{"title":"Computer security Books","description":"","products":[{"product_id":"deploying-secure-containers-for-training-and-development-9780128047170","title":"Deploying Secure Containers for Training and","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003eIntroduction Chapter 1- Containers Chapter 2- Using containers in Training Chapter 3- Experimentation","brand":"Syngress Media,U.S.","offers":[{"title":"Default Title","offer_id":48732337439063,"sku":"9780128047170","price":999.99,"currency_code":"GBP","in_stock":false}]},{"product_id":"database-and-application-security-9780138073732","title":"Database and Application Security","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eDr. R. Sarma Danturthi\u003c\/strong\u003e holds a PhD in Engineering from the University of Memphis (Memphis, TN) and works for the US Department of Defense. He has several years of experience with IT security, coding, databases, and project management. He holds Sec+, CISSP, and PMP certifications and is the author of the book \u003cem\u003e70 Tips and Tricks for Mastering the CISSP Exam\u003c\/em\u003e (APress, 2020).\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cem\u003eIntroduction \u003c\/em\u003e\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart I. Security Fundamentals\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003eChapter 1: The Basics of Cybersecurity\u003c\/p\u003e \u003cp\u003eChapter 2: Security Details\u003c\/p\u003e \u003cp\u003eChapter 3: Goals of Security\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart II. Database Security--The Back End\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003eChapter 4: Database Security Introduction\u003c\/p\u003e \u003cp\u003eChapter 5: Access Control of Data\u003c\/p\u003e \u003cp\u003eChapter 6: Data Refresh, Backup, and Restore\u003c\/p\u003e \u003cp\u003eChapter 7: Host Security\u003c\/p\u003e \u003cp\u003eChapter 8: Proactive Monitoring\u003c\/p\u003e \u003cp\u003eChapter 9: Risk, Monitoring, and Encryption\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart III. Application Security--The Front End\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003eChapter 10: Application Security Fundamentals\u003c\/p\u003e \u003cp\u003eChapter 11: The Unseen Back End\u003c\/p\u003e \u003cp\u003eChapter 12: Securing Software--In-House and Vendor\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart IV. Security Administration\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003eChapter 13: Security Administration\u003c\/p\u003e \u003cp\u003eChapter 14: Follow a Proven Path for Security\u003c\/p\u003e \u003cp\u003eChapter 15: Mobile Devices and Application Security\u003c\/p\u003e \u003cp\u003eChapter 16: Corporate Security in Practice\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cem\u003eIndex \u003c\/em\u003e\u003c\/p\u003e","brand":"Pearson Education (US)","offers":[{"title":"Default Title","offer_id":48732342321495,"sku":"9780138073732","price":28.49,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9780138073732.jpg?v=1719996490"},{"product_id":"cyber-persistence-theory-redefining-national-security-in-cyberspace-bridging-the-gap-9780197638262","title":"Cyber Persistence Theory Redefining National","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003eCyber Persistence Theory is an important addition to our collective understanding of the dynamics of cyberspace and its implications for national security. It provides sound insight and excellent analysis on how we can meet the challenges of cyber in the hyper-connected, digitally driven world we find ourselves in today. Excellent work on a topic of increasing importance to all! * Admiral Michael S. Rogers, USN (ret) former Commander, US Cyber Command and Director, National Security Agency (2014-2018) *\u003cbr\u003eThis timely new book is destined to go down as a major milestone in the development of new strategic thought for twenty-first century. With admirable clarity and powerful prose, the authors first dismantle the deterrence-focused paradigm that has so far guided US defense strategy in cyber space and then formulate a new organizing concept. Anyone interested in cyber security must come to terms with this new thinking. * Brad Roberts, Center for Global Security Research *\u003cbr\u003eMichael Fischerkeller, Emily Goldman, and Richard Harknett have once again made an incredibly valuable contribution to the development of American cyber policy and strategy through the writing of Cyber Persistence Theory. The authors push its readership to think beyond classical deterrence theory to new concepts for engaging and defeating undeterred adversaries in cyberspace. In short, this book argues the need for change and to take more risk to close an increasingly larger risk in our defense and national security as well as our public safety posture as American citizens To do so, the authors argue will require not only persistent engagement, but a 'whole-of-nation plus' effort. A must-read for both national and cyber security professionals! * Robert J. Butler, former Deputy Assistant Secretary of Defense for Cyber and Space Policy *\u003cbr\u003eTime will tell whether cyberspace operations can have coercive effect, but it is unambiguously true that to date, nations have used cyberspace mostly to gain advantage in competing with other nations. Understanding how they do so is a new challenge that scholars of international relations would do well to take on, and this book is a superb point of departure for them. * Herb Lin, Hank J. Holland Fellow in Cyber Policy and Security, Hoover Institution, Stanford University *\u003cbr\u003eThis book helps to fill a crucial gap in strategic thinking about the fundamentals of cyberspace and sets out a clear course of action for the US government. It is a must-read for students, analysts and policymakers. * Max Smeets, Senior Researcher ETH Zurich, Center for Security Studies, and author of No Shortcuts: Why States Struggle Develop a Military Cyber-Force *\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003eAcknowledgments Foreword by General Paul Nakasone Chapter 1: The Misapplied Nexus of Theory and Policy Chapter 2: The Structure of Strategic Environments Chapter 3: Cyber Behavior and Dynamics Chapter 4: Theory and the Empirical Record Chapter 5: Cyber Stability Chapter 6: The Cyber Aligned Nexus of Theory and Policy Chapter 7: United States Case Study Bibliography Index","brand":"Oxford University Press Inc","offers":[{"title":"Default Title","offer_id":48732663873879,"sku":"9780197638262","price":24.49,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9780197638262.jpg?v=1719997855"},{"product_id":"cyberspace-and-international-relations-the-coevolution-dilemma-information-policy-9780262038911","title":"Cyberspace and International Relations The","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cb\u003eA foundational analysis of the co-evolution of the internet and international relations, examining resultant challenges for individuals, organizations, firms, and states.\u003c\/b\u003e\u003cp\u003eIn our increasingly digital world, data flows define the international landscape as much as the flow of materials and people. How is cyberspace shaping international relations, and how are international relations shaping cyberspace? In this book, Nazli Choucri and David D. Clark offer a foundational analysis of the co-evolution of cyberspace (with the internet as its core) and international relations, examining resultant challenges for individuals, organizations, and states.\u003c\/p\u003e\u003cp\u003eThe authors examine the pervasiveness of power and politics in the digital realm, finding that the internet is evolving much faster than the tools for regulating it. This creates a “co-evolution dilemma”—a new reality in which digital interactions have enabled weaker actors to influence or threaten stronger actors,\u003c\/p\u003e","brand":"MIT Press Ltd","offers":[{"title":"Default Title","offer_id":48733449191767,"sku":"9780262038911","price":40.85,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9780262038911.jpg?v=1720000122"},{"product_id":"programming-with-stm32-getting-started-with-the-nucleo-board-and-cc-9781260031317","title":"Programming with STM32 Getting Started with the","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cdiv\u003e\u003cb\u003ePublisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, \u003cspan style=\"white-space:pre\"\u003e\u003c\/span\u003eauthenticity, or access to any online entitlements included with the product.\u003c\/b\u003e\u003c\/div\u003e\u003cdiv\u003e\u003cb\u003e\u003cbr\u003e\u003c\/b\u003e\u003c\/div\u003e\u003cdiv\u003e\u003cb\u003e\u003cbr\u003e\u003c\/b\u003e\u003c\/div\u003e\u003cdiv\u003e\u003cb\u003eCreate your own STM32 programs with ease!\u003c\/b\u003e\u003c\/div\u003e\u003cdiv\u003e\u003cb\u003e\u003cbr\u003e\u003c\/b\u003e\u003c\/div\u003e\u003cdiv\u003eGet up and running programming the STM32 line of microcontrollers from STMicroelectronics using the hands-on information contained in this easy-to-follow guide. Written by an experienced electronics hobbyist and author, Programming with \u003ci\u003eSTM32: Getting Started with the Nucleo Board and C\/C++ \u003c\/i\u003efeatures start-to-finish projects that clearly demonstrate each technique. Discover how to set up a stable development toolchain, write custom programs, download your programs to the development board, and execute them. You will even learn how to work with external servos and LED displays!\u003c\/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c\/div\u003e\u003cdiv\u003eâ\u003cspan style=\"\"\u003e\u003c\/span\u003e\n\u003c\/div\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48738468430167,"sku":"9781260031317","price":18.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781260031317.jpg?v=1723812073"},{"product_id":"official-isc-2-guide-to-the-hcispp-cbk-9781482262773","title":"Official (ISC)2 Guide to the HCISPP CBK","description":"\u003cp\u003eHealthCare Information Security and Privacy Practitioners (HCISPPSM) are the frontline defense for protecting patient information. These are the practitioners whose foundational knowledge and experience unite healthcare information security and privacy best practices and techniques under one credential to protect organizations and sensitive patient data against emerging threats and breaches.\u003cbr\u003e\u003cbr\u003eThe \u003cb\u003eOfficial (ISC)2® Guide to the HCISPP\u003c\/b\u003eSM\u003cb\u003e CBK®\u003c\/b\u003e\u003ci\u003e \u003c\/i\u003eis a comprehensive resource that provides an in-depth look at the six domains of the HCISPP Common Body of Knowledge (CBK). This guide covers the diversity of the healthcare industry, the types of technologies and information flows that require various levels of protection, and the exchange of healthcare information within the industry, including relevant regulatory, compliance, and legal requirements.\u003cbr\u003e\u003cbr\u003eNumerous illustrated examples and tables are included that illustrate key concepts, frameworks, and real-life scenarios. Endorsed by the (ISC)² and compiled and reviewed by HCISPPs and (ISC)² members, this book brings together a global and thorough perspective on healthcare information security and privacy. Utilize this book as your fundamental study tool in preparation for the HCISPP certification exam.\u003c\/p\u003e","brand":"Apple Academic Press Inc.","offers":[{"title":"Default Title","offer_id":48739652600151,"sku":"9781482262773","price":61.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781482262773.jpg?v=1720052829"},{"product_id":"serverless-security-9781484260999","title":"Serverless Security","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eApply the basics of security in serverless computing to new or existing projects. This hands-on guide provides practical examples and fundamentals. You will apply these fundamentals in all aspects of serverless computing: improving the code, securing the application, and protecting the infrastructure. You will come away having security knowledge that enables you to secure a project you are supporting and have technical conversations with cybersecurity personnel.\u003cp\u003e\u003c\/p\u003e\u003cp\u003eAt a time when there are many news stories on cybersecurity breaches, it is crucial to think about security in your applications. It is tempting to believe that having a third-party host the entire computing platform will increase security. This book shows you why cybersecurity is the responsibility of everyone working on the project.