and Social Engineering 53 4 A History of Language Modeling 83 5 Consciousness, Sentience, and Understanding 127 6 The Imitation Game 151 7 Weaponizing Social Intelligence 175 8 Weaponizing Technical Intelligence 215 9 Multimodal Manipulation 239 10 The Future 257 11 The Quest for Resolution 283 Appendix A: Bot Automation 295 Appendix B: LLM Pretext Engineering 303 Appendix C: CAPTCHA Bypass 317 Appendix D: Context Manipulation Attacks 321 Appendix E: Attack Optimization with Monte Carlo Simulations 333 Appendix F: Autonomous C2 Operations with LLMs 349 Appendix G: Disembodiment Attacks 353 Bibliography 357 Acknowledgments 373 About the Author 375 Index 377

Read more less

Book Synopsis Understand common security pitfalls and discover weak points in your organization''s data security, and what you can do to combat them. This book includes the best approaches to managing mobile devices both on your local network and outside the office. Data breaches, compliance fines,  and distribution  of personally identifiable information (PII) without encryption or safeguards place businesses of all types at risk. In today''s electronic world, you must have a secure digital footprint that is based on business processes that are designed to protect information. This book is written for business owners, chief information security officers (CISO), and IT managers who want to securely configure Office 365.  You will follow the Microsoft cybersecurity road map through a progressive tutorial on how to configure the security  services in Office 365 to protect and manage your business. Table of Contents1. Why Security and Compliance 2. Azure and Office 365 Security 3. Office 365- Security Score 4. Office 365- Deploying Identity Management with EMS 5. Office 365- Mobile Device Management with EMS 6. Using Office 365 Compliance Center 7. Migration Step by Step 8. Managing Your Office 365

Read more less

Book SynopsisUse digital experience platforms (DXP) to improve your development productivity and release timelines. Leverage the pre-integrated feature sets of DXPs in your organization''s digital transformation journey to quickly develop a personalized, secure, and robust enterprise platform.In this book the authors examine various features of DXPs and provide rich insights into building each layer in a digital platform. Proven best practices are presented with examples for designing and building layers. A special focus is provided on security and quality attributes needed for business-critical enterprise applications. The authors cover modern and emerging digital trends such as Blockchain, IoT, containers, chatbots, artificial intelligence, and more.The book is divided into five parts related to requirements/design, development, security, infrastructure, and case study. The authors employ proven real-world methods, best practices, and security and integration techniques derived fTable of ContentsPart 1: Requirements and Design.- Chapter 1: Introduction to Digital Experience Platforms (DXP).- Chapter 2: Gathering Requirements.- Chapter 3: Design.- Part 2: Development of the Banking Experience Platform.- Chapter 4: User Interface Design.- Chapter 5: Designing Integration Layer.- Part 3: Securing Banking Experience Platform.- Chapter 6: DXP Security.- Chapter 7: DXP Information Security.- Part 4: Infrastructure and NFR for Banking Experience Platform.- Chapter 8: Quality Attributes and Sizing of DXP.- Chapter 9: DXP Performance Optimization.- Chapter 10: Transforming Legacy Banking Applications to Banking Experience Platforms.- Part 5: End to End Case Study.- Chapter 11: End-to-End DXP Case Study.- Appendix A: Open-Source Tools and Frameworks.- Appendix B: Source Code.- Appendix C: Further Reading.-

Read more less

Book SynopsisSee how privileges, insecure passwords, administrative rights, and remote access can be combined as an attack vector to breach any organization. Cyber attacks continue to increase in volume and sophistication. It is not a matter of if, but when, your organization will be breached. Threat actors target the path of least resistance: users and their privileges. In decades past, an entire enterprise might be sufficiently managed through just a handful of credentials. Today''s environmental complexity has seen an explosion of privileged credentials for many different account types such as domain and local administrators, operating systems (Windows, Unix, Linux, macOS, etc.), directory services, databases, applications, cloud instances, networking hardware, Internet of Things (IoT), social media, and so many more. When unmanaged, these privileged credentials pose a significant threat from external hackers and insider threats. We are experiencing an expanding univerTable of Contents

Read more less

Book SynopsisWritten by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them.

Read more less

Book SynopsisThis highly anticipated print collection gathers articles published in the much-loved International Journal of Proof-of-Concept or Get The Fuck Out. PoC GTFO follows in the tradition of Phrack and Uninformed by publishing on the subjects of offensive security research, reverse engineering, and file format internals. Until now, the journal has only been available online or printed and distributed for free at hacker conferences worldwide. Consistent with the journal's quirky, biblical style, this book comes with all the trimmings: a leatherette cover, ribbon bookmark, bible paper, and gilt-edged pages. The book features more than 80 technical essays from numerous famous hackers, authors of classics like 'Reliable Code Execution on a Tamagotchi,' 'ELFs are Dorky, Elves are Cool,' 'Burning a Phone,' 'Forget Not the Humble Timing Attack,' and 'A Sermon on Hacker Privilege.' Twenty-four full-color pages by Ange Albertini illustrate many of the clever tricks described in the text.

Read more less

Book SynopsisOne of the biggest issues for all users in the online world is security and privacy. Whether it is browsing the web, using email or communicating via social media, people are increasingly aware of the threats that are ever-present in the online world. However, recognizing these threats is the first step to preventing them, and a good understanding of online security and privacy issues is essential to keep safe from a variety of online threats.100 Top Tips Stay Safe Online and Protect Your Privacy contains tips covering all aspects of staying as safe as possible in the online world. These include:Detailing the types of threats that are out thereEnsuring that passwords for all of your devices are as secure as possibleIdentifying and avoiding common online scams and consStaying protected when using websitesDealing with threats that can be contained within emailsLooking at general social media security threatsUnderstanding security issues related specifically to FacebookProtecting yourself against identity theftKeeping your money safe when using online bankingUsing security options to keep children safe in the online worldWith 100 Top Tips Stay Safe Online and Protect Your Privacy at your side, you will be one step closer to protecting yourself from the ongoing threats in the online world.

Read more less

Book SynopsisProvides an overview of basic information security practices that will enable your security team to better engage with their peers to address the threats facing the organisation as a whole.

Read more less

Book SynopsisDr. R. Sarma Danturthi holds a PhD in Engineering from the University of Memphis (Memphis, TN) and works for the US Department of Defense. He has several years of experience with IT security, coding, databases, and project management. He holds Sec+, CISSP, and PMP certifications and is the author of the book 70 Tips and Tricks for Mastering the CISSP Exam (APress, 2020).Table of ContentsIntroduction Part I. Security Fundamentals Chapter 1: The Basics of Cybersecurity Chapter 2: Security Details Chapter 3: Goals of Security Part II. Database Security--The Back End Chapter 4: Database Security Introduction Chapter 5: Access Control of Data Chapter 6: Data Refresh, Backup, and Restore Chapter 7: Host Security Chapter 8: Proactive Monitoring Chapter 9: Risk, Monitoring, and Encryption Part III. Application Security--The Front End Chapter 10: Application Security Fundamentals Chapter 11: The Unseen Back End Chapter 12: Securing Software--In-House and Vendor Part IV. Security Administration Chapter 13: Security Administration Chapter 14: Follow a Proven Path for Security Chapter 15: Mobile Devices and Application Security Chapter 16: Corporate Security in Practice Index