\u003c\/p\u003e\u003cp\u003e\u003cb\u003e\u003cbr\u003e\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003e\u003cb\u003eWhat You Will Learn\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eGain a deeper understanding of cybersecurity in serverless computing\u003c\/li\u003e\n\u003cli\u003eKnow how to use free and open source\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cb\u003eIntroduction\u003c\/b\u003e\u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I: The Need for Security\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: Determining Scope\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding the Application\u003c\/p\u003e \u003cp\u003eScoping\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Performing a Risk Assessment\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding the Threat Landscape\u003c\/p\u003e \u003cp\u003eThreat Modeling\u003c\/p\u003e \u003cp\u003ePreparing the Risk Assessment\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003ePart II: Securing the Application\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: Securing the Code\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAssessing Dependencies\u003c\/p\u003e \u003cp\u003eUsing Static Code Analysis Tools\u003c\/p\u003e \u003cp\u003eWriting Unit Tests\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Securing the Interfaces\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIdentifying the Interfaces\u003c\/p\u003e \u003cp\u003eDetermining the Interface Inputs\u003c\/p\u003e \u003cp\u003eReducing the Attack Surface\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Securing the Code Repository\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUsing a Code Repository\u003c\/p\u003e \u003cp\u003eLimiting Saved Content\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III: Securing the Infrastructure\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Restricting Permissions\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Permissions\u003c\/p\u003e \u003cp\u003eIdentifying the Services\u003c\/p\u003e \u003cp\u003eUpdating the Permissions\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Account Management\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Account Access\u003c\/p\u003e \u003cp\u003eRestricting Account Access\u003c\/p\u003e \u003cp\u003eImplementing Multi-Factor Authentication\u003c\/p\u003e Using Secrets\u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV: Monitoring and Alerting\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Monitoring Logs\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Logging Methods\u003c\/p\u003e \u003cp\u003eReviewing Logs\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Monitoring Metrics\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Metrics\u003c\/p\u003e \u003cp\u003eReviewing Metrics\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Monitoring Billing\u003c\/b\u003e\u003c\/p\u003e Understanding Billing\u003cp\u003e\u003c\/p\u003e \u003cp\u003eReviewing Billing\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Monitoring Security Events\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Security Events\u003c\/p\u003e \u003cp\u003eReviewing Security Event\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Alerting\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Alerting\u003c\/p\u003e \u003cp\u003eImplementing Alerting\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11: Auditing\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Auditing\u003c\/p\u003e \u003cp\u003eImplementing Auditing\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cb\u003ePart V: Security Assessment and Report\u003c\/b\u003e\u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12: Finalizing the Risk Assessment\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eScoring the Identified Risks\u003c\/p\u003e \u003cp\u003eDefining the Mitigation Steps\u003c\/p\u003e \u003cp\u003eAssessing the Business Impact\u003c\/p\u003e \u003cp\u003eDetermining the Overall Security Risk Level\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"APress","offers":[{"title":"Default Title","offer_id":48739665936727,"sku":"9781484260999","price":41.24,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781484260999.jpg?v=1720052855"},{"product_id":"tactical-wireshark-9781484292907","title":"Tactical Wireshark","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eTake a systematic approach at identifying intrusions that range from the most basic to the most sophisticated, using Wireshark, an open source protocol analyzer. This book will show you how to effectively manipulate and monitor different conversations and perform statistical analysis of these conversations to identify the IP and TCP information of interest.\u003c\/p\u003e\u003cp\u003eNext, you''ll be walked through a review of the different methods malware uses, from inception through the spread across and compromise of a network of machines. The process from the initial click through intrusion, the characteristics of Command and Control (C2), and the different types of lateral movement will be detailed at the packet level.\u003c\/p\u003e\u003cp\u003eIn the final part of the book, you''ll explore the network capture file and identification of data for a potential forensics extraction, including inherent capabilities for the extraction of objects such as file data and other corresponding components in support of a foren\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003eChapter 1: Customization of the Wireshark Interface \u003c\/p\u003e\u003cp\u003e\u003cb\u003eChapter Goal: - Learn how to edit the columns of the Wireshark user interface. Explore important items to include in the interface for performing intrusion and malware analysis\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages - 18\u003c\/b\u003e \u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub -Topics\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Identifying columns to delete from the default displays\u003c\/p\u003e \u003cp\u003e2. Adding the source and destination ports for easy traffic analysis\u003c\/p\u003e \u003cp\u003e3. Specialty column customization for malware analysis\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Intrusions Chapter 2: Capturing Network Traffic \u003cp\u003e\u003cb\u003eChapter Goal: Setup a network capture in Wireshark\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: - 24\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub - Topics\u003c\/b\u003e \u003c\/p\u003e \u003cp\u003e1. Prerequisites for capturing live network data \u003c\/p\u003e \u003cp\u003e2. Working with Network Interfaces\u003c\/p\u003e \u003cp\u003e3. Exploring the network capture options\u003c\/p\u003e \u003cp\u003e4. Filtering While Capturing \u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 3: Interpreting Network Protocols \u003cp\u003e\u003cb\u003eChapter Goal: A deep understanding of the network protocols at the packet level\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e : 30\u003cb\u003e\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub - Topics:\u003c\/b\u003e \u003c\/p\u003e \u003cp\u003e1. Investigating IP, the workhorse of the network\u003c\/p\u003e 2. Analyzing ICMP and UDP\u003cp\u003e\u003c\/p\u003e \u003cp\u003e3. Dissection of TCP traffic\u003c\/p\u003e \u003cp\u003e4. Reassembly of packets\u003c\/p\u003e \u003cp\u003e5. Interpreting Name Resolution\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 4: Analysis of Network Attacks \u003cp\u003e\u003cb\u003eChapter Goal: Understand the hacking mindset and leverage that to identify attacks\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub - Topics: \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Introducing a Hacking Methodology\u003c\/p\u003e \u003cp\u003e2. Examination of reconnaissance network traffic artifacts\u003c\/p\u003e \u003cp\u003e3. Leveraging the statistical properties of the capture file\u003c\/p\u003e \u003cp\u003e4. Identifying SMB based attacks\u003c\/p\u003e \u003cp\u003e5. Uncovering HTTP\/HTTPS based attack traffic\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 5: Effective Network Traffic Filtering \u003cp\u003e\u003cb\u003eChapter Goal: Use of the complex filtering capability of Wireshark to extract attack data\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 35\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub - Topics: \u003c\/b\u003e\u003c\/p\u003e 1. Identifying filter components\u003cp\u003e\u003c\/p\u003e \u003cp\u003e2. Investigating the conversations\u003c\/p\u003e 3. Extracting the packet data\u003cp\u003e\u003c\/p\u003e \u003cp\u003e4. Building Filter Expressions\u003c\/p\u003e 5. Decrypting HTTPS Traffic\u003cp\u003e\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 6: Advanced Features of Wireshark \u003cp\u003e\u003cb\u003eChapter Goal: A fundamental review and understanding of the advanced features of Wireshark\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 35\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub – Topics: \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Working with cryptographic information in a packet\u003c\/p\u003e \u003cp\u003e2. Exploring the protocol dissectors of Wireshark\u003c\/p\u003e 3. Viewing logged anomalies in Wireshark\u003cp\u003e\u003c\/p\u003e \u003cp\u003e4. Capturing traffic from remote computers\u003c\/p\u003e 5. Command line tool tshark\u003cp\u003e\u003c\/p\u003e \u003cp\u003e6. Creating Firewall ACL rules\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 7: Scripting and interacting with Wireshark \u003cp\u003e\u003cb\u003eChapter Goal: Using scripts to extract and isolate data of interest from network capture files\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Lua scripting\u003c\/p\u003e \u003cp\u003e2. Interaction with Pandas\u003c\/p\u003e \u003cp\u003e3. Leveraging PyShark\u003c\/p\u003e Malware Chapter 8: Basic Malware Traffic Analysis \u003cp\u003e\u003cb\u003eChapter Goal: Develop an understanding of the different stages of a malware infection\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 36\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Customization of the interface for malware analysis\u003c\/p\u003e 2. Extracting the files\u003cp\u003e\u003c\/p\u003e \u003cp\u003e3. Recognizing URL\/Domains of an infected site\u003c\/p\u003e \u003cp\u003e4. Determining the connections as part of the infected machine\u003c\/p\u003e \u003cp\u003e5. Scavenging the infected machine meta data\u003c\/p\u003e \u003cp\u003e6. Exporting the data objects\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 9: Analyzing Encoding, Obfuscated and ICS Malware Traffic \u003cp\u003e\u003cb\u003eChapter Goal: Identify the encoding or obfuscated method in network traffic\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 40\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Investigation of njRAT\u003c\/p\u003e \u003cp\u003e2. Analysis of Wanna Cry\u003c\/p\u003e \u003cp\u003e3. Exploring Cryptolocker\u003c\/p\u003e \u003cp\u003e4. Dissecting TRITON\u003c\/p\u003e 5. Examining Trickbot\u003cp\u003e\u003c\/p\u003e \u003cp\u003e6. Understanding exploit kits\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 10: Dynamic Malware Network Activities \u003cp\u003e\u003cb\u003eChapter Goal: Review and understand malware network activity as it happens\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 40\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub – Topics: \u003c\/b\u003e\u003c\/p\u003e 1. Setting up network and service simulation\u003cp\u003e\u003c\/p\u003e \u003cp\u003e2. Monitoring malware communications and connections at run time and beyond\u003c\/p\u003e \u003cp\u003e3. Detecting network evasion attempts\u003c\/p\u003e \u003cp\u003e4. Investigating Cobalt Strike Beacons\u003c\/p\u003e \u003cp\u003e5. Exploring C2 backdoor methods\u003c\/p\u003e 6. Identifying Domain Generation Algorithms\u003cp\u003e\u003c\/p\u003e Forensics Chapter 10: Extractions of Forensics Data with Wireshark \u003cp\u003e\u003cb\u003eChapter Goal: Learn different methods of extracting different types of case related and potential forensics evidence\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Interception of telephony data\u003c\/p\u003e \u003cp\u003e2. Discovering DOS\/DDoS\u003c\/p\u003e \u003cp\u003e3. Analysis of HTTP\/HTTPS Tunneling over DNS\u003c\/p\u003e 4. Carving files from network data\u003cp\u003e\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003eChapter 11: \u003cb\u003eNetwork Traffic Forensics\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter Goal: An understanding of extraction of potential forensics data\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 30\u003c\/p\u003e \u003cp\u003e\u003cb\u003eSub – Topics:\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e1. Isolation of conversations\u003c\/p\u003e \u003cp\u003e2. Detection of Spoofing, port scanning and SSH attacks\u003c\/p\u003e \u003cp\u003e3. Reconstruction of timeline network attack data\u003c\/p\u003e 4. Extracting compromise data\u003cp\u003e\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e Chapter 12: Conclusion \u003cp\u003e\u003cb\u003eChapter Goal: Review and summary of covered content\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e \u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNo of pages\u003c\/b\u003e: 10\u003c\/p\u003e \u003cp\u003e\u003cbr\u003e\u003c\/p\u003e","brand":"APress","offers":[{"title":"Default Title","offer_id":48739669213527,"sku":"9781484292907","price":46.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781484292907.jpg?v=1720052860"},{"product_id":"essential-cybersecurity-science-9781491920947","title":"Essential Cybersecurity Science","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eIf you're involved in cybersecurity as a software developer, forensic investigator, or network administrator, this practical guide shows you how to apply the scientific method when assessing techniques for protecting your information systems.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48739718037847,"sku":"9781491920947","price":29.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781491920947.jpg?v=1720052983"},{"product_id":"exam-ref-70-744-securing-windows-server-2016-9781509304264","title":"Exam Ref 70-744 Securing Windows Server 2016","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003ePrepare for Microsoft Exam 70-744–and help demonstrate your real-world mastery of securing Windows Server 2016 environments. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSE level. \u003c\/p\u003e \u003cp\u003eFocus on the expertise measured by these objectives: \u003c\/p\u003e \u003cp\u003e• Implement server hardening solutions \u003c\/p\u003e \u003cp\u003e• Secure a virtualization infrastructure \u003c\/p\u003e \u003cp\u003e• Secure a network infrastructure \u003c\/p\u003e \u003cp\u003e• Manage privileged identities \u003c\/p\u003e \u003cp\u003e• Implement threat detection solutions \u003c\/p\u003e \u003cp\u003e• Implement workload-specific security \u003c\/p\u003e \u003cp\u003eThis Microsoft Exam Ref: \u003c\/p\u003e \u003cp\u003e• Organizes its coverage by exam objectives \u003c\/p\u003e \u003cp\u003e• Features strategic, what-if scenarios to challenge you \u003c\/p\u003e \u003cp\u003e• Assumes you have experience as a Windows Server administrator and an understanding of basic networking and Hyper-V virtualization fundamentals, Active Directory Domain Services principles, and Windows Server security principles\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eChapter 1: Implement server hardening solutions\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e1.1 Configure disk and file encryption\u003c\/p\u003e \u003cp\u003e1.2 Implement server patching and updating solutions\u003c\/p\u003e \u003cp\u003e1.3 Implement malware protection\u003c\/p\u003e \u003cp\u003e1.4 Protect credentials \u003c\/p\u003e \u003cp\u003e1.5 Create security baselines\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003eChapter 2: Secure a virtualization infrastructure\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e2.1 Implement a Guarded Fabric solution\u003c\/p\u003e \u003cp\u003e2.2 Implement Shielded and encryption-supported VMs\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003eChapter 3: Secure a network infrastructure\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e3.1 Configure Windows Firewall\u003c\/p\u003e \u003cp\u003e3.2 Implement a Software Defined Distributed Firewall\u003c\/p\u003e \u003cp\u003e3.3 Secure network traffic\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003eChapter 4: Manage privileged identities\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e4.1 Implement an Enhanced Security Administrative Environment (ESAE) administrative forest design approach\u003c\/p\u003e \u003cp\u003e4.2 Implement Just-In-Time (JIT) Administration\u003c\/p\u003e \u003cp\u003e4.3 Implement Just-Enough-Administration (JEA)\u003c\/p\u003e \u003cp\u003e4.4 Implement Privileged Access Workstations (PAWs) and User Rights Assignments\u003c\/p\u003e \u003cp\u003e4.5 Implement Local Administrator Password Solution (LAPS)\u003c\/p\u003e \u003cp\u003eChapter 5: Implement threat detection solutions\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e5.1 Configure advanced audit policies\u003c\/p\u003e \u003cp\u003e5.2 Install and configure Microsoft Advanced Threat Analytics (ATA)\u003c\/p\u003e \u003cp\u003e5.3. Determine threat detection solutions using Operations Management Suite (OMS)\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003eChapter 6: Implement workload-specific security\u003c\/p\u003e \u003cp\u003e\u003c\/p\u003e \u003cp\u003e6.1 Secure application development and server workload infrastructure\u003c\/p\u003e 6.2 Implement a secure file services infrastructure and Dynamic Access Control (DAC)","brand":"Microsoft Press,U.S.","offers":[{"title":"Default Title","offer_id":48739833512279,"sku":"9781509304264","price":28.02,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781509304264.jpg?v=1720053254"},{"product_id":"cybersecurity-abcs-delivering-awareness-behaviours-and-culture-change-9781780174242","title":"Cybersecurity ABCs: Delivering awareness,","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eCybersecurity issues, problems and incidents don’t always relate to technological faults. Many can be avoided or mitigated through improved cybersecurity awareness (A), behaviour (B) and culture change (C). These ABCs are key components of the overall security maturity of an organisation. This book is a practical guide to the Cybersecurity ABCs, for business and IT leaders looking to enhance security culture in their organisations by improving understanding and practice of cybersecurity at an individual level. Crucial awareness, behaviour and culture concepts are covered from the ground up alongside practical tips and examples, providing a key resource for those looking to create lasting cybersecurity awareness, behavioural and culture change initiatives.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003e'Provides a fresh and innovative approach to designing and implementing your cybersecurity awareness program. Unlike the majority of books on the subject, the language is easy to digest and the techniques human-focused. I would recommend this book to anyone involved in information security looking to engage the wider organisation and improve cybersecurity awareness.' -- Helen Mary Jones CITP CISSP * Group Information Security Manager, The Jockey Club *\u003cbr\u003e'A must read for all CISOs and Cybersecurity leaders who want to include people into their cybersecurity strategy. This book has made me realize that our traditional methods to Cybersecurity Awareness, Behavior and Culture has needed a substantial modern approach to empowering people into being a strong link in cybersecurity.' -- Joseph Carson CISSP * Chief Security Scientist \u0026amp; Advisory CISO, Thycotic *\u003cbr\u003e'A book about information security awareness, behaviors and cultures, by people who live and breathe all three. CYBER SECURITY ABCs explores new depths, debunks myths, answers questions and shines a light on what it means to truly address the all-important human-related elements of modern security. The perfect guide for any security leader looking to make their people their strongest security asset.' -- Michael Hill * Editor, Infosecurity Magazine *\u003cbr\u003e'An excellent read, and essential for cybersecurity leaders at all levels. This book provides not only easy to understand language, but ‘lived’ experiences, techniques and considerations to improve Awareness, Behaviour and Culture within an organisation. It provides a holistic approach, starting with examining the behaviour of the cybersecurity professional, before dealing with wider organisational change. As this is the only resource I have seen to offer practical Awareness solutions, it also makes it the missing piece from most major, industry-leading certifications.' -- Gary Cocklin CITP CISSP * Senior Cyber Security Instructor, UK Royal Air Force (RAF) *\u003cbr\u003e'This book does what every great business book does – it makes you think (differently, laterally objectively), and helps develop those thoughts into structure. It doesn’t provide an ordered checklist, but rather, architects a challenge or puzzle for each reader to solve. All of the clues, tools and techniques are laid out by the authors for each of us to successfully build a solution that is a right fit for our working environment.' -- Richard Nealon * Trustee of The SABSA Institute *\u003cbr\u003e'The perfect read for anyone looking to develop their understanding of the human side of cybersecurity. Trying to create meaningful awareness and driving positive changes in behavior for those who don’t live and breathe cybersecurity is a huge challenge that every organization faces. While there is no magic switch to create a positive cybersecurity culture, using this book as a tool will certainly provide you with the best knowledge, practical tips and insights to help you change the direction of your journey today.' -- Joe Pettit * Director, Bora *\u003cbr\u003e'Cybersecurity and Psychology make great bed fellows. Digging into awareness, behaviour and culture, the authors address the underlying 'why' that is key to engagement and empowering employees. A pragmatism gained in the field is evident throughout the book making Cybersecurity ABC's a comprehensive manual for the industry professional, that is rich in research and practical advice.' -- Andrea Manning * Founder \u0026amp; CEO, CyberPie *\u003cbr\u003e'This deeply-researched discussion of the human side of cybersecurity presents clear and actionable guidance on building a robust security programme that gives employees the knowledge and tools to be the first and best line of defence against cyber threats. The authors draw from their extensive professional experience and academic research to explain techniques for raising awareness, encouraging positive behaviours, and building a corporate culture in which protecting against cyber threats becomes as easy and as natural for the entire workforce as reciting the ABCs. I highly recommend it for anyone with an interest in cybersecurity.' -- Donald Edwards, CISSP * Director of Network Security, Salesforce *\u003cbr\u003e'Cybersecurity ABCs sparked so many creative ideas for my role in Awareness \u0026amp; Training, I had to stop reading to go chat to my team about the suggested actions in how to make our awareness program \u0026amp; security culture at HPE more effective and mature.' -- Joanne O'Connor * Cyber Security Training Program Manager, HPE *\u003cbr\u003e'This book is extremely important because we tend to focus too much on technology. But as we have seen, a lot of security incidents are not prevented by technology but through Awareness, Bahaviour and Culture. What is also really uplifting is to read a book which is not designed for technical people but instead empowers everyday IT-users to help build security and take part in the day to day IT-security work.' -- David Jacoby * Senior Security Researcher, Kaspersky *\u003cbr\u003e'The authors have done a good job explaining some of the myths and challenges surrounding “security awareness training” programs. Showing people the WHY of doing something and providing them nudges where we can is important to gaining adoption.' -- Ken Underhill * Executive Producer \u0026amp; Host, Cyber Life *\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003col\u003e\n\u003cli\u003eIntroduction\u003c\/li\u003e\n\u003cli\u003eUnderstanding Cybersecurity Awareness\u003c\/li\u003e\n\u003cli\u003eBuilding Cybersecurity Awareness\u003c\/li\u003e\n\u003cli\u003eUnderstanding Cybersecurity Behaviour\u003c\/li\u003e\n\u003cli\u003eChanging Cybersecurity Behaviour\u003c\/li\u003e\n\u003cli\u003eUnderstanding Cybersecurity Culture\u003c\/li\u003e\n\u003cli\u003eCreating and Changing Culture \u003c\/li\u003e\n\u003cli\u003eWhere Next? \u003c\/li\u003e\n\u003c\/ol\u003e","brand":"BCS Learning \u0026 Development Limited","offers":[{"title":"Default Title","offer_id":48740982391127,"sku":"9781780174242","price":23.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781780174242.jpg?v=1720056207"},{"product_id":"information-security-management-principles-9781780175188","title":"Information Security Management Principles","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eIn today’s technology-driven environment there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts.\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003eWritten in an accessible manner, \u003cem\u003eInformation Security Management Principles \u003c\/em\u003eprovides practical guidance and actionable steps to better prepare your workplace and your home alike, and keep your information secure. This book is a primer for those new to the subject as well as a guide for more experienced practitioners. It explains the fundamentals of information security, how to shape good organisational security practice, and how to recover effectively should the worst happen. \u003c\/p\u003e \u003cp\u003eThis third edition has been updated to reflect the latest threats and vulnerabilities in the IT security landscape, and updates to standards, good practice guides and legislation. It also includes updates to the BCS Certification in Information Security Management Principles, which this book supports.\u003c\/p\u003e \u003cul\u003e\n\u003cli\u003eA valuable guide to both current professionals at all levels and those wishing to embark on an information security career\u003c\/li\u003e\n\u003cli\u003eOffers practical guidance and actionable steps for individuals and businesses to protect themselves\u003c\/li\u003e\n\u003cli\u003eHighly accessible and terminology is clearly explained and supported with current, real-world examples\u003c\/li\u003e\n\u003c\/ul\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003e'This book is fantastic for those studying information security management and as a desk-side reference. It is comprehensive yet concise. I would recommend this book to anybody studying for the qualification as well as anyone in senior management positions looking to understand the basics. The language used is refreshingly understandable, making the book accessible to those outside the specialism.' -- Helen Mary Jones * Group Information Security Manager, The Jockey Club *\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003c\/p\u003e\u003col\u003e\n\u003cli\u003eInformation Security Principles\u003c\/li\u003e\n\u003cli\u003eInformation Risk\u003c\/li\u003e\n\u003cli\u003eInformation Security Framework\u003c\/li\u003e\n\u003cli\u003eSecurity Lifecycles\u003c\/li\u003e\n\u003cli\u003eProcedural and People Security Controls\u003c\/li\u003e\n\u003cli\u003eTechnical Security Controls\u003c\/li\u003e\n\u003cli\u003ePhysical and Environmental Security\u003c\/li\u003e\n\u003cli\u003eDisaster Recovery and Business Continuity Management\u003c\/li\u003e\n\u003cli\u003eOther Technical Aspects \u003c\/li\u003e\n\u003c\/ol\u003e \u003cbr\u003e \u003cbr\u003e","brand":"BCS Learning \u0026 Development Limited","offers":[{"title":"Default Title","offer_id":48740982587735,"sku":"9781780175188","price":42.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781780175188.jpg?v=1720056209"},{"product_id":"cyber-crisis-protecting-your-business-from-real-threats-in-the-virtual-world-9781950665839","title":"Cyber Crisis: Protecting Your Business from Real","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eToday, we live our lives—and conduct our business—online. Our data is in the cloud and in our pockets on our smartphones, shuttled over public Wi-Fi and company networks. To keep it safe, we rely on passwords and encryption and private servers, IT departments and best practices. But as you read this, there is a 70 percent chance that your data is compromised . . . you just don’t know it yet. Cybersecurity attacks have increased exponentially, but because they’re stealthy and often invisible, many underplay, ignore, or simply don’t realize the danger. By the time they discover a breach, most individuals and businesses have been compromised for over three years. Instead of waiting until a problem surfaces, avoiding a data disaster means acting now to prevent one. In Cyber Crisis, Eric Cole gives readers a clear-eyed picture of the information war raging in cyberspace. Drawing on 30 years of experience—as a professional hacker for the CIA, as the Obama administration’s cybersecurity commissioner, and as a consultant to clients around the globe from Bill Gates to Lockheed Martin and McAfee—Cole offers practical, actionable advice that even those with little technical background can implement, including steps to take on a daily, weekly, and monthly basis to protect their businesses and themselves. No matter who you are or where you work, cybersecurity should be a top priority. The information infrastructure we rely on in every sector of our lives—in healthcare and finance, for governments and private citizens—is both critical and vulnerable, and sooner or later, you or your company will be a target. This book is your guide to understanding the threat and putting together a proactive plan to minimize exposure and damage, and ensure the security of your business, your family, and your future.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003e“Strong cybersecurity is essential for every individual and business in this time of elevated threats. In \u003ci\u003eCyber Crisis\u003c\/i\u003e, Dr. Cole provides cutting-edge, real-world advice on how to protect your business and your family from today’s persistent cyber threats.”\u003cbr\u003e\u003cbr\u003e—\u003cb\u003eAndrew McCabe, #1 \u003ci\u003eNew York Times \u003c\/i\u003ebestselling author of \u003ci\u003eThe Threat\u003c\/i\u003e and former deputy FBI director\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e“The more I work with high-profile individuals, I realize the impact that cybersecurity can have on their lives. Anyone and everyone has to pay attention to cybersecurity and there is no one better than Dr. Cole.”