Read more less

Book SynopsisThis book is an easy-to-follow series of tutorials that will lead readers through different facets of protecting household or small-business networks from cyber attacks. You'll learn how to use pfSense to build a firewall, lock down wireless, segment a network into protected zones, configure a VPN (virtual private network) to hide and encrypt network traffic and communications, set up proxies to speed up network performance and hide the source of traffic, block ads, install and configure an antivirus, back up your data securely, and even how to monitor your network for unauthorized activity and alert you to intrusion.Trade Review“An excellent crash course for someone like me with a technical background but little security experience. I've always wanted to beef up my home server and network security but didn't know where to start . . . This book has given me actionable steps I can take today, this week, this month, and beyond. And it gives me the confidence that I'm following reasonable best practices for an actual small network.”—Chris Miller, GoodReads Reviewer

Read more less

Book SynopsisIt's not just computers—hacking is everywhere. Legendary cybersecurity expert and New York Times best-selling author Bruce Schneier reveals how using a hacker’s mindset can change how you think about your life and the world.Trade Review"A Hacker's Mind… sheds vital light on the beginnings of our journey into an increasingly complex world." -- Becky Hogge - Financial Times"Schneier sees everything from tax avoidance to electoral gerrymandering as hacking and suggests that the hackers we should worry about are not teenagers in hooded sweatshirts, but accountants, lawyers and lobbyists in suits. " -- Ethan Zuckerman - Prospect"An essential new perspective on hacking: the bad and the ugly, but also a surprisingly optimistic way of using a hacker mentality to solve society’s complex problems." -- Marietje Schaake, international policy director at Stanford University Cyber Policy Centre and member of European Parliament, 2009–2019"A Hacker’s Mind brilliantly explains how our society and democracy are being shaped by people taking the ‘hacking’ mentality into realms that weren’t designed to be hacked. Bruce Schneier shows how hacking, the tool of the rebel and the outsider, can also be used by the rich and powerful to win in business and politics, at great cost to the civic commitment needed for our free society. A great read and an important book!" -- Timothy H. Edgar, author of Beyond Snowden"They say that rules are made to be broken, but more often rules are gamed, finessed, worked around, or subverted—in short, hacked. No one is better equipped than Bruce Schneier to explain how this often-perverse use of human ingenuity can undermine the institutions that civilized life depends on. A Hacker’s Mind is an important source of new insights on the forces that can sap the vigor and integrity of modern society." -- Steven Pinker, Johnstone Family Professor of Psychology, Harvard University, and author of Rationality

Read more less

Book SynopsisThis new book discusses the concepts while also highlighting the challenges in thefield of quantum cryptography and also covering cryptographic techniques and cybersecurity techniques, in a single volume.It comprehensively covers important topics in the field of quantum cryptographywith applications, including quantum key distribution, position-based quantumcryptography, quantum teleportation, quantum e-commerce, quantum cloning, cybersecurity techniques' architectures and design, cyber security techniques management,software-defined networks, and cyber security techniques for 5G communication.The text also discusses the security of practical quantum key distribution systems,applications and algorithms developed for quantum cryptography, as well as cybersecurity through quantum computing and quantum cryptography.The text will be beneficial for graduate students, academic researchers, andprofeTable of Contents1. Towards Security in Software Defined Networks with Trust and Monitoring 2. Quantum key generation and distribution using Decoy state 3. Cyber Security Techniques, Architectures and Design 4. Secured Unmanned Aerial Vehicle based Fog Computing Network (UAV-FCN): A Review 5. Mars Surface Exploration via Unmanned Aerial Vehicles: Secured MarSE UAV Prototype 6. Quantum Cryptography in Cybersecurity: A Holistic Approach 7. Cyber Security Technique for Internet of Things using Machine Learning 8. Image Encryption and Decryption through Quantum Cryptography 9. Cyber Security Techniques Management 10. Quantum Cryptography And Quantum Key Distribution 11. Quantum Cryptography: Basics, Effects on Communication and Data Management 12. Quantum Number: An Error Correction Circuits and Methods 13. Risk Analysis Assessment of Inter-Dependency of Vulnerabilities In Cyber-Physical Systems

Read more less

Book SynopsisThe cybersecurity landscape is changing, for sure. For example, one of the oldest threat variants is that of phishing. It evolved in the early 1990s, but even today it is still being used as a primary threat variant and has now become much more sophisticated, covert, and stealthy in nature. For example, it can be used to launch ransomware, social engineering, and extortion attacks.The advent of Generative AI is making this much worse. For example, a cyberattacker can now use something like ChatGPT to craft the content for phishing emails that are so convincing that it is almost impossible to tell the difference between what is real and what is fake. This is also clearly evident in the use of deepfakes, where fake images of real people are replicated to create videos to lure unsuspecting victims to a fake website.But Generative AI can also be used for the good to combat Phishing Attacks. This is the topic of this book. In this, we cover the following: A revi

Read more less

a huge range and FREE tracked UK delivery on ALL orders.

Read more less

Book SynopsisA practical handbook to cybersecurity for both tech and non-tech professionals As reports of major data breaches fill the headlines, it has become impossible for any business, large or small, to ignore the importance of cybersecurity. Most books on the subject, however, are either too specialized for the non-technical professional or too general for positions in the IT trenches. Thanks to author Nadean Tanner's wide array of experience from teaching at a University to working for the Department of Defense, the Cybersecurity Blue Team Toolkit strikes the perfect balance of substantive and accessible, making it equally useful to those in IT or management positions across a variety of industries. This handy guide takes a simple and strategic look at best practices and tools available to both cybersecurity management and hands-on professionals, whether they be new to the field or looking to expand their expertise. Tanner gives comprehensive coverage to such crucial topics as security asTable of ContentsForeword xxi Introduction xxiii Chapter 1 Fundamental Networking and Security Tools 1 Ping 1 IPConfig 4 NSLookup 7 Tracert 9 NetStat 10 PuTTY 14 Chapter 2 Troubleshooting Microsoft Windows 17 RELI 18 PSR 19 PathPing 21 MTR 23 Sysinternals 24 The Legendary God Mode 28 Chapter 3 Nmap—The Network Mapper 31 Network Mapping 32 Port Scanning 34 Services Running 36 Operating Systems 38 Zenmap 39 Chapter 4 Vulnerability Management 43 Managing Vulnerabilities 43 OpenVAS 46 Nexpose Community 50 Chapter 5 Monitoring with OSSEC 57 Log-Based Intrusion Detection Systems 57 Agents 61 Adding an Agent 63 Extracting the Key for an Agent 64 Removing an Agent 64 Log Analysis 65 Chapter 6 Protecting Wireless Communication 67 802.11 67 inSSIDer 70 Wireless Network Watcher 71 Hamachi 72 Tor 78 Chapter 7 Wireshark 83 Wireshark 83 OSI Model 86 Capture 89 Filters and Colors 92 Inspection 93 Chapter 8 Access Management 97 AAA 98 Least Privilege 99 Single Sign-On 101 JumpCloud 103 Chapter 9 Managing Logs 109 Windows Event Viewer 110 Windows PowerShell 112 BareTail 116 Syslog 117 SolarWinds Kiwi 120 Chapter 10 Metasploit 125 Reconnaissance 127 Installation 128 Gaining Access 135 Metasploitable2 139 Vulnerable Web Services 144 Meterpreter 146 Chapter 11 Web Application Security 147 Web Development 148 Information Gathering 151 DNS 153 Defense in Depth 155 Burp Suite 156 Chapter 12 Patch and Configuration Management 165 Patch Management 166 Configuration Management 173 Clonezilla Live 179 Chapter 13 Securing OSI Layer 8 187 Human Nature 188 Human Attacks 192 Education 193 The Social Engineer Toolkit 195 Chapter 14 Kali Linux 205 Virtualization 206 Optimizing Kali Linux 219 Using Kali Linux Tools 221 Maltego 222 Recon-ng 223 Sparta 225 MacChanger 225 Nikto 226 Kismet 227 WiFite 228 John the Ripper 229 Hashcat 230 Chapter 15 CISv7 Controls and Best Practices 235 CIS Basic Controls—The Top Six 236 Inventory and Control of Hardware Assets 236 Inventory and Control of Software Assets 238 Continuous Vulnerability Management 239 Controlled Use of Administrative Privileges 240 Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers 241 Maintenance, Monitoring, and Analysis of Audit Logs 246 In Conclusion 248 Index 249