\u003cbr\u003e\u003cbr\u003e—\u003cb\u003eTim Storey, life coach for Oprah\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e“Eric Cole is my ‘go to’ authority on cybersecurity. Not only is he an expert, he’s an expert explainer, which is invaluable to both businesses and the media. \u003ci\u003eCyber Crisis\u003c\/i\u003e does a top notch job of explaining cybersecurity in a way that anyone can understand. If you want your company or your audience to stay ahead of the hacks, call Eric and read his book. I recommend him without reservation.” \u003cbr\u003e\u003cbr\u003e—\u003cb\u003eJoel Roberts, former host for KABC Radio, Los Angeles\u003c\/b\u003e \u003cbr\u003e\u003cbr\u003e“An easy read and unbelievably informative and eye opening. Whether you are a parent, business owner, CEO, CFO, governmental official, or an everyday hardworking individual that uses a smartphone or computer, you will learn something and not regret reading this book . . .There is a reason that many of the most powerful and affluent people of the world have Eric's personal cell phone number.” \u003cbr\u003e\u003cbr\u003e—\u003cb\u003ePeter Clark, NYPD Lieutenant Commander-Detective Squad (Retired)\u003c\/b\u003e \u003cbr\u003e\u003cbr\u003e“Cybersecurity is one of the top threats facing any business or organization. In \u003ci\u003eCyber Crisis\u003c\/i\u003e, Dr. Cole emphasizes and concisely articulates the importance to every executive of prioritizing this critical threat . . . This book is an essential read for every executive in any industry.”\u003cbr\u003e\u003cbr\u003e—\u003cb\u003eJim Finkelstein, Rear Admiral for the US Navy (Retired)\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e“Cybersecurity is frequently at the forefront of strategy and investment planning and so often the leadership responsible for securing sensitive data has only a superficial understanding of the elements of true cybersecurity. Dr. Cole addresses this problem head-on in his new book, \u003ci\u003eCyber Crisis\u003c\/i\u003e. This book, unlike any I have seen in my career, presents critical issues in a concise and easy to follow manner that most anyone can understand. This is truly required reading for all executives and leaders.”\u003cbr\u003e\u003cbr\u003e\u003cb\u003e—Marshall Manley, former President and CEO of City Investing Company and chairman of Home Insurance Company\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e“From hospital executives to practitioners to third-party payers, the responsibility for data security is pervasive. \u003ci\u003eCyber Crisis \u003c\/i\u003eby Dr. Cole plain and simply equips leaders with a working knowledge of cybersecurity and guides them concisely on how to prepare for and manage security threats. This book simplifies a challenging and crucial topic for our industry. It should be a staple read in the medical and associated industries.”\u003cbr\u003e\u003cbr\u003e\u003cb\u003e—Paul M. Zimmerman, MD, founder of Automated Healthcare Solutions and chairman of Gensco Pharma\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\"A brilliant presentation of a complex topic in a methodical, consumable format that enables nontechnical leadership to rapidly grasp and prepare for cyber threats. This book will be the gold standard for preparing senior leadership to manage this exploding threat.”\u003cbr\u003e\u003cbr\u003e\u003cb\u003e—William Costlow, president of Performance Marketing\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e“Cybersecurity is one of the top threats facing any business. In \u003ci\u003eCyber Crisis\u003c\/i\u003e, Dr. Cole emphasizes the importance of not ignoring this critical threat and making it a top priority. Dr. Cole does a great job of taking a very complex topic and making it easy to understand for any business. This book is a must-read for any executive in any business vertical.”\u003cbr\u003e\u003cbr\u003e\u003cb\u003e—Amit Yoran, chairman and CEO of Tenable and former CEO of RSA\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e“Dr. Cole’s brilliant book emphasizes the importance of personal and institutional focus on this critical threat and making it a top priority at work and at home . . . You will find \u003ci\u003eCyber Crisis\u003c\/i\u003e to be a reader-friendly primer on every aspect of cyber threats and should be considered a must-read for any business vertical.”\u003cbr\u003e\u003cbr\u003e\u003cb\u003e—Edward “Sonny” Masso, Rear Admiral for the US Navy (Retired)—Flagship Connection\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eContents\u003c\/p\u003e \u003cp\u003e\u003cbr\u003eIntroduction The Current Reality\u003cbr\u003eChapter 1 We Are All Targets\u003cbr\u003eChapter 2 We Live in Cyberspace\u003cbr\u003eChapter 3 The Hackers Are Here\u003cbr\u003eChapter 4 Mobile Weaknesses\u003cbr\u003eChapter 5 Your Life, Hanging in the Cloud\u003cbr\u003eChapter 6 They’re in Your Business\u003cbr\u003eChapter 7 National Infrastructure Attack\u003cbr\u003eChapter 8 Cyberspace: A Place with No Borders\u003cbr\u003eChapter 9 Surviving the Cyber Crisis\u003cbr\u003eEpilogue Ten Lessons to Remember\u003cbr\u003eAbout the Author\u003cbr\u003eIndex\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e","brand":"BenBella Books","offers":[{"title":"Default Title","offer_id":48742883950935,"sku":"9781950665839","price":19.79,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781950665839.jpg?v=1720063205"},{"product_id":"core-data-analysis-summarization-correlation-and-visualization-9783030002701","title":"Core Data Analysis: Summarization, Correlation,","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eThis text examines the goals of data analysis with respect to enhancing knowledge, and identifies data summarization and correlation analysis as the core issues. Data summarization, both quantitative and categorical, is treated within the encoder-decoder paradigm bringing forward a number of mathematically supported insights into the methods and relations between them. Two Chapters describe methods for categorical summarization: partitioning, divisive clustering and separate cluster finding and another explain the methods for quantitative summarization, Principal Component Analysis and PageRank. \u003c\/p\u003e\u003cp\u003eFeatures:\u003cbr\u003e\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003e· An in-depth presentation of K-means partitioning including a corresponding Pythagorean decomposition of the data scatter. \u003c\/p\u003e\u003cp\u003e· Advice regarding such issues as clustering of categorical and mixed scale data, similarity and network data, interpretation aids, anomalous clusters, the number of clusters, etc.\u003c\/p\u003e\u003cp\u003e· Thorough attention to data-driven modelling including a number of mathematically stated relations between statistical and geometrical concepts including those between goodness-of-fit criteria for decision trees and data standardization, similarity and consensus clustering, modularity clustering and uniform partitioning.\u003c\/p\u003e\u003cp\u003eNew edition highlights: \u003c\/p\u003e\u003cp\u003e· Inclusion of ranking issues such as Google PageRank, linear stratification and tied rankings median, consensus clustering, semi-average clustering, one-cluster clustering\u003c\/p\u003e\u003cp\u003e· Restructured to make the logics more straightforward and sections self-contained\u003c\/p\u003e\u003cp\u003e\u003ci\u003eCore Data Analysis: Summarization, Correlation and Visualization\u003c\/i\u003e is aimed at those who are eager to participate in developing the field as well as appealing to novices and practitioners. \u003cbr\u003e\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003e“This book provides a clear overview of the data analysis process, the different types of statistical techniques employed for data analysis, and their role and purpose. … There is good use of a variety of examples to demonstrate how the different techniques are applied in practice. The book’s main purpose would be as a textbook for undergraduate students, or a reference book for data analysts.” (Mark Taylor, Computing Reviews, May 5, 2022)\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e","brand":"Springer Nature Switzerland AG","offers":[{"title":"Default Title","offer_id":48743020757335,"sku":"9783030002701","price":54.99,"currency_code":"GBP","in_stock":true}]},{"product_id":"autonomous-cyber-deception-reasoning-adaptive-planning-and-evaluation-of-honeythings-9783030021092","title":"Autonomous Cyber Deception: Reasoning, Adaptive","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003c\/p\u003e\u003cp\u003eThis textbook surveys the knowledge base in automated and resilient cyber deception. It features four major parts: cyber deception reasoning frameworks, dynamic decision-making for cyber deception, network-based deception, and malware deception.\u003c\/p\u003e\u003cp\u003e An important distinguishing characteristic of this book is its inclusion of student exercises at the end of each chapter. Exercises include technical problems, short-answer discussion questions, or hands-on lab exercises, organized at a range of difficulties from easy to advanced,.\u003c\/p\u003e\u003cp\u003e This is a useful textbook for a wide range of classes and degree levels within the security arena and other related topics. It’s also suitable for researchers and practitioners with a variety of cyber security backgrounds from novice to experienced.\u003c\/p\u003e\u003cp\u003e\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e1 Using Deep Learning to Generate Relational HoneyData.- 2 Towards Intelligent Cyber Deception Systems.- 3 Honeypot Deception Tactics.- 4 Modeling and Analysis of Deception Games based on Hypergame Theory.- 5 Dynamic Bayesian Games for Adversarial and Defensive Cyber Deception.- 6 CONCEAL: A Strategy Composition for Resilient Cyber Deception - Framework, Metrics and Deployment.- 7 NetShifter - A Comprehensive Multi-Dimensional Network Obfuscation and Deception Solution.- 8 Deception-Enhanced Threat Sensing for Resilient Intrusion Detection.- 9 HONEYSCOPE: IoT Device Protection with Deceptive Network Views.- 10 gExtractor: Automated Extraction of Malware Deception Parameters for Autonomous Cyber Deception.- 11 Malware Deception with Automatic Analysis and Generation of HoneyResource.","brand":"Springer Nature Switzerland AG","offers":[{"title":"Default Title","offer_id":48743021609303,"sku":"9783030021092","price":53.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9783030021092.jpg?v=1720063781"},{"product_id":"open-source-intelligence-and-cyber-crime-social-media-analytics-9783030412500","title":"Open Source Intelligence and Cyber Crime: Social","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eThis book shows how open source intelligence can be a powerful tool for combating crime by linking local and global patterns to help understand how criminal activities are connected. Readers will encounter the latest advances in cutting-edge data mining, machine learning and predictive analytics combined with natural language processing and social network analysis to detect, disrupt, and neutralize cyber and physical threats. Chapters contain state-of-the-art social media analytics and open source intelligence research trends. This multidisciplinary volume will appeal to students, researchers, and professionals working in the fields of open source intelligence, cyber crime and social network analytics.\u003c\/p\u003e \u003cp\u003e Chapter Automated Text Analysis for Intelligence Purposes: A Psychological Operations Case Study is available open access under a Creative Commons Attribution 4.0 International License via link.springer.com.\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003eChapter1. Studying the Weaponization of Social Media: Case Studies of Anti-NATO Disinformation Campaigns.- Chapter2. Cognitively-Inspired Inference for Malware Task Indentation.- Chapter3. Beyond the ‘Silk Road’: Assessing Illicit Drug Marketplaces on the Public Web.- Chapter4. Protecting the Web from Misinformation.- Chapter5. Social Media for Mental Health: Data, Methods, and Findings.- Chapter6. Twitter Bots and the Swedish Election.- Chapter7. Automated Text Analysis for Intelligence Purposes: A Psychological Operations Case Study.- Chapter8. You are Known by Your Friends: Leveraging Network Metrics for Bot Detection in Twitter.- Chapter9. Inferring Systemic Nets with Applications to Islamist Forums.\u003cbr\u003e","brand":"Springer Nature Switzerland AG","offers":[{"title":"Default Title","offer_id":48743035109719,"sku":"9783030412500","price":89.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9783030412500.jpg?v=1720063824"},{"product_id":"applied-cryptography-and-network-security-19th-international-conference-acns-2021-kamakura-japan-june-21-24-2021-proceedings-part-i-9783030783716","title":"Applied Cryptography and Network Security: 19th","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eThe two-volume set LNCS 12726 + 12727 constitutes the proceedings of the 19th International Conference on Applied Cryptography and Network Security, ACNS 2021, which took place virtually during June 21-24, 2021. \u003c\/p\u003e \u003cp\u003eThe 37 full papers presented in the proceedings were carefully reviewed and selected from a total of 186 submissions. They were organized in topical sections as follows:\u003c\/p\u003e \u003cp\u003ePart I: Cryptographic protocols; secure and fair protocols; cryptocurrency and smart contracts; digital signatures; embedded system security; lattice cryptography; \u003c\/p\u003e \u003cp\u003ePart II: Analysis of applied systems; secure computations; cryptanalysis; system security; and cryptography and its applications. \u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eCryptographic Protocols.- Adaptive-ID Secure Hierarchical ID-Based Authenticated Key Exchange under Standard Assumptions without Random Oracles.- Analysis of Client-side Security for Long-term Time-stamping Services.- Towards Efficient and Strong Backward Private Searchable Encryption with Secure Enclaves.- Secure and Fair Protocols.- CECMLP: New Cipher-Based Evaluating Collaborative Multi-Layer Perceptron Scheme in Federated Learning.- Blind Polynomial Evaluation and Data Trading.- Coin-Based Multi-Party Fair Exchange.- Cryptocurrency and Smart Contracts.- P2DEX: Privacy-Preserving Decentralized Cryptocurrency Exchange.- WOTS+ up my Sleeve! A Hidden Secure Fallback for Cryptocurrency Wallets.- Terrorist Attacks for Fake Exposure Notifications in Contact Tracing Systems.- Digital Signatures.- Unlinkable and Invisible -Sanitizable Signatures.- Partially Structure-Preserving Signatures: Lower Bounds, Constructions and More.- An Efficient Certificate-Based Signature Scheme in the Standard Model.- Embedded System Security.- SnakeGX: a sneaky attack against SGX Enclaves.- Telepathic Headache: Mitigating Cache Side-Channel Attacks on Convolutional Neural Networks.- Efficient FPGA Design of Exception-Free Generic Elliptic Curve Cryptosystems.- Lattice Cryptography.- Access Control Encryption from Group Encryption.- Password Protected Secret Sharing from Lattices.- Efficient Homomorphic Conversion Between (Ring) LWE Ciphertexts.\u003c\/p\u003e","brand":"Springer Nature Switzerland AG","offers":[{"title":"Default Title","offer_id":48743049920855,"sku":"9783030783716","price":44.99,"currency_code":"GBP","in_stock":true}]},{"product_id":"legal-developments-on-cybersecurity-and-related-fields-9783031418198","title":"Legal Developments on Cybersecurity and Related","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eThis book presents a fresh approach to cybersecurity issues, seeking not only to analyze the legal landscape of the European Union and its Member States, but to do so in an interdisciplinary manner, involving scholars from diverse backgrounds – ranging from legal experts to ICT and engineering professionals.\u003cbr\u003eCybersecurity requirements must be understood in a broader context, encompassing not just conventional aspects, but also emerging topics. This can only be achieved through an interdisciplinary approach. Indeed, cybersecurity should be consistently considered in relation to cybercrime and\/or cyber defense, while examining it through the lens of specific domains that are intertwined with various legal fields. Moreover, it is crucial to uphold ethical standards and safeguard fundamental rights, particularly regarding personal data protection.\u003cbr\u003eBy adopting this comprehensive perspective, the significance of cybersecurity in the exercise of public authority becomes apparent. It also plays an essential role in upholding the fundamental values of both individual Member States and the EU as a whole, such as the rule of law. Moreover, it fosters trust, transparency, and effectiveness in market relations and public administration interactions.\u003cbr\u003eIn turn, the book draws on the expertise of its authors to provide insights into ICT components and technologies. Understanding these elements holistically is essential to viewing every \"cyber\" phenomenon from a legal standpoint. In addition to the holistic and interdisciplinary approach it presents, the book offers a captivating exploration of cybersecurity and an engaging read for anyone interested in the field.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003eLegal Developments on Cybersecurity and Related Fields: Introductory notes and presentation.- PART I – CYBERSECURITY, CYBERDEFENCE AND LAW.- Getting critical. Making sense of the EU security framework for cloud providers.- Cyber operations targeting space systems. Legal questions and the context of privatisation.- A legal assessment of the concept of risk in reversible operations through cyber and electronic means.- Knowledge management and continuous improvement in cyberspace.- Information security metrics: challenges and models in an all-digital world.- Cyberterrorism and the Portuguese counter-terrorism act.- PART II – CYBERSECURITY AND LAW: SPECIFIC TOPICS.- Towards cybersecurity regulation of software in the European Union.- The importance of the computer undercover agent as an investigative measure against cybercrime: a special reference to child pornography crimes.- Post-Mortem data protection and succession in digital assets under Spanish law.- The suitability of the regime of technological measures for copyright protection in the face of modern cybersecurity risks.- Digital signatures and quantum computing.- No words needed? Emojis as evidence in judicial proceedings.- PART III – CYBERSECURITY, ETHICS AND FUNDAMENTAL RIGHTS.- Bug bounties: ethical and legal aspects.- Profiling and cybersecurity: a perspective from fundamental rights' protection in the EU.- Legal developments on smart public governance and fundamental rights in the digital age.- Biometric signatures in the context of Regulation (EU) nr. 910\/2014 and the general data protection regulation: the evidential value and anonymization of biometric data.- Cybersecurity issues in electronic communications and some insights on digital literacy and technological infrastructures’ demands – anticipations of the European Digital Decade through the lens of a Declaration on digital rights and principles.","brand":"Springer International Publishing AG","offers":[{"title":"Default Title","offer_id":48743085637975,"sku":"9783031418198","price":132.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9783031418198.jpg?v=1720064046"},{"product_id":"secure-systems-development-with-uml-9783642056352","title":"Secure Systems Development with UML","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eAttacks against computer systems can cause considerable economic or physical damage. High-quality development of security-critical systems is difficult, mainly because of the conflict between development costs and verifiable correctness.\u003c\/p\u003e \u003cp\u003eJürjens presents the UML extension UMLsec for secure systems development. It uses the standard UML extension mechanisms, and can be employed to evaluate UML specifications for vulnerabilities using a formal semantics of a simplified fragment of UML. Established rules of security engineering can be encapsulated and hence made available even to developers who are not specialists in security. As one example, Jürjens uncovers a flaw in the Common Electronic Purse Specification, and proposes and verifies a correction.\u003c\/p\u003e \u003cp\u003eWith a clear separation between the general description of his approach and its mathematical foundations, the book is ideally suited both for researchers and graduate students in UML or formal methods and security, and for advanced professionals writing critical applications.\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003ePrologue.- Walk-through: Using UML for Security.- Background.- Developing Secure Systems.- Model-based Security Engineering with UML.- Applications.- Tool Support.- Tool support for UMLsec.- A Formal Foundation.- Formal Systems Development with UML.- Epilogue.- Further Material.- Outlook.","brand":"Springer-Verlag Berlin and Heidelberg GmbH \u0026 Co. KG","offers":[{"title":"Default Title","offer_id":48743132758359,"sku":"9783642056352","price":94.99,"currency_code":"GBP","in_stock":true}]},{"product_id":"ios-17-app-development-for-beginners-get-started-with-ios-app-development-using-swift-5-9-swiftui-and-xcode-15-9789355515858","title":"iOS 17 App Development for Beginners: Get started","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e","brand":"BPB Publications","offers":[{"title":"Default Title","offer_id":48743244300631,"sku":"9789355515858","price":29.92,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9789355515858.jpg?v=1720064749"},{"product_id":"hyperautomation-with-generative-ai-learn-how-hyperautomation-and-generative-ai-can-help-you-transform-your-business-and-create-new-value-9789355518590","title":"Hyperautomation with Generative AI: Learn how","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e","brand":"BPB Publications","offers":[{"title":"Default Title","offer_id":48743245021527,"sku":"9789355518590","price":33.24,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9789355518590.jpg?v=1720064753"},{"product_id":"computer-architecture-and-organization-fundamentals-and-architecture-security-9789811656613","title":"Computer Architecture and Organization:","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eIn today’s workplace, computer and cybersecurity professionals must understand both hardware and software to deploy effective security solutions. This book introduces readers to the fundamentals of computer architecture and organization for security, and provides them with both theoretical and practical solutions to design and implement secure computer systems. Offering an in-depth and innovative introduction to modern computer systems and patent-pending technologies in computer security, the text integrates design considerations with hands-on lessons learned to help practitioners design computer systems that are immune from attacks.\u003c\/p\u003e \u003cp\u003eStudying computer architecture and organization from a security perspective is a new area. There are many books on computer architectures and many others on computer security. However, books introducing computer architecture and organization with security as the main focus are still rare. This book addresses not only how to secure computer components (CPU, Memory, I\/O, and network) but also how to secure data and the computer system as a whole. It also incorporates experiences from the author’s recent award-winning teaching and research.\u003c\/p\u003e The book also introduces the latest technologies, such as trusted computing, RISC-V, QEMU, cache security, virtualization, cloud computing, IoT, and quantum computing, as well as other advanced computing topics into the classroom in order to close the gap in workforce development. \u003cp\u003e\u003c\/p\u003e \u003cp\u003eThe book is chiefly intended for undergraduate and graduate students in computer architecture and computer organization, as well as engineers, researchers, cybersecurity professionals, and middleware designers.\u003c\/p\u003e\u003cbr\u003e\u003cp\u003e\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e","brand":"Springer Verlag, Singapore","offers":[{"title":"Default Title","offer_id":48743291191639,"sku":"9789811656613","price":47.49,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9789811656613.jpg?v=1720064951"},{"product_id":"the-future-of-financial-systems-in-the-digital-age-perspectives-from-europe-and-japan-9789811678295","title":"The Future of Financial Systems in the Digital","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eThis book is open access, which means that you have free and unlimited access.\u003c\/p\u003e\u003cp\u003eThe increasing capacity of digital networks and computing power, together with the resulting connectivity and availability of “big data”, are impacting financial systems worldwide with rapidly advancing deep-learning algorithms and distributed ledger technologies. They transform the structure and performance of financial markets, the service proposition of financial products, the organization of payment systems, the business models of banks, insurance companies and other financial service providers, as well as the design of money supply regimes and central banking.\u003c\/p\u003e\u003cp\u003eThis book, \u003ci\u003eThe Future of Financial Systems in the Digital Age: Perspectives from Europe and Japan\u003c\/i\u003e,\u003ci\u003e \u003c\/i\u003ebrings together leading scholars, policymakers, and regulators from Japan and Europe, all with a profound and long professional background in the field of finance, to analyze the digital transformation of the financial system. The authors analyze the impact of digitalization on the financial system from different perspectives such as transaction costs and with regard to specific topics like the potential of digital and blockchain-based currency systems, the role of algorithmic trading, obstacles in the use of cashless payments, the challenges of regulatory oversight, and the transformation of banking business models. The collection of chapters offers insights from Japanese and European discourses, approaches, and experiences on a topic otherwise dominated by studies about developments in the USA and China.\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eMarkus Heckel \u0026amp; Franz Waldenberger\u003c\/b\u003e: \u003ci\u003eIntroduction\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eNobuyuki\u003c\/b\u003e \u003cb\u003eKinoshita\u003c\/b\u003e: \u003ci\u003eThe Impact of the Digital Transformation on the Financial System\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eKiyotaka Sasaki: \u003c\/b\u003e\u003ci\u003eRegulatory Oversight for a Digital Financial System - Challenges and Possible Responses\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eHiromi Yamaoka\u003c\/b\u003e: \u003ci\u003eDigital Currencies\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eUlrich Bindseil\u003c\/b\u003e: \u003ci\u003eCBDC Remuneration in a World with Negative Nominal Interest Rates\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003ePhilipp Sandner: \u003ci\u003eDigital Programmable Euro: When will the Euro be Running on a Blockchain?