Read more less

Book SynopsisTable of ContentsForeword to the Fourth Edition xxi Introduction xix Chapter 1 Cloud Concepts, Architecture, and Design 1 Understand Cloud Computing Concepts 2 Cloud Computing Definitions 2 Cloud Computing Roles and Responsibilities 3 Key Cloud Computing Characteristics 7 Building Block Technologies 11 Describe Cloud Reference Architecture 14 Cloud Computing Activities 14 Cloud Service Capabilities 15 Cloud Service Categories 17 Cloud Deployment Models 18 Cloud Shared Considerations 21 Impact of Related Technologies 27 Understand Security Concepts Relevant to Cloud Computing 33 Cryptography and Key Management 33 Identity and Access Control 34 Data and Media Sanitization 36 Network Security 37 Virtualization Security 39 Common Threats 41 Security Hygiene 41 Understand Design Principles of Secure Cloud Computing 43 Cloud Secure Data Lifecycle 43 Cloud- Based Business Continuity and Disaster Recovery Plan 44 Business Impact Analysis 45 Functional Security Requirements 46 Security Considerations for Different Cloud Categories 48 Cloud Design Patterns 49 DevOps Security 51 Evaluate Cloud Service Providers 51 Verification against Criteria 52 System/Subsystem Product Certifications 54 Summary 56 Chapter 2 Cloud Data Security 57 Describe Cloud Data Concepts 58 Cloud Data Lifecycle Phases 58 Data Dispersion 61 Data Flows 62 Design and Implement Cloud Data Storage Architectures 63 Storage Types 63 Threats to Storage Types 66 Design and Apply Data Security Technologies and Strategies 67 Encryption and Key Management 67 Hashing 70 Data Obfuscation 71 Tokenization 73 Data Loss Prevention 74 Keys, Secrets, and Certificates Management 77 Implement Data Discovery 78 Structured Data 79 Unstructured Data 80 Semi- structured Data 81 Data Location 82 Implement Data Classification 82 Data Classification Policies 83 Mapping 85 Labeling 86 Design and Implement Information Rights Management 87 Objectives 88 Appropriate Tools 89 Plan and Implement Data Retention, Deletion, and Archiving Policies 89 Data Retention Policies 90 Data Deletion Procedures and Mechanisms 93 Data Archiving Procedures and Mechanisms 94 Legal Hold 95 Design and Implement Auditability, Traceability, and Accountability of Data Events 96 Definition of Event Sources and Requirement of Event Attribution 97 Logging, Storage, and Analysis of Data Events 99 Chain of Custody and Nonrepudiation 100 Summary 101 Chapter 3 Cloud Platform and Infrastructure Security 103 Comprehend Cloud Infrastructure and Platform Components 104 Physical Environment 104 Network and Communications 106 Compute 107 Virtualization 108 Storage 110 Management Plane 111 Design a Secure Data Center 113 Logical Design 114 Physical Design 116 Environmental Design 117 Analyze Risks Associated with Cloud Infrastructure and Platforms 119 Risk Assessment 119 Cloud Vulnerabilities, Threats, and Attacks 122 Risk Mitigation Strategies 123 Plan and Implementation of Security Controls 124 Physical and Environmental Protection 124 System, Storage, and Communication Protection 125 Identification, Authentication, and Authorization in Cloud Environments 127 Audit Mechanisms 128 Plan Disaster Recovery and Business Continuity 131 Business Continuity/Disaster Recovery Strategy 131 Business Requirements 132 Creation, Implementation, and Testing of Plan 134 Summary 138 Chapter 4 Cloud Application Security 139 Advocate Training and Awareness for Application Security 140 Cloud Development Basics 140 Common Pitfalls 141 Common Cloud Vulnerabilities 142 Describe the Secure Software Development Life Cycle Process 144 NIST Secure Software Development Framework 145 OWASP Software Assurance Maturity Model 145 Business Requirements 145 Phases and Methodologies 146 Apply the Secure Software Development Life Cycle 149 Cloud- Specific Risks 149 Threat Modeling 153 Avoid Common Vulnerabilities during Development 156 Secure Coding 156 Software Configuration Management and Versioning 157 Apply Cloud Software Assurance and Validation 158 Functional and Non- functional Testing 159 Security Testing Methodologies 160 Quality Assurance 164 Abuse Case Testing 164 Use Verified Secure Software 165 Securing Application Programming Interfaces 165 Supply- Chain Management 166 Third- Party Software Management 166 Validated Open- Source Software 167 Comprehend the Specifics of Cloud Application Architecture 168 Supplemental Security Components 169 Cryptography 171 Sandboxing 172 Application Virtualization and Orchestration 173 Design Appropriate Identity and Access Management Solutions 174 Federated Identity 175 Identity Providers 175 Single Sign- on 176 Multifactor Authentication 176 Cloud Access Security Broker 178 Summary 179 Chapter 5 Cloud Security Operations 181 Build and Implement Physical and Logical Infrastructure for Cloud Environment 182 Hardware- Specific Security Configuration Requirements 182 Installation and Configuration of Virtualization Management Tools 185 Virtual Hardware–Specific Security Configuration Requirements 186 Installation of Guest Operating System Virtualization Toolsets 188 Operate Physical and Logical Infrastructure for Cloud Environment 188 Configure Access Control for Local and Remote Access 188 Secure Network Configuration 190 Operating System Hardening through the Application of Baselines 195 Availability of Stand- Alone Hosts 196 Availability of Clustered Hosts 197 Availability of Guest Operating Systems 199 Manage Physical and Logical Infrastructure for Cloud Environment 200 Access Controls for Remote Access 201 Operating System Baseline Compliance Monitoring and Remediation 202 Patch Management 203 Performance and Capacity Monitoring 205 Hardware Monitoring 206 Configuration of Host and Guest Operating System Backup and Restore Functions 207 Network Security Controls 208 Management Plane 212 Implement Operational Controls and Standards 212 Change Management 213 Continuity Management 214 Information Security Management 216 Continual Service Improvement Management 217 Incident Management 218 Problem Management 221 Release Management 221 Deployment Management 222 Configuration Management 224 Service Level Management 225 Availability Management 226 Capacity Management 227 Support Digital Forensics 228 Forensic Data Collection Methodologies 228 Evidence Management 230 Collect, Acquire, and Preserve Digital Evidence 231 Manage Communication with Relevant Parties 234 Vendors 235 Customers 236 Partners 238 Regulators 238 Other Stakeholders 239 Manage Security Operations 239 Security Operations Center 240 Monitoring of Security Controls 244 Log Capture and Analysis 245 Incident Management 248 Summary 253 Chapter 6 Legal, Risk, and Compliance 255 Articulating Legal Requirements and Unique Risks within the Cloud Environment 256 Conflicting International Legislation 256 Evaluation of Legal Risks Specific to Cloud Computing 258 Legal Frameworks and Guidelines 258 eDiscovery 265 Forensics Requirements 267 Understand Privacy Issues 267 Difference between Contractual and Regulated Private Data 268 Country- Specific Legislation Related to Private Data 272 Jurisdictional Differences in Data Privacy 277 Standard Privacy Requirements 278 Privacy Impact Assessments 280 Understanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 281 Internal and External Audit Controls 282 Impact of Audit Requirements 283 Identify Assurance Challenges of Virtualization and Cloud 284 Types of Audit Reports 285 Restrictions of Audit Scope Statements 288 Gap Analysis 289 Audit Planning 290 Internal Information Security Management System 291 Internal Information Security Controls System 292 Policies 293 Identification and Involvement of Relevant Stakeholders 296 Specialized Compliance Requirements for Highly Regulated Industries 297 Impact of Distributed Information Technology Model 298 Understand Implications of Cloud to Enterprise Risk Management 299 Assess Providers Risk Management Programs 300 Differences between Data Owner/Controller vs. Data Custodian/Processor 301 Regulatory Transparency Requirements 302 Risk Treatment 303 Risk Frameworks 304 Metrics for Risk Management 307 Assessment of Risk Environment 307 Understand Outsourcing and Cloud Contract Design 309 Business Requirements 309 Vendor Management 311 Contract Management 312 Supply Chain Management 314 Summary 316 Index 317