\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eTakahide Kiuchi: \u003c\/b\u003eAlgorithmic Trading\u003c\/p\u003e \u003cp\u003e\u003cb\u003eYuri Okina\u003c\/b\u003e: \u003ci\u003eCashless Payment in Japan\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eAnna Omarini: \u003ci\u003eThe Future of Digital Banking: The Evolving Stages and a Forward Looking Perspective\u003c\/i\u003e\u003c\/p\u003e","brand":"Springer Verlag, Singapore","offers":[{"title":"Default Title","offer_id":48743291584855,"sku":"9789811678295","price":999.99,"currency_code":"GBP","in_stock":false}]},{"product_id":"security-operations-center-9780134052014","title":"Security Operations Center","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp style=\"margin:0px;\"\u003e\u003cb\u003eJoseph Muniz\u003c\/b\u003e is a consultant at Cisco Systems and security researcher. Joseph started his career in software development and later managed networks as a contracted technical resource. Joseph moved into consulting and found a passion for security while meeting with a variety of customers. He has been involved with the design and implementation of multiple projects, ranging from Fortune 500 corporations to large federal networks. Joseph is the author of and contributor to several books and is a speaker for popular security conferences. Check out his blog, http:\/\/www.thesecurityblogger.com, which showcases the latest security events, research, and technologies. \u003c\/p\u003e \u003cp style=\"margin:0px;\"\u003e \u003c\/p\u003e \u003cp style=\"margin:0px;\"\u003e\u003cb\u003eGary McIntyre\u003c\/b\u003e is a seasoned information security professional focusing on the development and operation of large-scale information security programs. As an architect, manager, and consultant, he has worked with a wide range of public and pr\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eIntroduction xx\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart I SOC Basics\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1\u003c\/b\u003e Introduction to Security Operations and the SOC 1\u003c\/p\u003e \u003cp\u003eCybersecurity Challenges 1\u003c\/p\u003e \u003cp\u003e Threat Landscape 4\u003c\/p\u003e \u003cp\u003e Business Challenges 7\u003c\/p\u003e \u003cp\u003e The Cloud 8\u003c\/p\u003e \u003cp\u003e Compliance 9\u003c\/p\u003e \u003cp\u003e Privacy and Data Protection 9\u003c\/p\u003e \u003cp\u003eIntroduction to Information Assurance 10\u003c\/p\u003e \u003cp\u003eIntroduction to Risk Management 11\u003c\/p\u003e \u003cp\u003eInformation Security Incident Response 14\u003c\/p\u003e \u003cp\u003e Incident Detection 15\u003c\/p\u003e \u003cp\u003e Incident Triage 16\u003c\/p\u003e \u003cp\u003e Incident Categories 17\u003c\/p\u003e \u003cp\u003e Incident Severity 17\u003c\/p\u003e \u003cp\u003e Incident Resolution 18\u003c\/p\u003e \u003cp\u003e Incident Closure 19\u003c\/p\u003e \u003cp\u003e Post-Incident 20\u003c\/p\u003e \u003cp\u003eSOC Generations 21\u003c\/p\u003e \u003cp\u003e First-Generation SOC 22\u003c\/p\u003e \u003cp\u003e Second-Generation SOC 22\u003c\/p\u003e \u003cp\u003e Third-Generation SOC 23\u003c\/p\u003e \u003cp\u003e Fourth-Generation SOC 24\u003c\/p\u003e \u003cp\u003eCharacteristics of an Effective SOC 24\u003c\/p\u003e \u003cp\u003eIntroduction to Maturity Models 27\u003c\/p\u003e \u003cp\u003eApplying Maturity Models to SOC 29\u003c\/p\u003e \u003cp\u003ePhases of Building a SOC 31\u003c\/p\u003e \u003cp\u003eChallenges and Obstacles 32\u003c\/p\u003e \u003cp\u003eSummary 32\u003c\/p\u003e \u003cp\u003eReferences 33\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2\u003c\/b\u003e Overview of SOC Technologies 35\u003c\/p\u003e \u003cp\u003eData Collection and Analysis 35\u003c\/p\u003e \u003cp\u003e Data Sources 37\u003c\/p\u003e \u003cp\u003e Data Collection 38\u003c\/p\u003e \u003cp\u003e The Syslog Protocol 39\u003c\/p\u003e \u003cp\u003e Telemetry Data: Network Flows 45\u003c\/p\u003e \u003cp\u003e Telemetry Data: Packet Capture 48\u003c\/p\u003e \u003cp\u003e Parsing and Normalization 49\u003c\/p\u003e \u003cp\u003e Security Analysis 52\u003c\/p\u003e \u003cp\u003e Alternatives to Rule-Based Correlation 55\u003c\/p\u003e \u003cp\u003e Data Enrichment 56\u003c\/p\u003e \u003cp\u003e Big Data Platforms for Security 57\u003c\/p\u003e \u003cp\u003eVulnerability Management 58\u003c\/p\u003e \u003cp\u003e Vulnerability Announcements 60\u003c\/p\u003e \u003cp\u003eThreat Intelligence 62\u003c\/p\u003e \u003cp\u003eCompliance 64\u003c\/p\u003e \u003cp\u003eTicketing and Case Management 64\u003c\/p\u003e \u003cp\u003eCollaboration 65\u003c\/p\u003e \u003cp\u003eSOC Conceptual Architecture 66\u003c\/p\u003e \u003cp\u003eSummary 67\u003c\/p\u003e \u003cp\u003eReferences 67\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart II: The Plan Phase\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3\u003c\/b\u003e Assessing Security Operations Capabilities 69\u003c\/p\u003e \u003cp\u003eAssessment Methodology 69\u003c\/p\u003e \u003cp\u003e Step 1: Identify Business and IT Goals 71\u003c\/p\u003e \u003cp\u003e Step 2: Assessing Capabilities 73\u003c\/p\u003e \u003cp\u003e Assessing IT Processes 75\u003c\/p\u003e \u003cp\u003e Step 3: Collect Information 82\u003c\/p\u003e \u003cp\u003e Step 4: Analyze Maturity Levels 84\u003c\/p\u003e \u003cp\u003e Step 5: Formalize Findings 87\u003c\/p\u003e \u003cp\u003e The Organization’s Vision and Strategy 87\u003c\/p\u003e \u003cp\u003e The Department’s Vision and Strategy 87\u003c\/p\u003e \u003cp\u003e External and Internal Compliance Requirements 87\u003c\/p\u003e \u003cp\u003e Organization’s Threat Landscape 88\u003c\/p\u003e \u003cp\u003e History of Previous Information Security Incidents 88\u003c\/p\u003e \u003cp\u003e SOC Sponsorship 89\u003c\/p\u003e \u003cp\u003e Allocated Budget 89\u003c\/p\u003e \u003cp\u003e Presenting Data 89\u003c\/p\u003e \u003cp\u003e Closing 90\u003c\/p\u003e \u003cp\u003eSummary 90\u003c\/p\u003e \u003cp\u003eReferences 90\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4\u003c\/b\u003e SOC Strategy 91\u003c\/p\u003e \u003cp\u003eStrategy Elements 91\u003c\/p\u003e \u003cp\u003e Who Is Involved? 92\u003c\/p\u003e \u003cp\u003e SOC Mission 92\u003c\/p\u003e \u003cp\u003e SOC Scope 93\u003c\/p\u003e \u003cp\u003e Example 1: A Military Organization 94\u003c\/p\u003e \u003cp\u003e Mission Statement 94\u003c\/p\u003e \u003cp\u003e SOC Scope Statement 95\u003c\/p\u003e \u003cp\u003e Example 2: A Financial Organization 95\u003c\/p\u003e \u003cp\u003e Mission Statement 95\u003c\/p\u003e \u003cp\u003e SOC Scope Statement 95\u003c\/p\u003e \u003cp\u003eSOC Model of Operation 95\u003c\/p\u003e \u003cp\u003e In-House and Virtual SOC 96\u003c\/p\u003e \u003cp\u003eSOC Services 98\u003c\/p\u003e \u003cp\u003eSOC Capabilities Roadmap 99\u003c\/p\u003e \u003cp\u003eSummary 101\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart III: The Design Phase\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5\u003c\/b\u003e The SOC Infrastructure 103\u003c\/p\u003e \u003cp\u003eDesign Considerations 103\u003c\/p\u003e \u003cp\u003eModel of Operation 104\u003c\/p\u003e \u003cp\u003eFacilities 105\u003c\/p\u003e \u003cp\u003e SOC Internal Layout 106\u003c\/p\u003e \u003cp\u003e Lighting 107\u003c\/p\u003e \u003cp\u003e Acoustics 107\u003c\/p\u003e \u003cp\u003e Physical Security 108\u003c\/p\u003e \u003cp\u003e Video Wall 108\u003c\/p\u003e \u003cp\u003e SOC Analyst Services 109\u003c\/p\u003e \u003cp\u003eActive Infrastructure 110\u003c\/p\u003e \u003cp\u003e Network 111\u003c\/p\u003e \u003cp\u003e Access to Systems 112\u003c\/p\u003e \u003cp\u003e Security 112\u003c\/p\u003e \u003cp\u003e Compute 115\u003c\/p\u003e \u003cp\u003e Dedicated Versus Virtualized Environment 116\u003c\/p\u003e \u003cp\u003e Choice of Operating Systems 118\u003c\/p\u003e \u003cp\u003e Storage 118\u003c\/p\u003e \u003cp\u003e Capacity Planning 119\u003c\/p\u003e \u003cp\u003e Collaboration 119\u003c\/p\u003e \u003cp\u003e Ticketing 120\u003c\/p\u003e \u003cp\u003eSummary 120\u003c\/p\u003e \u003cp\u003eReferences 120\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6\u003c\/b\u003e Security Event Generation and Collection 123\u003c\/p\u003e \u003cp\u003eData Collection 123\u003c\/p\u003e \u003cp\u003e Calculating EPS 124\u003c\/p\u003e \u003cp\u003e Ubuntu Syslog Server 124\u003c\/p\u003e \u003cp\u003e Network Time Protocol 129\u003c\/p\u003e \u003cp\u003e Deploying NTP 130\u003c\/p\u003e \u003cp\u003e Data-Collection Tools 134\u003c\/p\u003e \u003cp\u003e Company 135\u003c\/p\u003e \u003cp\u003e Product Options and Architecture 136\u003c\/p\u003e \u003cp\u003e Installation and Maintenance 136\u003c\/p\u003e \u003cp\u003e User Interface and Experience 136\u003c\/p\u003e \u003cp\u003e Compliance Requirements 137\u003c\/p\u003e \u003cp\u003e Firewalls 137\u003c\/p\u003e \u003cp\u003e Stateless\/Stateful Firewalls 137\u003c\/p\u003e \u003cp\u003e Cisco Adaptive Security Appliance ASA 138\u003c\/p\u003e \u003cp\u003e Application Firewalls 142\u003c\/p\u003e \u003cp\u003e Cisco FirePOWER Services 142\u003c\/p\u003e \u003cp\u003eCloud Security 152\u003c\/p\u003e \u003cp\u003e Cisco Meraki 153\u003c\/p\u003e \u003cp\u003e Exporting Logs from Meraki 154\u003c\/p\u003e \u003cp\u003e Virtual Firewalls 155\u003c\/p\u003e \u003cp\u003e Cisco Virtual Firewalls 156\u003c\/p\u003e \u003cp\u003e Host Firewalls 157\u003c\/p\u003e \u003cp\u003eIntrusion Detection and Prevention Systems 157\u003c\/p\u003e \u003cp\u003e Cisco FirePOWER IPS 160\u003c\/p\u003e \u003cp\u003e Meraki IPS 161\u003c\/p\u003e \u003cp\u003e Snort 162\u003c\/p\u003e \u003cp\u003e Host-Based Intrusion Prevention 162\u003c\/p\u003e \u003cp\u003eRouters and Switches 163\u003c\/p\u003e \u003cp\u003eHost Systems 166\u003c\/p\u003e \u003cp\u003eMobile Devices 167\u003c\/p\u003e \u003cp\u003eBreach Detection 168\u003c\/p\u003e \u003cp\u003e Cisco Advanced Malware Prevention 168\u003c\/p\u003e \u003cp\u003e Web Proxies 169\u003c\/p\u003e \u003cp\u003e Cisco Web Security Appliance 170\u003c\/p\u003e \u003cp\u003e Cloud Proxies 172\u003c\/p\u003e \u003cp\u003e Cisco Cloud Web Security 172\u003c\/p\u003e \u003cp\u003eDNS Servers 173\u003c\/p\u003e \u003cp\u003e Exporting DNS 174\u003c\/p\u003e \u003cp\u003eNetwork Telemetry with Network Flow Monitoring 174\u003c\/p\u003e \u003cp\u003e NetFlow Tools 175\u003c\/p\u003e \u003cp\u003e StealthWatch 177\u003c\/p\u003e \u003cp\u003e Exporting Data from StealthWatch 179\u003c\/p\u003e \u003cp\u003e NetFlow from Routers and Switches 182\u003c\/p\u003e \u003cp\u003e NetFlow from Security Products 184\u003c\/p\u003e \u003cp\u003e NetFlow in the Data Center 186\u003c\/p\u003e \u003cp\u003eSummary 187\u003c\/p\u003e \u003cp\u003eReferences 188\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7\u003c\/b\u003e Vulnerability Management 189\u003c\/p\u003e \u003cp\u003eIdentifying Vulnerabilities 190\u003c\/p\u003e \u003cp\u003eSecurity Services 191\u003c\/p\u003e \u003cp\u003eVulnerability Tools 193\u003c\/p\u003e \u003cp\u003eHandling Vulnerabilities 195\u003c\/p\u003e \u003cp\u003e OWASP Risk Rating Methodology 197\u003c\/p\u003e \u003cp\u003e Threat Agent Factors 198\u003c\/p\u003e \u003cp\u003e Vulnerability Factors 198\u003c\/p\u003e \u003cp\u003e Technical Impact Factors 200\u003c\/p\u003e \u003cp\u003e Business Impact Factors 200\u003c\/p\u003e \u003cp\u003e The Vulnerability Management Lifecycle 202\u003c\/p\u003e \u003cp\u003eAutomating Vulnerability Management 205\u003c\/p\u003e \u003cp\u003e Inventory Assessment Tools 205\u003c\/p\u003e \u003cp\u003e Information Management Tools 206\u003c\/p\u003e \u003cp\u003e Risk-Assessment Tools 206\u003c\/p\u003e \u003cp\u003e Vulnerability-Assessment Tools 206\u003c\/p\u003e \u003cp\u003e Report and Remediate Tools 206\u003c\/p\u003e \u003cp\u003e Responding Tools 207\u003c\/p\u003e \u003cp\u003eThreat Intelligence 208\u003c\/p\u003e \u003cp\u003e Attack Signatures 209\u003c\/p\u003e \u003cp\u003e Threat Feeds 210\u003c\/p\u003e \u003cp\u003e Other Threat Intelligence Sources 211\u003c\/p\u003e \u003cp\u003eSummary 213\u003c\/p\u003e \u003cp\u003eReferences 214\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8\u003c\/b\u003e People and Processes 215\u003c\/p\u003e \u003cp\u003eKey Challenges 215\u003c\/p\u003e \u003cp\u003e Wanted: Rock Stars, Leaders, and Grunts 216\u003c\/p\u003e \u003cp\u003e The Weight of Process 216\u003c\/p\u003e \u003cp\u003e The Upper and Lower Bounds of Technology 217\u003c\/p\u003e \u003cp\u003eDesigning and Building the SOC Team 218\u003c\/p\u003e \u003cp\u003e Starting with the Mission 218\u003c\/p\u003e \u003cp\u003e Focusing on Services 219\u003c\/p\u003e \u003cp\u003e Security Monitoring Service Example 220\u003c\/p\u003e \u003cp\u003e Determining the Required SOC Roles 223\u003c\/p\u003e \u003cp\u003e Leadership Roles 224\u003c\/p\u003e \u003cp\u003e Analyst Roles 224\u003c\/p\u003e \u003cp\u003e Engineering Roles 224\u003c\/p\u003e \u003cp\u003e Operations Roles 224\u003c\/p\u003e \u003cp\u003e Other Support Roles 224\u003c\/p\u003e \u003cp\u003e Working with HR 225\u003c\/p\u003e \u003cp\u003e Job Role Analysis 225\u003c\/p\u003e \u003cp\u003e Market Analysis 225\u003c\/p\u003e \u003cp\u003e Organizational Structure 226\u003c\/p\u003e \u003cp\u003e Calculating Team Numbers 227\u003c\/p\u003e \u003cp\u003e Deciding on Your Resourcing Strategy 228\u003c\/p\u003e \u003cp\u003e Building Your Own: The Art of Recruiting SOC Personnel 229\u003c\/p\u003e \u003cp\u003e Working with Contractors and Service Bureaus 229\u003c\/p\u003e \u003cp\u003e Working with Outsourcing and Managed Service Providers 230\u003c\/p\u003e \u003cp\u003eWorking with Processes and Procedures 231\u003c\/p\u003e \u003cp\u003e Processes Versus Procedures 231\u003c\/p\u003e \u003cp\u003e Working with Enterprise Service Management Processes 232\u003c\/p\u003e \u003cp\u003e Event Management 232\u003c\/p\u003e \u003cp\u003e Incident Management 233\u003c\/p\u003e \u003cp\u003e Problem Management 233\u003c\/p\u003e \u003cp\u003e Vulnerability Management 233\u003c\/p\u003e \u003cp\u003e Other IT Management Processes 233\u003c\/p\u003e \u003cp\u003e The Positives and Perils of Process 234\u003c\/p\u003e \u003cp\u003e Examples of SOC Processes and Procedures 236\u003c\/p\u003e \u003cp\u003e Security Service Management 236\u003c\/p\u003e \u003cp\u003e Security Service Engineering 237\u003c\/p\u003e \u003cp\u003e Security Service Operations 238\u003c\/p\u003e \u003cp\u003e Security Monitoring 239\u003c\/p\u003e \u003cp\u003e Security Incident Investigation and Response 239\u003c\/p\u003e \u003cp\u003e Security Log Management 240\u003c\/p\u003e \u003cp\u003e Security Vulnerability Management 241\u003c\/p\u003e \u003cp\u003e Security Intelligence 241\u003c\/p\u003e \u003cp\u003e Security Analytics and Reporting 242\u003c\/p\u003e \u003cp\u003e Breach Discovery and Remediation 242\u003c\/p\u003e \u003cp\u003eSummary 243\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart IV: The Build Phase\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9\u003c\/b\u003e The Technology 245\u003c\/p\u003e \u003cp\u003eIn-House Versus Virtual SOC 245\u003c\/p\u003e \u003cp\u003eNetwork 246\u003c\/p\u003e \u003cp\u003e Segmentation 247\u003c\/p\u003e \u003cp\u003e VPN 251\u003c\/p\u003e \u003cp\u003e High Availability 253\u003c\/p\u003e \u003cp\u003e Support Contracts 254\u003c\/p\u003e \u003cp\u003eSecurity 255\u003c\/p\u003e \u003cp\u003e Network Access Control 255\u003c\/p\u003e \u003cp\u003e Authentication 257\u003c\/p\u003e \u003cp\u003e On-Network Security 258\u003c\/p\u003e \u003cp\u003e Encryption 259\u003c\/p\u003e \u003cp\u003eSystems 260\u003c\/p\u003e \u003cp\u003e Operating Systems 261\u003c\/p\u003e \u003cp\u003e Hardening Endpoints 262\u003c\/p\u003e \u003cp\u003e Endpoint Breach Detection 263\u003c\/p\u003e \u003cp\u003e Mobile Devices 264\u003c\/p\u003e \u003cp\u003e Servers 264\u003c\/p\u003e \u003cp\u003eStorage 265\u003c\/p\u003e \u003cp\u003e Data-Loss Protection 266\u003c\/p\u003e \u003cp\u003e Cloud Storage 270\u003c\/p\u003e \u003cp\u003eCollaboration 271\u003c\/p\u003e \u003cp\u003e Collaboration for Pandemic Events 272\u003c\/p\u003e \u003cp\u003eTechnologies to Consider During SOC Design 273\u003c\/p\u003e \u003cp\u003e Firewalls 273\u003c\/p\u003e \u003cp\u003e Firewall Modes 273\u003c\/p\u003e \u003cp\u003e Firewall Clustering 276\u003c\/p\u003e \u003cp\u003e Firewall High Availability 276\u003c\/p\u003e \u003cp\u003e Firewall Architecture 277\u003c\/p\u003e \u003cp\u003e Routers and Switches 279\u003c\/p\u003e \u003cp\u003e Securing Network Devices 280\u003c\/p\u003e \u003cp\u003e Hardening Network Devices 280\u003c\/p\u003e \u003cp\u003e Network Access Control 281\u003c\/p\u003e \u003cp\u003e Deploying NAC 282\u003c\/p\u003e \u003cp\u003e NAC Posture 284\u003c\/p\u003e \u003cp\u003e Architecting NAC 285\u003c\/p\u003e \u003cp\u003e Web Proxies 290\u003c\/p\u003e \u003cp\u003e Reputation Security 290\u003c\/p\u003e \u003cp\u003e Proxy Architecture 292\u003c\/p\u003e \u003cp\u003e Intrusion Detection\/Prevention 295\u003c\/p\u003e \u003cp\u003e IDS IPS Architecture 295\u003c\/p\u003e \u003cp\u003e Evaluating IDS IPS Technology 296\u003c\/p\u003e \u003cp\u003e Tuning IDS\/IPS 298\u003c\/p\u003e \u003cp\u003eBreach Detection 300\u003c\/p\u003e \u003cp\u003e Honeypots 301\u003c\/p\u003e \u003cp\u003e Sandboxes 302\u003c\/p\u003e \u003cp\u003e Endpoint Breach Detection 303\u003c\/p\u003e \u003cp\u003e Network Telemetry 306\u003c\/p\u003e \u003cp\u003e Enabling NetFlow 308\u003c\/p\u003e \u003cp\u003e Architecting Network Telemetry Solutions 310\u003c\/p\u003e \u003cp\u003e Network Forensics 312\u003c\/p\u003e \u003cp\u003e Digital Forensics Tools 313\u003c\/p\u003e \u003cp\u003eFinal SOC Architecture 314\u003c\/p\u003e \u003cp\u003eSummary 317\u003c\/p\u003e \u003cp\u003eReferences 318\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10\u003c\/b\u003e Preparing to Operate 319\u003c\/p\u003e \u003cp\u003eKey Challenges 319\u003c\/p\u003e \u003cp\u003e People Challenges 319\u003c\/p\u003e \u003cp\u003e Process Challenges 320\u003c\/p\u003e \u003cp\u003e Technology Challenges 321\u003c\/p\u003e \u003cp\u003eManaging Challenges Through a Well-Managed Transition 321\u003c\/p\u003e \u003cp\u003e Elements of an Effective Service Transition Plan 322\u003c\/p\u003e \u003cp\u003e Determining Success Criteria and Managing to Success 322\u003c\/p\u003e \u003cp\u003e Deploying Against Attainable Service Levels 323\u003c\/p\u003e \u003cp\u003e Focusing on Defined Use Cases 325\u003c\/p\u003e \u003cp\u003e Managing Project Resources Effectively 328\u003c\/p\u003e \u003cp\u003e Marching to Clear and Attainable Requirements 329\u003c\/p\u003e \u003cp\u003e Staffing Requirements for Go-Live 329\u003c\/p\u003e \u003cp\u003e Process Requirements for Go-Live 330\u003c\/p\u003e \u003cp\u003e Technology Requirements for Go-Live 331\u003c\/p\u003e \u003cp\u003e Using Simple Checks to Verify That the SOC Is Ready 332\u003c\/p\u003e \u003cp\u003e People Checks 332\u003c\/p\u003e \u003cp\u003e Process Checks 336\u003c\/p\u003e \u003cp\u003e Technology Checks 340\u003c\/p\u003e \u003cp\u003eSummary 346\u003c\/p\u003e \u003cp\u003e\u003cb\u003ePart V: The Operate Phase\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11\u003c\/b\u003e Reacting to Events and Incidents 347\u003c\/p\u003e \u003cp\u003eA Word About Events 348\u003c\/p\u003e \u003cp\u003eEvent Intake, Enrichment, Monitoring, and Handling 348\u003c\/p\u003e \u003cp\u003e Events in the SIEM 349\u003c\/p\u003e \u003cp\u003e Events in the Security Log Management Solution 350\u003c\/p\u003e \u003cp\u003e Events in Their Original Habitats 350\u003c\/p\u003e \u003cp\u003e Events Through Communications and Collaboration Platforms 350\u003c\/p\u003e \u003cp\u003e Working with Events: The Malware Scenario 351\u003c\/p\u003e \u003cp\u003e Handling and Investigating the Incident Report 353\u003c\/p\u003e \u003cp\u003e Creating and Managing Cases 354\u003c\/p\u003e \u003cp\u003e Working as a Team 355\u003c\/p\u003e \u003cp\u003e Working with Other Parts of the Organization 357\u003c\/p\u003e \u003cp\u003e Working with Third Parties 359\u003c\/p\u003e \u003cp\u003eClosing and Reporting on the Case 362\u003c\/p\u003e \u003cp\u003eSummary 363\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12\u003c\/b\u003e Maintain, Review, and Improve 365\u003c\/p\u003e \u003cp\u003eReviewing and Assessing the SOC 366\u003c\/p\u003e \u003cp\u003e Determining Scope 366\u003c\/p\u003e \u003cp\u003e Examining the Services 367\u003c\/p\u003e \u003cp\u003e Personnel\/Staffing 369\u003c\/p\u003e \u003cp\u003e Processes, Procedures, and Other Operational Documentation 371\u003c\/p\u003e \u003cp\u003e Technology 372\u003c\/p\u003e \u003cp\u003e Scheduled and Ad Hoc Reviews 373\u003c\/p\u003e \u003cp\u003e Internal Versus External Assessments 374\u003c\/p\u003e \u003cp\u003e Internal Assessments 374\u003c\/p\u003e \u003cp\u003e External Assessments 374\u003c\/p\u003e \u003cp\u003e Assessment Methodologies 375\u003c\/p\u003e \u003cp\u003e Maturity Model Approaches 375\u003c\/p\u003e \u003cp\u003e Services-Oriented Approaches 376\u003c\/p\u003e \u003cp\u003e Post-Incident Reviews 378\u003c\/p\u003e \u003cp\u003eMaintaining and Improving the SOC 381\u003c\/p\u003e \u003cp\u003e Maintaining and Improving Services 381\u003c\/p\u003e \u003cp\u003e Maintain and Improving Your Team 383\u003c\/p\u003e \u003cp\u003e Improving Staff Recruitment 383\u003c\/p\u003e \u003cp\u003e Improving Team Training and Development 384\u003c\/p\u003e \u003cp\u003e Improving Team Retention 386\u003c\/p\u003e \u003cp\u003e Maintaining and Improving the SOC Technology Stack 387\u003c\/p\u003e \u003cp\u003e Improving Threat, Anomaly, and Breach-Detection Systems 388\u003c\/p\u003e \u003cp\u003e Improving Case and Investigation Management Systems 391\u003c\/p\u003e \u003cp\u003e Improving Analytics and Reporting 392\u003c\/p\u003e \u003cp\u003e Improving Technology Integration 392\u003c\/p\u003e \u003cp\u003e Improving Security Testing and Simulation Systems 393\u003c\/p\u003e \u003cp\u003e Improving Automated Remediation 394\u003c\/p\u003e \u003cp\u003eConclusions 395\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e \u003cp\u003e9780134052014 TOC 10\/12\/2015\u003c\/p\u003e \u003cp\u003e \u003c\/p\u003e","brand":"Pearson Education (US)","offers":[{"title":"Default Title","offer_id":48864169427287,"sku":"9780134052014","price":38.47,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9780134052014.jpg?v=1722270716"},{"product_id":"security-in-computing-9780137891214","title":"Security in Computing","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eCharles P. Pfleeger\u003c\/strong\u003e is an internationally known expert on computer and communications security. He spent 14 years as professor of computer science at the University of Tennessee, before moving on to computer research and consulting company, Trusted Information Systems, where he was director of European operations and senior consultant. He was also director of research, member of the staff, and chief security officer at Cable and Wireless. He has chaired the IEEE Computer Society Technical Committee on Security and Privacy and was on the editorial board of IEEE \u003cem\u003eSecurity \u0026amp; Privacy\u003c\/em\u003e magazine.\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eShari Lawrence Pfleeger\u003c\/strong\u003e is a widely known software engineering and computer security researcher. She served as president of Systems\/Software and then as senior researcher with the Rand Corporation. As research director of the Institute for Information Infrastructure Protection, she oversaw large, high-impact computer security research projects for i\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003e\u003cem\u003eForeword xix\u003c\/em\u003e\u003cbr\u003e\u003cem\u003ePreface xxv\u003c\/em\u003e\u003cbr\u003e\u003cem\u003eAcknowledgments xxxi\u003c\/em\u003e\u003cbr\u003e\u003cem\u003eAbout the Authors xxxiii\u003c\/em\u003e\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 1: Introduction 1\u003c\/strong\u003e\u003cbr\u003e1.1 What Is Computer Security? 3\u003cbr\u003e1.2 Threats 6\u003cbr\u003e1.3 Harm 24\u003cbr\u003e1.4 Vulnerabilities 30\u003cbr\u003e1.5 Controls 30\u003cbr\u003e1.6 Conclusion 33\u003cbr\u003e1.7 What's Next? 34\u003cbr\u003e1.8 Exercises 36\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 2: Toolbox: Authentication, Access Control, and Cryptography 38\u003c\/strong\u003e\u003cbr\u003e2.1 Authentication 40\u003cbr\u003e2.2 Access Control 78\u003cbr\u003e2.3 Cryptography 93\u003cbr\u003e2.4 Conclusion 137\u003cbr\u003e2.5 Exercises 138\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 3: Programs and Programming 141\u003c\/strong\u003e\u003cbr\u003e3.1 Unintentional (Nonmalicious) Programming Oversights 143\u003cbr\u003e3.2 Malicious Code--Malware 178\u003cbr\u003e3.3 Countermeasures 211\u003cbr\u003e3.4 Conclusion 245\u003cbr\u003e3.5 Exercises 245\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 4: The Internet--User Side 248\u003c\/strong\u003e\u003cbr\u003e4.1 Browser Attacks 251\u003cbr\u003e4.2 Attacks Targeting Users 265\u003cbr\u003e4.3 Obtaining User or Website Data 280\u003cbr\u003e4.4 Mobile Apps 289\u003cbr\u003e4.5 Email and Message Attacks 310\u003cbr\u003e4.6 Conclusion 320\u003cbr\u003e4.7 Exercises 321\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 5: Operating Systems 323\u003c\/strong\u003e\u003cbr\u003e5.1 Security in Operating Systems 323\u003cbr\u003e5.2 Security in the Design of Operating Systems 351\u003cbr\u003e5.3 Rootkits 371\u003cbr\u003e5.4 Conclusion 382\u003cbr\u003e5.5 Exercises 382\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 6: Networks 385\u003c\/strong\u003e\u003cbr\u003e6.1 Network Concepts 386\u003cbr\u003e\u003cem\u003ePart I--War on Networks: Network Security Attacks 399\u003c\/em\u003e\u003cbr\u003e6.2 Threats to Network Communications 400\u003cbr\u003e6.3 Wireless Network Security 421\u003cbr\u003e6.4 Denial of Service 443\u003cbr\u003e6.5 Distributed Denial of Service 468\u003cbr\u003e\u003cem\u003ePart II--Strategic Defenses: Security Countermeasures 479\u003c\/em\u003e\u003cbr\u003e6.6 Cryptography in Network Security 479\u003cbr\u003e6.7 Firewalls 497\u003cbr\u003e6.8 Intrusion Detection and Prevention Systems 522\u003cbr\u003e6.9 Network Management 536\u003cbr\u003e6.10 Conclusion 545\u003cbr\u003e6.11 Exercises 545\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 7: Data and Databases 549\u003c\/strong\u003e\u003cbr\u003e7.1 Introduction to Databases 550\u003cbr\u003e7.2 Security Requirements of Databases 555\u003cbr\u003e7.3 Reliability and Integrity 561\u003cbr\u003e7.4 Database Disclosure 566\u003cbr\u003e7.5 Data Mining and Big Data 585\u003cbr\u003e7.6 Conclusion 599\u003cbr\u003e7.7 Exercises 599\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 8: New Territory 601\u003c\/strong\u003e\u003cbr\u003e8.1 Introduction 601\u003cbr\u003e8.2 Cloud Architectures and Their Security 605\u003cbr\u003e8.3 IoT and Embedded Devices 627\u003cbr\u003e8.4 Cloud, IoT, and Embedded Devices--The Smart Home 638\u003cbr\u003e8.5 Smart Cities, IoT, Embedded Devices, and Cloud 643\u003cbr\u003e8.6 Cloud, IoT, and Critical Services 648\u003cbr\u003e8.7 Conclusion 657\u003cbr\u003e8.8 Exercises 658\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 9: Privacy 659\u003c\/strong\u003e\u003cbr\u003e9.1 Privacy Concepts 660\u003cbr\u003e9.2 Privacy Principles and Policies 671\u003cbr\u003e9.3 Authentication and Privacy 688\u003cbr\u003e9.4 Data Mining 694\u003cbr\u003e9.5 Privacy on the Internet 698\u003cbr\u003e9.6 Email and Message Security 713\u003cbr\u003e9.7 Privacy Impacts of Newer Technologies 717\u003cbr\u003e9.8 Conclusion 724\u003cbr\u003e9.9 Exercises 725\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 10: Management and Incidents 727\u003c\/strong\u003e\u003cbr\u003e10.1 Security Planning 727\u003cbr\u003e10.2 Business Continuity Planning 738\u003cbr\u003e10.3 Handling Incidents 742\u003cbr\u003e10.4 Risk Analysis 749\u003cbr\u003e10.5 Physical Threats to Systems 767\u003cbr\u003e10.6 New Frontiers in Security Management 776\u003cbr\u003e10.7 Conclusion 778\u003cbr\u003e10.8 Exercises 779\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 11: Legal Issues and Ethics 781\u003c\/strong\u003e\u003cbr\u003e11.1 Protecting Programs and Data 783\u003cbr\u003e11.2 Information and the Law 800\u003cbr\u003e11.3 Rights of Employees and Employers 805\u003cbr\u003e11.4 Redress for Software Failures 808\u003cbr\u003e11.5 Computer Crime 814\u003cbr\u003e11.6 Ethical Issues in Computer Security 822\u003cbr\u003e11.7 An Ethical Dive into Artificial Intelligence 828\u003cbr\u003e11.8 Incident Analyses with Ethics 830\u003cbr\u003e11.9 Conclusion 846\u003cbr\u003e11.10 Exercises 847\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 12: Details of Cryptography 850\u003c\/strong\u003e\u003cbr\u003e12.1 Cryptology 851\u003cbr\u003e12.2 Symmetric Encryption Algorithms 863\u003cbr\u003e12.3 Asymmetric Encryption 877\u003cbr\u003e12.4 Message Digests 883\u003cbr\u003e12.5 Digital Signatures 888\u003cbr\u003e12.6 Quantum Key Distribution 889\u003cbr\u003e12.7 Conclusion 894\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 13: Emerging Topics 895\u003c\/strong\u003e\u003cbr\u003e13.1 AI and Cybersecurity 896\u003cbr\u003e13.2 Blockchains and Cryptocurrencies 908\u003cbr\u003e13.3 Offensive Cyber and Cyberwarfare 924\u003cbr\u003e13.4 Quantum Computing and Computer Security 936\u003cbr\u003e13.5 Conclusion 937\u003c\/p\u003e \u003cp\u003e\u003cem\u003eBibliography 939\u003c\/em\u003e\u003cbr\u003e\u003cem\u003eIndex 963\u003c\/em\u003e\u003c\/p\u003e","brand":"Pearson Education (US)","offers":[{"title":"Default Title","offer_id":48864176472407,"sku":"9780137891214","price":85.72,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9780137891214.jpg?v=1722270749"},{"product_id":"cybersecurity-myths-and-misconceptions-9780137929238","title":"Cybersecurity Myths and Misconceptions","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cstrong\u003eEugene H. Spafford\u003c\/strong\u003e, PhD, is a professor in Computer Science at Purdue University. In his 35-year career, Spaf has been honored with every major award in cybersecurity. \u003cstrong\u003eLeigh Metcalf\u003c\/strong\u003e, PhD, is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute's cybersecurity-focused CERT division. \u003cstrong\u003eJosiah Dykstra\u003c\/strong\u003e, PhD, is a cybersecurity practitioner, researcher, author, and speaker. He is the owner of Designer Security and has worked at the US National Security Agency for 18 years.