Read more less

Book SynopsisTable of ContentsIntroduction xv Chapter 1 Domain 1: Cloud Concepts, Architecture, and Design 1 Chapter 2 Domain 2: Architecture and Design 23 Chapter 3 Domain 3: Cloud Platform and Infrastructure Security 45 Chapter 4 Domain 4: Cloud Application Security 65 Chapter 5 Domain 5: Cloud Security Operations 85 Chapter 6 Domain 6: Legal, Risk, and Compliance 105 Chapter 7 Practice Test 1 125 Chapter 8 Practice Test 2 151 Appendix Answers to Review Questions 175 Chapter 1: Domain 1: Cloud Concepts, Architecture, and Design 176 Chapter 2: Domain 2: Architecture and Design 188 Chapter 3: Domain 3: Cloud Platform and Infrastructure Security 198 Chapter 4: Domain 4: Cloud Application Security 213 Chapter 5: Domain 5: Cloud Security Operations 223 Chapter 6: Domain 6: Legal, Risk, and Compliance 232 Chapter 7: Practice Test 1 245 Chapter 8: Practice Test 2 259 Index 273

Read more less

Book SynopsisApply the basics of security in serverless computing to new or existing projects. This hands-on guide provides practical examples and fundamentals. You will apply these fundamentals in all aspects of serverless computing: improving the code, securing the application, and protecting the infrastructure. You will come away having security knowledge that enables you to secure a project you are supporting and have technical conversations with cybersecurity personnel.At a time when there are many news stories on cybersecurity breaches, it is crucial to think about security in your applications. It is tempting to believe that having a third-party host the entire computing platform will increase security. This book shows you why cybersecurity is the responsibility of everyone working on the project.What You Will Learn Gain a deeper understanding of cybersecurity in serverless computing Know how to use free and open sourceTable of ContentsIntroduction Part I: The Need for Security Chapter 1: Determining Scope Understanding the Application Scoping Chapter 2: Performing a Risk Assessment Understanding the Threat Landscape Threat Modeling Preparing the Risk Assessment Part II: Securing the Application Chapter 3: Securing the Code Assessing Dependencies Using Static Code Analysis Tools Writing Unit Tests Chapter 4: Securing the Interfaces Identifying the Interfaces Determining the Interface Inputs Reducing the Attack Surface Chapter 5: Securing the Code Repository Using a Code Repository Limiting Saved Content Part III: Securing the Infrastructure Chapter 5: Restricting Permissions Understanding Permissions Identifying the Services Updating the Permissions Chapter 6: Account Management Understanding Account Access Restricting Account Access Implementing Multi-Factor Authentication Using Secrets Part IV: Monitoring and Alerting Chapter 7: Monitoring Logs Understanding Logging Methods Reviewing Logs Chapter 8: Monitoring Metrics Understanding Metrics Reviewing Metrics Chapter 9: Monitoring Billing Understanding Billing Reviewing Billing Chapter 10: Monitoring Security Events Understanding Security Events Reviewing Security Event Chapter 10: Alerting Understanding Alerting Implementing Alerting Chapter 11: Auditing Understanding Auditing Implementing Auditing Part V: Security Assessment and Report Chapter 12: Finalizing the Risk Assessment Scoring the Identified Risks Defining the Mitigation Steps Assessing the Business Impact Determining the Overall Security Risk Level

Read more less

Book SynopsisHow will protecting our digital infrastructure shape our future? Cybersecurity is one of the key practical and political challenges of our time. It is at the heart of how modern societies survive and thrive, yet public understanding is still rudimentary: media portrayals of hoodie-wearing hackers accessing the Pentagon don’t convey its complexity or significance to contemporary life. This book addresses this gap, showing that the political dimension is as important as the technological one. It accessibly explains the complexities of global information systems, the challenges of providing security to users, societies, states and the international system, and the multitude of competing players and ambitions in this arena. Making the case for understanding it not only as a technical project, but as a crucial political one that links competing visions of what cybersecurity is for, it tackles the ultimate question: how can we do it better?Table of Contents1. Introduction: A 'Wicked Problem' 2. How Did We Get Here? 3. Cybersecurity, Cyber Risk 4. States and Markets 5. International Cybersecurity 6. Cybersecurity and Human Security 7. Conclusion: A Global Conversation

Read more less

Book Synopsis*THE INSTANT NEW YORK TIMES BESTSELLER AND WORLD ECONOMIC FORUM BOOK CLUB PICK*'A clear, compelling guide to some of the most pressing debates in technology today.' Bill Gates'A colourful and insightful insiders' view of how technology is both empowering us and threatening us. From privacy to cyberattacks, this timely book is a useful guide for how to navigate the digital future.' Walter Isaacson, bestselling author of Steve JobsFrom Microsoft's President and one of the tech industry's wisest thinkers, a frank and thoughtful reckoning with how to balance enormous promise and existential risk as the digitization of everything accelerates. With new chapters on the pandemic and beyond. __________Microsoft President Brad Smith operates by a simple core belief: when your technology changes the world, you bear a responsibility to help address the world you have helped create. This might seem uncontroversial, but it flies in the face of a tech sector long obsessed with rapid growth and sometimes on disruption as an end in itself. While sweeping digital transformation holds great promise, we have reached an inflection point. The world has turned information technology into both a powerful tool and a formidable weapon, and new approaches are needed to manage an era defined by even more powerful inventions like artificial intelligence. Companies that create technology must accept greater responsibility for the future, and governments will need to regulate technology by moving faster and catching up with the pace of innovation.In Tools and Weapons, Brad Smith and Carol Ann Browne bring us a captivating narrative from the cockpit of one of the world's largest and most powerful tech companies as it finds itself in the middle of some of the thorniest emerging issues of our time. These are challenges that come with no pre-existing playbook, including privacy, cybercrime and cyberwar, social media, the moral conundrums of artificial intelligence, big tech's relationship to inequality, and the challenges for democracy, far and near. While in no way a self-glorifying "Microsoft memoir," the book pulls back the curtain remarkably wide onto some of the company's most crucial recent decision points as it strives to protect the hopes technology offers against the very real threats it also presents. There are huge ramifications for communities and countries, and Brad Smith provides a thoughtful and urgent contribution to that effort.__________In Tools and Weapons, Brad Smith takes us behind the scenes on some of the biggest stories to hit the tech industry in the past decade and some of the biggest threats we face. From Edward Snowden's NSA leak to the NHS WannaCry ransomware attack, this book is essential reading to understand what's happening in the world around us.Praise for Tools and Weapons: 'The de facto ambassador for the technology industry at large.' The New York Times'In Tools and Weapons, Brad and Carol Ann Browne wrestle with some of the world's toughest technology challenges with common sense and valuable insight reflecting their inside experience. The ideas in Tools and Weapons won't solve all our problems, but they're a very good place to start.' - Reed Hastings, CEO, Netflix'Tools and Weapons is a glimpse behind the curtain as Microsoft reckoned with the Snowden revelations, defended against the vicious cyberattacks, and took both the Obama and Trump administrations to court.' - Rolling StoneTrade ReviewTools and Weapons offers a clear view of the questions raised by new technologies, and a potential path forward for tech companies and for societies. - Bill GatesOne of the few executives willing to speak openly about the industry's most vexing issues. - Sunday Times'A colourful and insightful insiders' view of how technology is both empowering and threatening us. From privacy to cyberattacks, this timely book is a useful guide for how to navigate the digital future.' - Walter IsaacsonTaming Big Tech will not be easy, but this book . . . shows where to start. - The Financial Times Smith's book is not the typical vanity project churned out by so many Fortune 500 leaders, the generic tomes on leadership and teamwork stocked at airport bookstores near the neck pillows. Tools and Weapons is a glimpse behind the curtain as Microsoft reckoned with the Snowden revelations, defended against the vicious cyberattacks, and took both the Obama and Trump administrations to court.' Rolling StoneBrad Smith makes the case for a new relationship between the tech sector and government - closer cooperation and challenges for each side. - New York TimesBrad Smith and Carol Ann Browne get to the heart of some of the biggest tech issues of our time, including privacy, cybersecurity and responsible AI, and their impact on all of our lives. - Satya Nadella, CEO of MicrosoftThis is a colorful and insightful insiders' view of how technology is both empowering us and threatening us. From privacy to cyberattacks, this timely book is a useful guide for how to navigate the digital future. - Walter Isaacson, bestselling author of The Innovators and Steve JobsComing from an industry driven by disruption, it's refreshing to read Brad Smith's call for the tech sector to assume more responsibility. In Tools and Weapons, Brad and Carol Ann Browne wrestle with some of the world's toughest technology challenges with common sense and valuable insight reflecting their inside experience. The ideas in Tools and Weapons won't solve all our problems, but they're a very good place to start. - Reed Hastings, CEO, Netflix'Casual readers who know Microsoft primarily for Windows, Office and maybe Xbox will be surprised by the level of insight Smith brings to some of the biggest issues facing not just the industry but humanity. [Tools and Weapons] is written for a mass market, not just tech and policy wonks. It offers a framework for everyday readers to understand and think about the implications of powerful new forms of technology. . . . It's full of behind-the-scenes anecdotes, from internal Microsoft meetings to high-level sessions at the Obama and Trump White Houses. It makes ample use of historical references to put modern trends and technologies in context.' - GeekwireBrad Smith has emerged as a vocal and principled thought leader addressing how technology can either help uphold or undermine human rights. As digital technology continues to proliferate, these issues will only grow in importance and command more of the world's attention. - Amal Clooney, international human rights lawyer and co-founder and president, Clooney Foundation for JusticeTools and Weapons reads like a techno-legal thriller, yet offers a thorough and eye-opening account of the major tech controversies of the last decade, from NSA spying through AI ethics and the US-China standoff. Brad Smith, a believer that "great power brings great responsibility" makes it evident that the future of humanity may depend on ethical and responsive leadership in the tech industries, and in this book he sets a high bar for his peers. - Tim Wu, author of The Curse of BignessWith clarity and candor, Brad Smith and Carol Ann Browne have crafted an indispensable guide to understanding and tackling the mightiest tech challenges of our time. Drawing on firsthand experience as well as the lessons of history, this perceptive volume shows that solutions will not be solely governmental nor corporate, but must involve collaboration across sectors and borders. Timely, essential reading for all who care about where the tech world goes next. - Margaret O'Mara, author of The Code'In Tools and Weapons, Smith and co-author Carol Ann Browne, make a persuasive, pragmatic case for owning that responsibility, in everything from digital privacy and surveillance to cybersecurity and social fragmentation to artificial intelligence and facial-recognition technology.' - Seattle Times

Read more less

Book SynopsisThis book provides a comprehensive overview of the key concerns as well as research challenges in designing secure and resilient Industrial Control Systems (ICS). It will discuss today's state of the art security architectures and couple it with near and long term research needs that compare to the baseline. It will also establish all discussions to generic reference architecture for ICS that reflects and protects high consequence scenarios.Significant strides have been made in making industrial control systems secure. However, increasing connectivity of ICS systems with commodity IT devices and significant human interaction of ICS systems during its operation regularly introduces newer threats to these systems resulting in ICS security defenses always playing catch-up. There is an emerging consensus that it is very important for ICS missions to survive cyber-attacks as well as failures and continue to maintain a certain level and quality of service. Such resilient ICS design requires one to be proactive in understanding and reasoning about evolving threats to ICS components, their potential effects on the ICS mission’s survivability goals, and identify ways to design secure resilient ICS systems.This book targets primarily educators and researchers working in the area of ICS and Supervisory Control And Data Acquisition (SCADA) systems security and resiliency. Practitioners responsible for security deployment, management and governance in ICS and SCADA systems would also find this book useful. Graduate students will find this book to be a good starting point for research in this area and a reference source.Table of Contents1. Current and New Practice.- 2. Cyber-Modeling, Detection, and Forensics.- 3. Proactive Defense Mechanism Design.- 4. Human System Interface.- 5. Metrics For Resilience.

Read more less

Book SynopsisThis book shows how open source intelligence can be a powerful tool for combating crime by linking local and global patterns to help understand how criminal activities are connected. Readers will encounter the latest advances in cutting-edge data mining, machine learning and predictive analytics combined with natural language processing and social network analysis to detect, disrupt, and neutralize cyber and physical threats. Chapters contain state-of-the-art social media analytics and open source intelligence research trends. This multidisciplinary volume will appeal to students, researchers, and professionals working in the fields of open source intelligence, cyber crime and social network analytics. Chapter Automated Text Analysis for Intelligence Purposes: A Psychological Operations Case Study is available open access under a Creative Commons Attribution 4.0 International License via link.springer.com.Table of ContentsChapter1. Studying the Weaponization of Social Media: Case Studies of Anti-NATO Disinformation Campaigns.- Chapter2. Cognitively-Inspired Inference for Malware Task Indentation.- Chapter3. Beyond the ‘Silk Road’: Assessing Illicit Drug Marketplaces on the Public Web.- Chapter4. Protecting the Web from Misinformation.- Chapter5. Social Media for Mental Health: Data, Methods, and Findings.- Chapter6. Twitter Bots and the Swedish Election.- Chapter7. Automated Text Analysis for Intelligence Purposes: A Psychological Operations Case Study.- Chapter8. You are Known by Your Friends: Leveraging Network Metrics for Bot Detection in Twitter.- Chapter9. Inferring Systemic Nets with Applications to Islamist Forums.

Read more less

Book SynopsisThis book constitutes the refereed proceedings of the 18th European Workshop on Computer Performance Engineering, EPEW 2022, held in Santa Pola, Spain, in September 2022.The 14 papers presented in this volume together with one invited talk were carefully reviewed and selected from 14 submissions. The papers presented at the workshop reflect the diversity of modern performance engineering. The sessions covered a wide range of topics including robustness analysis, machine learning, edge and cloud computing, as well as more traditional topics on stochastic modelling, techniques and tools.Table of ContentsRobustness analysis.- Applications.- Stochastic modelling.- Machine learning.- Edge-cloud computing.- Modelling paradigms and tools.

Read more less

Book SynopsisThis book introduces some fundamentals of information and communication technology (ICT) and other current and future technologies that are relevant to the field of cybersecurity. In a digitally connected world, cybersecurity is one of the most important issues today. We have witnessed tremendous advancements over the last two decades in various fields of networking, connectivity, electronics, and the technologies that make use of those platforms and devices. Many emerging technologies are also showing promise for future use in the cybersecurity area. Hence, it is important to understand some basics of the technologies and concepts that are making their impacts today and those which may show stronger influence in the near future. The book begins with an introduction to ICT and its advancements, then talks about Artificial Intelligence (AI), Machine Learning (ML), and Blockchain Technologies. It then goes on to cover wireless technology, Internet of Things (IoT), Distributed Cloud Computing, Quantum Computing, Virtual Reality, and other futuristic technologies that would be directly related to Cyberspace and Cybersecurity.This textbook is written in a step-by-step manner, with easily accessible information for both general readers and experts in the field. It is suitable to be used as a textbook for undergraduate and graduate courses like Computer Networks and Security, Information Security, etc.Table of ContentsChapter 01 – An Overview of ICT Technology Advancement ..................................................................... 16Introduction ............................................................................................................................................ 17An Overview of ICT Advanced Technologies ........................................................................................... 18Main Areas of ICT Technologies .............................................................................................................. 19Hardware Technologies .......................................................................................................................... 20Data Processing Hardware .................................................................................................................. 20Data Input Hardware .......................................................................................................................... 22Data Output Hardware ....................................................................................................................... 23Data Transmission Hardware .............................................................................................................. 23Data storage hardware ....................................................................................................................... 24Software Technologies ............................................................................................................................ 25Firmware 25Operating Systems (OSs) ..................................................................................................................... 26IT Protocols ......................................................................................................................................... 28Programming Languages ..................................................................................................................... 29Software Development Methodologies .............................................................................................. 30Evolution of Information Technology ..................................................................................................... 31Computer Generations ........................................................................................................................... 32Zero Generation (1642 – 1945) ........................................................................................................... 32First Generation (1945 – 1954) ........................................................................................................... 33Second Generation (1954 – 1963) ...................................................................................................... 33Third Generation (1963 – 1973) .......................................................................................................... 33Fourth Generation (1973 – 1985) ....................................................................................................... 33Fifth Generation (1985 – Present) ...................................................................................................... 33Operating System Generations ............................................................................................................... 34First Generation (1940 – 1950) ........................................................................................................... 34Second Generation (1955 – 1965) ...................................................................................................... 34Third Generation (1965 – 1980) .......................................................................................................... 35Fourth Generation (1980 – Present) ................................................................................................... 35Application Software Generations .......................................................................................................... 35First Generation .................................................................................................................................. 36Second Generation ............................................................................................................................. 36Third Generation ................................................................................................................................. 36Fourth Generation .............................................................................................................................. 37Fifth Generation .................................................................................................................................. 37Programming Language Generations ..................................................................................................... 37First Generation .................................................................................................................................. 38Second Generation ............................................................................................................................. 38Third Generation ................................................................................................................................. 38Fourth Generation .............................................................................................................................. 39Fifth Generation .................................................................................................................................. 39Wireless/Cellular Technology Generations............................................................................................. 39Zero Generation .................................................................................................................................. 40First Generation .................................................................................................................................. 40Second Generation ............................................................................................................................. 40Third Generation ................................................................................................................................. 41Fourth Generation .............................................................................................................................. 41Fifth Generation .................................................................................................................................. 41WWW Generations ................................................................................................................................. 42Web 1.0 42Web 2.0 42Web 3.0 43Web 4.0 43Evolution of Storage Technologies ......................................................................................................... 44Initial Storage Technologies ................................................................................................................ 44Magnetic Tape-Based Technologies ................................................................................................... 44Magnetic Disk-Based Technologies ..................................................................................................... 45Semiconductor-Based Storage Technologies ...................................................................................... 46Optical-Based Storage Technologies ................................................................................................... 48Advanced Storage Technologies ............................................................................................................. 48Direct Attached Storage (DAS) ............................................................................................................ 48Network Attached Storage (NAS) ....................................................................................................... 49Storage Area Network (SAN) ............................................................................................................... 49Futuristic Storage Technologies .............................................................................................................. 49Software Defined Storage (SDS) ......................................................................................................... 50Storage Virtualization ......................................................................................................................... 50Software Development Generations ...................................................................................................... 50Conventional Era – (1960-1970) ......................................................................................................... 51Transition Era – (1980 – 1990) ............................................................................................................ 51Modern Era – (2000 – Present) ........................................................................................................... 51Types of ICT Services ............................................................................................................................... 52Software Development ....................................................................................................................... 52Computer Networking ........................................................................................................................ 52IT Infrastructure Management ........................................................................................................... 52Telecommunication ............................................................................................................................ 53Data Storage Service ........................................................................................................................... 53Storage Transfer Service (STS) ............................................................................................................ 53Database Management ....................................................................................................................... 53Process Automation & Monitoring ..................................................................................................... 54Data Analytics ..................................................................................................................................... 54Cloud Computing Service .................................................................................................................... 55Application Programming Interface (API) Service ............................................................................... 55Cybersecurity Service .......................................................................................................................... 56Digital Entertainment Services ............................................................................................................ 56Content Delivery Network (CDN) ........................................................................................................ 57A Peep into Next Generation Technologies ............................................................................................ 58Chapter 02 – Artificial Intelligence Technology .......................................................................................... 61Introduction ............................................................................................................................................ 62What Is Artificial Intelligence (AI)?.......................................................................................................... 62What Is Neural Network?........................................................................................................................ 63Major Approaches Used in Artificial Intelligence Research .................................................................... 64Symbolic Approach ............................................................................................................................. 64Connectionist Approach ...................................................................................................................... 65Objectives of Artificial Intelligence ......................................................................................................... 66Reasoning ............................................................................................................................................ 67Problem Solving .................................................................................................................................. 67Natural Language Processing .............................................................................................................. 68Learning 68Planning 69Knowledge Representation ................................................................................................................. 69Motion and Manipulation ................................................................................................................... 69Artificial General Intelligence .............................................................................................................. 70Social Intelligence ............................................................................................................................... 70Business Intelligence ........................................................................................................................... 70Machine Perception ............................................................................................................................ 70An Overview of the History of AI ............................................................................................................ 71Main Areas of AI Application .................................................................................................................. 72Natural Language Processing .............................................................................................................. 73Computer Vision ................................................................................................................................. 76Expert Systems .................................................................................................................................... 77Speech Recognition ............................................................................................................................. 78Robotics 79Text Recognition ................................................................................................................................. 80Voice Recognition ............................................................................................................................... 80Voice-to-Text & Text-to-Voice Conversion ......................................................................................... 81Chatbot 82Types of Artificial Intelligence ................................................................................................................. 83Reactive Machines .............................................................................................................................. 84Limited Memory .................................................................................................................................. 84Theory of Mind.................................................................................................................................... 85Self-Awareness .................................................................................................................................... 85Artificial Narrow Intelligence (ANI) ..................................................................................................... 86Artificial General Intelligence (AGI) .................................................................................................... 86Artificial Super Intelligence (ASI)......................................................................................................... 87Intelligent Agent and Environment ......................................................................................................... 87Intelligent (or, Intelligence) Agent (IA) ............................................................................................... 88Artificial Intelligence Environments .................................................................................................... 90Future of Artificial Intelligence ............................................................................................................... 92Chapter 03 – Machine Learning Technology .............................................................................................. 98Introduction to Machine Learning .......................................................................................................... 99Importance of Machine Learning in Modern World ............................................................................. 100How Does Machine Learning Work? ..................................................................................................... 102Types of Machine Learning ................................................................................................................... 103Supervised Machine Learning ............................................................................................................... 103Unsupervised Machine Learning........................................................................................................... 104Semi-Supervised Machine Learning ...................................................................................................... 106Reinforcement Machine Learning ........................................................................................................ 107What Is Deep Machine Learning? ......................................................................................................... 110Artificial Neural Network .................................................................................................................. 110Major Methods/Techniques of Machine Learning ............................................................................... 110Regression Model ............................................................................................................................. 111Decision Trees ................................................................................................................................... 111Clustering .......................................................................................................................................... 111Classification ..................................................................................................................................... 111Anomaly Detection ........................................................................................................................... 111Neural Network Method ................................................................................................................... 112Dimensionality Reduction ................................................................................................................. 112Ensemble Methods ........................................................................................................................... 113Transfer Learning .............................................................................................................................. 113Natural Language Processing (NLP) ...................................................................................................... 113Word Embedding .............................................................................................................................. 115What Is a Machine Learning Algorithm? ............................................................................................... 116Common Categories of Machine Learning Algorithms ......................................................................... 116Classification Algorithms ....................................................................................................................... 117Naïve Bayes ....................................................................................................................................... 117Decision Tree ..................................................................................................................................... 118Random Forest .................................................................................................................................. 119Support Vector Machines ................................................................................................................. 119K Nearest Neighbors ......................................................................................................................... 121Clustering Algorithms ............................................................................................................................ 123K-Means Clustering ........................................................................................................................... 124Expectation Maximization (EM) Algorithm ....................................................................................... 124Agglomerative Hierarchical Clustering .............................................................................................. 124Fuzzy C-Means Algorithm ................................................................................................................. 124Regression Algorithms .......................................................................................................................... 125Linear Regression .............................................................................................................................. 125Multiple linear Regression ................................................................................................................ 126Multivariate Regression .................................................................................................................... 126Logistic Regression ............................................................................................................................ 127Lasso Regression ............................................................................................................................... 127Other Regression algorithms ............................................................................................................ 127What Is AI Training Data? ..................................................................................................................... 128Types of Training Data .......................................................................................................................... 129Text Training Data ............................................................................................................................. 129Audio Training Data .......................................................................................................................... 129Video Training Data ........................................................................................................................... 129Image Training Data .......................................................................................................................... 130Sensory Training Data ....................................................................................................................... 130What Is AI Training Dataset? ................................................................................................................. 130Major Processes Used in Building Training Datasets for AI Training .................................................... 130Data Collection .................................................................................................................................. 131Data Cleaning .................................................................................................................................... 131Data Classification ............................................................................................................................. 131Data Categorization .......................................................................................................................... 131Data Annotation & Labeling .............................................................................................................. 131What are the Major Categories of Data Annotation? ........................................................................... 132Image Data Annotation ......................................................................................................................... 132Bounding Box Annotation ................................................................................................................. 1323D Cuboids Annotation ..................................................................................................................... 133Polygon Annotation .......................................................................................................................... 133Lines & Splines .................................................................................................................................. 134Semantic Segmentation .................................................................................................................... 134Text Data Annotation ............................................................................................................................ 134Entity Annotation .............................................................................................................................. 134Entity Linking ..................................................................................................................................... 134Sentiment Annotation....................................................................................................................... 135Text Classification ............................................................................................................................. 135Audio Data Annotation ......................................................................................................................... 135Sound Labeling .................................................................................................................................. 135Event Tracking ................................................................................................................................... 135Speech to Text Transcription ............................................................................................................ 135Audio Classification ........................................................................................................................... 136Multi-labeling .................................................................................................................................... 136Video Data Annotation ......................................................................................................................... 136Key Points Annotation/Landmarks ................................................................................................... 137Object localization............................................................................................................................. 137Object Tracking ................................................................................................................................. 137Gradient Boosting ............................................................................................................................. 137Top Uses of Machine Learning in Today’s World.................................................................................. 138Big Data 139Data Analytics ................................................................................................................................... 139Cybersecurity .................................................................................................................................... 139Digital Marketing............................................................................................................................... 140Business Intelligence ......................................................................................................................... 140Process Automation .......................................................................................................................... 141Automobiles ...................................................................................................................................... 141e-Commerce ...................................................................................................................................... 142Impact of Machine Learning on Cybersecurity ..................................................................................... 142Positive Impact .................................................................................................................................. 142Negative Impact ................................................................................................................................ 143Chapter 04 – Blockchain Technology ........................................................................................................ 145Introduction to Blockchain Technology ................................................................................................ 146Top Features of Blockchain Technology ........................................................................................... 147History of Blockchain Technology ......................................................................................................... 149Major Terms Used in Blockchain Technology ....................................................................................... 150Cryptographic Hash ........................................................................................................................... 150Transaction ........................................................................................................................................ 151Proof of Work .................................................................................................................................... 151Block 152Mining 152Timestamp ........................................................................................................................................ 153Stack of Technologies Forming Blockchain ........................................................................................... 153Cryptographic Keys ........................................................................................................................... 153Peer-to-Peer Network with Shared Ledger ....................................................................................... 154Computing Resources to Store Transactions & Network Records.................................................... 155How Does Blockchain Technology Work? ............................................................................................. 155Node 155Block 155What Is Distributed Ledger Technology (DLT)? .................................................................................... 156Types of Blockchain Technology ........................................................................................................... 156Public Blockchain .............................................................................................................................. 158Private Blockchain ............................................................................................................................. 159Consortium Blockchain ..................................................................................................................... 159Hybrid Blockchains ............................................................................................................................ 159Typical Uses of Blockchain Technology ................................................................................................. 160Cryptocurrency.................................................................................................................................. 160Non-Fungible Token (NFT) ................................................................................................................ 161Smart Contracts ................................................................................................................................ 161Financial Markets .............................................................................................................................. 162Electronic Voting ............................................................................................................................... 162Record Maintenance ......................................................................................................................... 163Supply Chain ...................................................................................................................................... 163Government ...................................................................................................................................... 163Impact of Blockchain Technology on Cybersecurity ............................................................................. 164Chapter 05 – 5th Generation Wireless Technology ................................................................................... 168An Introduction to 5G Technology ........................................................................................................ 169Importance of 5G Technology .............................................................................................................. 170Evolution of Cellular Networks ............................................................................................................. 172First Generation (1G) ........................................................................................................................ 172Second Generation (2G) .................................................................................................................... 172Third Generation (3G) ....................................................................................................................... 173Fourth Generation (4G) ..................................................................................................................... 173Fifth Generation (5G) ........................................................................................................................ 174Sixth Generation (6G)........................................................................................................................ 174Key Features and Capabilities of 5G Technology .................................................................................. 174Architecture of 5G Network .................................................................................................................. 176Top Protocols Used in 5G Networks ..................................................................................................... 1793GPP 179New Radio (NR) ................................................................................................................................. 180NextGen Core .................................................................................................................................... 181LTE Advanced Pro .............................................................................................................................. 182EPC Evolution .................................................................................................................................... 183Impact of 5G Technology on Cybersecurity .......................................................................................... 183Chapter 06 – Internet of Things (IoT) ........................................................................................................ 188Introduction to Internet of Things (IoT) ................................................................................................ 189Importance of IoT.............................................................................................................................. 189Main Features of Internet of Things ................................................................................................. 190History of Internet of Things ................................................................................................................. 190What Is Ambient Intelligence in IoT? .................................................................................................... 191Autonomous Control in IoT ................................................................................................................... 191Range of Enabling Technologies Behind Internet of Things ................................................................. 191Low Power Sensors ........................................................................................................................... 192Cloud Computing .............................................................................................................................. 192Artificial Intelligence (AI) ................................................................................................................... 192Machine Learning .............................................................................................................................. 192Data Analytics ................................................................................................................................... 192Big Data 193Short Range Wireless Technologies .................................................................................................. 193Medium & Long-Range Wireless Technologies ................................................................................ 193Effective Communication Protocols .................................................................................................. 193Internet Protocol V6 ......................................................................................................................... 194Architecture of Internet of Things Ecosystem ...................................................................................... 194Three Layer Architecture .................................................................................................................. 194Four Layer Architecture .................................................................................................................... 194Five Layer Architecture ..................................................................................................................... 195What Is Decentralized Internet of Things Concept? ............................................................................. 195What Is Industrial Internet of Things? .................................................................................................. 196Industrial Internet of Things Standard Bodies ...................................................................................... 196Important Industrial Internet of Things IIoT Platforms......................................................................... 197Azure IoT 197Oracle IoT Cloud ................................................................................................................................ 198IBM Watson IoT................................................................................................................................. 198AWS IoT 198Siemens Mind Sphere ....................................................................................................................... 198Flutura Cerebra ................................................................................................................................. 198Thing Worx ........................................................................................................................................ 199GE Predix 199IIoT Use Cases in Different Industries ................................................................................................... 199Smart Cities ....................................................................................................................................... 200Smart Home ...................................................................................................................................... 200Manufacturing .................................................................................................................................. 200Process Automation .......................................................................................................................... 200Energy Management ......................................................................................................................... 200Supply Chain ...................................................................................................................................... 201Healthcare ......................................................................................................................................... 201Agriculture ........................................................................................................................................ 201Military 201Transportation .................................................................................................................................. 201Challenges Posed by Internet of Things ................................................................................................ 202Cybersecurity .................................................................................................................................... 202Privacy 202Complex Operations & Management ............................................................................................... 202Environment Impact ......................................................................................................................... 203Bulky Data ......................................................................................................................................... 203Impact of IoT on Cybersecurity ............................................................................................................. 203Chapter 07 – Distributed Cloud Computing .............................................................................................. 206An Introduction to Distributed Cloud Computing ................................................................................. 207What Is Edge Computing? ..................................................................................................................... 208Advantages of Distributed Cloud .......................................................................................................... 209Working Principle of Distributed Cloud ................................................................................................ 210Distributed Cloud Architecture ............................................................................................................. 210Top Use Cases of Distributed Cloud in Industries ................................................................................. 211Content Delivery Network (CDN) ...................................................................................................... 212Internet of Things (IoT) & Edge ......................................................................................................... 214Software Defined Infrastructure (SDI) .............................................................................................. 214Big Data Processing ........................................................................................................................... 215Multi-Cloud Unification ..................................................................................................................... 215Centralized Management ................................................................................................................. 216Challenges of Distributed Cloud Computing ......................................................................................... 216Impact of Distributed Cloud Computing on Cybersecurity ................................................................... 217Chapter 08 – Quantum Computing ........................................................................................................... 220An Introduction to Quantum Computing.............................................................................................. 221Salient Features of Quantum Computing ............................................................................................. 222Short History of Quantum Computing .................................................................................................. 223What Is Quantum Physics? ................................................................................................................... 224Theory of Quantum Computing ........................................................................................................ 224Working Principle of Quantum Computing........................................................................................... 225How Many States Are Used in Quantum Computing? .......................................................................... 225What Are Superimposition and Entanglement in Quantum Computing? ............................................ 225Difference Between Traditional Computing & Quantum Computing .................................................. 226Real-World Quantum Applications ....................................................................................................... 227Major Projects on Quantum Computing ............................................................................................... 229IBM 230Honeywell ......................................................................................................................................... 230Google 230Microsoft 231Main Terminologies Used in Quantum Computing .............................................................................. 232Superconductors ............................................................................................................................... 232Superfluid .......................................................................................................................................... 233Quantum Mechanics ......................................................................................................................... 234Qubits 234Quantum Logic Gate ......................................................................................................................... 235Quantum Counting ............................................................................................................................ 236Grover’s Algorithm ............................................................................................................................ 236Shor’s Algorithm ............................................................................................................................... 236Josephson Junction ........................................................................................................................... 237Chapter 09 – Tactile Virtual Reality .......................................................................................................... 240An Introduction to Tactile Virtual Reality ............................................................................................. 241Augmented Reality and Virtual Reality ................................................................................................. 242History & Evolution of Tactile Virtual Reality ........................................................................................ 242Types of Virtual Reality ......................................................................................................................... 244Non-Immersive VR ............................................................................................................................ 244Fully-Immersive VR ........................................................................................................................... 244Semi-Immersive VR ........................................................................................................................... 245Neurophysiological Tactile Measurement Techniques ......................................................................... 245Electroencephalography (EEG) ......................................................................................................... 246Magnetoencephalography (MEG)..................................................................................................... 246Functional Magnetic Resonance Imaging (fMRI) .............................................................................. 246Somatosensation and Its Types ............................................................................................................ 246Active Somatosensation.................................................................................................................... 247Passive Somatosensation .................................................................................................................. 247Major VR Terms with Definitions .......................................................................................................... 247Head Mounted Display (HMD) .......................................................................................................... 247Haptics 247360 Videos ......................................................................................................................................... 247Interactive VR .................................................................................................................................... 248Stereoscopy ....................................................................................................................................... 2484D Virtual Reality .............................................................................................................................. 248Field of View (FOV) ............................................................................................................................ 248Image/Video Stitching ....................................................................................................................... 248Simulator Sickness ............................................................................................................................ 248Cave Automatic Virtual Environment ............................................................................................... 249Mixed Reality .................................................................................................................................... 249Real-Word Applications of Tactile Virtual Reality ................................................................................. 249Video Games ..................................................................................................................................... 250Education & Training ......................................................................................................................... 251Product Development ....................................................................................................................... 252Chapter 10 – An Overview of Top Futuristic Technologies ....................................................................... 255What Is Futuristic Technology? ............................................................................................................. 256Top Futuristic Technologies .................................................................................................................. 2583D Printing Technology ..................................................................................................................... 2594D Printing ........................................................................................................................................ 2636G Technology .................................................................................................................................. 263Autonomous Robots ......................................................................................................................... 267Artificial Neurons .............................................................................................................................. 271Artificial General Intelligence (AGI) .................................................................................................. 273Artificial Super Intelligence (ASI)....................................................................................................... 274Mind Uploading................................................................................................................................. 276Driverless Vehicles ............................................................................................................................ 278Infrastructure Hacking ...................................................................................................................... 279Regenerative Medicine ..................................................................................................................... 279Digital Twin (DT) Technology ............................................................................................................ 280Programmable Living Robots ............................................................................................................ 282Human Augmentation ....................................................................................................................... 283Intelligent Process Automation (IPA) ................................................................................................ 283Space Elevator ................................................................................................................................... 284Rotating Skyhook .............................................................................................................................. 285Light Sail 285Chapter 11 – Impact of Advanced & Futuristic Technologies on Cybersecurity ...................................... 288Overview of Impact of Modern Technologies on Cybersecurity .......................................................... 288Major Cybersecurity Challenges Due to Advanced Technologies ........................................................ 291Risk to National Security ................................................................................................................... 292Breach of Privacy ............................................................................................................................... 293Increased Burden of Cybersecurity on Businesses ........................................................................... 294Shortage of Cybersecurity Specialists ............................................................................................... 294Risk of Extensive Data Exposure ....................................................................................................... 295Society & Business Manipulation ...................................................................................................... 295References ................................................................................................................................................ 298

Read more less

Book SynopsisChapter 1: Introduction to Cybersecurity Audits.- Chapter 2: Planning the Cybersecurity Audit.- Chapter 3: Assessing Security Control.- Chapter 4: Compliance and Regulations.- Chapter 5 Introduction to Cyber Risk Management.- Chapter 6 Tools for Network and Cyber Security Audits.- Chapter 7 How to Write an Effective Cybersecurity Audit Report.- Chapter 8 Real-Life Scenarios and Case Studies.

Read more less

Book Synopsis

Read more less