\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\"Many security leaders are traditionally in charge of correcting misconceptions just as much as they are in charge of building up solid security practices. We have plenty of resources on practices--but this book is the crucial guide to that essential myth busting.\"\u003cbr\u003e\u003cem\u003e--\u003cstrong\u003ePhil Venables\u003c\/strong\u003e, CISO, Google Cloud\u003c\/em\u003e\u003c\/p\u003e \u003cp\u003e\"I'm writing this on my phone, over Wi-Fi, in an airplane on my way to Black Hat, one of the world's largest security conferences. The fact that I'm able to do this at all shows how much we've really learned about cybersecurity over the decades. Now it's all collected in one place for everyone to share. Thank the wise authors, and most importantly: GET OFF THEIR LAWN.\"\u003cbr\u003e\u003cem\u003e--\u003cstrong\u003eWendy Nather\u003c\/strong\u003e, Head of Advisory CISOs, Cisco\u003c\/em\u003e\u003c\/p\u003e \u003cp\u003e\"This book is astounding. A true tour de force--which I have never said about any other book. Inverting the viewpoint is a stroke of genius. This is going to be on my grabbable-at-any-time shelf. What I learned, recalled, and was refreshed on with technically astute agnosticism cannot be measured; just appreciated as a profound historical compilation of security practice and theory. Bravo!\"\u003cbr\u003e\u003cem\u003e--\u003cstrong\u003eWinn Schwartaul\u003c\/strong\u003e, Founder and Chief Visionary Officer, The Security Awareness Company\u003c\/em\u003e\u003c\/p\u003e \u003cp\u003e\"I am happy to endorse the central idea of this book--that cybersecurity is rife with myths that are themselves part of the problem. The brain wants to understand, the world grows ever more complicated, and the sum of the two is myth-making. As the authors say, even if some understanding is true at some time, with enough change what was true becomes a myth soon enough. As such, an acquired immunity to myths is a valuable skill for the cybersecurity practitioner if no other. The paramount goal of all security engineering is No Silent Failure, but myths perpetuate if not create silent failure. Why? Because a state of security is the absence of unmitigable surprise and you cannot mitigate what you don't know is going on. Myths blind us to reality. Ignorance of them is not bliss. This book is a vaccine.\"\u003cbr\u003e\u003cem\u003e--\u003cstrong\u003eDan Geer\u003c\/strong\u003e, CISO, In-Q-Tel\u003c\/em\u003e\u003c\/p\u003e \u003cp\u003e\"This is a fun read for all levels. I like their rapid fire delivery and the general light they cast on so many diverse myths. This book will change the cybersecurity industry for the better.\"\u003cbr\u003e\u003cem\u003e--\u003cstrong\u003eMichael Sikorski\u003c\/strong\u003e, Author of\u003c\/em\u003e Practical Malware Analysis \u003cem\u003e\u0026amp; CTO, Unit 42 at Palo Alto Networks\u003c\/em\u003e\u003c\/p\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cem\u003eForeword by Vint Cerf xxiii\u003c\/em\u003e\u003cbr\u003e\u003cem\u003eIntroduction xxiv\u003c\/em\u003e\u003cbr\u003e\u003cem\u003eAcknowledgments xxxiii\u003c\/em\u003e\u003cbr\u003e\u003cem\u003eAbout the Authors xxxiv\u003c\/em\u003e\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart I: General Issues 1\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 1: What Is Cybersecurity? 2\u003c\/strong\u003e\u003cbr\u003eEveryone Knows What \"Cybersecurity\" Means 2\u003cbr\u003eWe Can Measure How Secure Our Systems Are 5\u003cbr\u003eThe Primary Goal of Cybersecurity Is Security 11\u003cbr\u003eCybersecurity Is About Obvious Risks 12\u003cbr\u003eSharing More Cyber Threat Intel Will Make Things Better 14\u003cbr\u003eWhat Matters to You Matters to Everyone Else 16\u003cbr\u003eProduct X Will Make You Secure 17\u003cbr\u003eMacs Are Safer Than PCs, Linux Is Safer Than Windows 18\u003cbr\u003eOpen Source Software Is More Secure Than Closed Source Software 19\u003cbr\u003eTechnology X Will Make You Secure 20\u003cbr\u003eProcess X Will Make You Secure 21\u003cbr\u003eFærie Dust Can Make Old Ideas Magically Revolutionary 22\u003cbr\u003ePasswords Should Be Changed Often 23\u003cbr\u003eBelieve and Fear Every Hacking Demo You See 26\u003cbr\u003eCyber Offense Is Easier Than Defense 27\u003cbr\u003eOperational Technology (OT) Is Not Vulnerable 29\u003cbr\u003eBreaking Systems Is the Best Way to Establish Yourself 30\u003cbr\u003eBecause You Can, You Should 30\u003cbr\u003eBetter Security Means Worse Privacy 32\u003cbr\u003eFurther Reading 33\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 2: What Is the Internet? 36\u003c\/strong\u003e\u003cbr\u003eEveryone Knows What the \"Internet\" Means 36\u003cbr\u003eAn IP Address Identifies a Unique Machine 37\u003cbr\u003eThe Internet Is Managed and Controlled by a Central Body 39\u003cbr\u003eThe Internet Is Largely Static 40\u003cbr\u003eYour Network Is Static 41\u003cbr\u003eEmail Is Private 43\u003cbr\u003eCryptocurrency Is Untraceable 44\u003cbr\u003eEverything Can Be Fixed with Blockchain 46\u003cbr\u003eThe Internet Is Like an Iceberg 46\u003cbr\u003eA VPN Makes You Anonymous 48\u003cbr\u003eA Firewall Is Enough 49\u003cbr\u003eFurther Reading 51\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart II: Human Issues 55\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 3: Faulty Assumptions and Magical Thinking 56\u003c\/strong\u003e\u003cbr\u003eHumans Will Behave Rationally, So Blame the User! 57\u003cbr\u003eWe Know Everything We Need to Know About Cybersecurity Problems 62\u003cbr\u003eCompliance Equals (Complete) Security 63\u003cbr\u003eAuthentication Provides Confidentiality 65\u003cbr\u003eI Can Never Be Secure, So Why Bother? 65\u003cbr\u003eI Am Too Small\/Insignificant to Be a Target 66\u003cbr\u003eEverybody Is Out to Get Me 69\u003cbr\u003eI Engage Only with Trusted Websites, So My Data Is Safe from a Breach 71\u003cbr\u003eSecurity by Obscurity Is Reasonably Secure 72\u003cbr\u003eThe Illusions of Visibility and Control 74\u003cbr\u003eFive 9's Is the Key to Cybersecurity 76\u003cbr\u003eEverybody Has Top-of-the-Line Technology 78\u003cbr\u003eWe Can Predict Future Threats 80\u003cbr\u003eSecurity People Control Security Outcomes 81\u003cbr\u003eAll Bad Outcomes Are the Result of a Bad Decision 82\u003cbr\u003eMore Security Is Always Better 84\u003cbr\u003eBest Practices Are Always Best 85\u003cbr\u003eBecause It Is Online It Must Be True\/Correct 86\u003cbr\u003eFurther Reading 87\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 4: Fallacies and Misunderstandings 88\u003c\/strong\u003e\u003cbr\u003eThe False Cause Fallacy: Correlation Is Causation 89\u003cbr\u003eAbsence of Evidence Is Evidence of Absence 92\u003cbr\u003eThe Straw Hacker Fallacy 94\u003cbr\u003e\u003cem\u003eAd Hominem\u003c\/em\u003e Fallacy 95\u003cbr\u003eHasty Generalization Fallacy 96\u003cbr\u003eRegression Fallacy 97\u003cbr\u003eBase Rate Fallacy 98\u003cbr\u003eGambler's Fallacy 100\u003cbr\u003eFallacies of Anomalies 100\u003cbr\u003eIgnorance of Black Swans 101\u003cbr\u003eConjunction and Disjunction Fallacies 103\u003cbr\u003eValence Effect 104\u003cbr\u003eEndowment Effect 104\u003cbr\u003eSunk Cost Fallacy 105\u003cbr\u003eBonus Fallacies 107\u003cbr\u003eFurther Reading 109\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 5: Cognitive Biases 110\u003c\/strong\u003e\u003cbr\u003eAction Bias 112\u003cbr\u003eOmission Bias 113\u003cbr\u003eSurvivorship Bias 115\u003cbr\u003eConfirmation Bias 116\u003cbr\u003eChoice Affirmation Bias 117\u003cbr\u003eHindsight Bias 117\u003cbr\u003eAvailability Bias 119\u003cbr\u003eSocial Proof 121\u003cbr\u003eOverconfidence Bias 122\u003cbr\u003eZero Risk Bias 123\u003cbr\u003eFrequency Bias 124\u003cbr\u003eBonus Biases 125\u003cbr\u003eFurther Reading 128\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 6: Perverse Incentives and the Cobra Effect 130\u003c\/strong\u003e\u003cbr\u003eThe Goal of a Security Vendor Is to Keep You Secure 131\u003cbr\u003eYour Cybersecurity Decisions Affect Only You 132\u003cbr\u003eBug Bounties Eliminate Bugs from the Offensive Market 134\u003cbr\u003eCyber Insurance Causes People to Take Less Risk 135\u003cbr\u003eFines and Penalties Cause People to Take Less Risk 136\u003cbr\u003eAttacking Back Would Help Stop Cyber Crime 137\u003cbr\u003eInnovation Increases Security and Privacy Incidents 138\u003cbr\u003eFurther Reading 139\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 7: Problems and Solutions 140\u003c\/strong\u003e\u003cbr\u003eFailure Is Not an Option in Cybersecurity 141\u003cbr\u003eEvery Problem Has a Solution 142\u003cbr\u003eAnecdotes Are Good Leads for Cybersecurity Solutions 147\u003cbr\u003eDetecting More \"Bad Stuff\" Means the New Thing Is an Improvement 148\u003cbr\u003eEvery Security Process Should Be Automated 149\u003cbr\u003eProfessional Certifications Are Useless 151\u003cbr\u003eFurther Reading 158\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart III: Contextual Issues 161\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 8: Pitfalls of Analogies and Abstractions 162\u003c\/strong\u003e\u003cbr\u003eCybersecurity Is Like the Physical World 165\u003cbr\u003eCybersecurity Is Like Medicine and Biology 170\u003cbr\u003eCybersecurity Is Like Fighting a War 172\u003cbr\u003eCybersecurity Law Is Analogous to Physical-World Law 175\u003cbr\u003eTips for Analogies and Abstractions 175\u003cbr\u003eFurther Reading 178\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 9: Legal Issues 180\u003c\/strong\u003e\u003cbr\u003eCybersecurity Law Is Analogous to Physical-World Law 181\u003cbr\u003eYour Laws Do Not Apply to Me Where I Am 182\u003cbr\u003eThat Violates My First Amendment Rights! 184\u003cbr\u003eLegal Code Supersedes Computer Code 186\u003cbr\u003eLaw Enforcement Will Never Respond to Cyber Crimes 191\u003cbr\u003eYou Can Always Hide Information by Suing 193\u003cbr\u003eSuing to Suppress a Breach Is a Good Idea 194\u003cbr\u003eTerms and Conditions Are Meaningless 194\u003cbr\u003eThe Law Is on My Side, So I Do Not Need to Worry 195\u003cbr\u003eFurther Reading 196\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 10: Tool Myths and Misconceptions 198\u003c\/strong\u003e\u003cbr\u003eThe More Tools, The Better 199\u003cbr\u003eDefault Configurations Are Always Secure 201\u003cbr\u003eA Tool Can Stop All Bad Things 203\u003cbr\u003eIntent Can Be Determined from Tools 205\u003cbr\u003eSecurity Tools Are Inherently Secure and Trustworthy 207\u003cbr\u003eNothing Found Means All Is Well 209\u003cbr\u003eFurther Reading 212\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 11: Vulnerabilities 214\u003c\/strong\u003e\u003cbr\u003eWe Know Everything There Is to Know About Vulnerabilities 215\u003cbr\u003eVulnerabilities Are Sparse 218\u003cbr\u003eAttackers Are Getting More Proficient 218\u003cbr\u003eZero-Day Vulnerabilities Are Most Important 219\u003cbr\u003eAll Attacks Hinge on a Vulnerability 223\u003cbr\u003eExploits and Proofs of Concept Are Bad 226\u003cbr\u003eVulnerabilities Happen Only in Complex Code 228\u003cbr\u003eFirst Movers Should Sacrifice Security 230\u003cbr\u003ePatches Are Always Perfect and Available 231\u003cbr\u003eDefenses Might Become Security Vulnerabilities with Time 236\u003cbr\u003eAll Vulnerabilities Can Be Fixed 237\u003cbr\u003eScoring Vulnerabilities Is Easy and Well Understood 239\u003cbr\u003eBecause You Can, You Should--Vulnerabilities Edition 240\u003cbr\u003eVulnerability Names Reflect Their Importance 241\u003cbr\u003eFurther Reading 242\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 12: Malware 244\u003c\/strong\u003e\u003cbr\u003eUsing a Sandbox Will Tell Me Everything I Need to Know 246\u003cbr\u003eReverse Engineering Will Tell Me Everything I Need to Know 249\u003cbr\u003eMalware and Geography Are\/Are Not Related 251\u003cbr\u003eI Can Always Determine Who Made the Malware and Attacked Me 253\u003cbr\u003eMalware Is Always a Complex Program That Is Difficult to Understand 254\u003cbr\u003eFree Malware Protection Is Good Enough 256\u003cbr\u003eOnly Shady Websites Will Infect Me 257\u003cbr\u003eBecause You Can, You Should--Malware Edition 258\u003cbr\u003eRansomware Is an Entirely New Kind of Malware 259\u003cbr\u003eSigned Software Is Always Trustworthy 261\u003cbr\u003eMalware Names Reflect Their Importance 263\u003cbr\u003eFurther Reading 264\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 13: Digital Forensics and Incident Response 266\u003c\/strong\u003e\u003cbr\u003eMovies and Television Reflect the Reality of Cyber 267\u003cbr\u003eIncidents Are Discovered as Soon as They Occur 269\u003cbr\u003eIncidents Are Discrete and Independent 270\u003cbr\u003eEvery Incident Is the Same Severity 271\u003cbr\u003eStandard Incident Response Techniques Can Deal with Ransomware 272\u003cbr\u003eIncident Responders Can Flip a Few Switches and Magically Everything\u003cbr\u003eIs Fixed 273\u003cbr\u003eAttacks Are Always Attributable 276\u003cbr\u003eAttribution Is Essential 278\u003cbr\u003eMost Attacks\/Exfiltration of Data Originate from Outside the Organization 280\u003cbr\u003eThe Trojan Horse Defense Is Dead 281\u003cbr\u003eEndpoint Data Is Sufficient for Incident Detection 282\u003cbr\u003eRecovering from an Event Is a Simple and Linear Process 284\u003cbr\u003eFurther Reading 285\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003ePart IV: Data Issues 287\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 14: Lies, Damn Lies, and Statistics 288\u003c\/strong\u003e\u003cbr\u003eLuck Prevents Cyber Attacks 289\u003cbr\u003eThe Numbers Speak for Themselves 290\u003cbr\u003eProbability Is Certainty 290\u003cbr\u003eStatistics Are Laws 293\u003cbr\u003eData Is Not Important to Statistics 303\u003cbr\u003eArtificial Intelligence and Machine Learning Can Solve All\u003cbr\u003eCybersecurity Problems 306\u003cbr\u003eFurther Reading 310\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 15: Illustrations, Visualizations, and Delusions 312\u003c\/strong\u003e\u003cbr\u003eVisualizations and Dashboards Are Inherently and Universally Helpful 313\u003cbr\u003eCybersecurity Data Is Easy to Visualize 319\u003cbr\u003eFurther Reading 324\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eChapter 16: Finding Hope 326\u003c\/strong\u003e\u003cbr\u003eCreating a Less Myth-Prone World 328\u003cbr\u003eThe Critical Value of Documentation 329\u003cbr\u003eMeta-Myths and Recommendations 331\u003cbr\u003eAvoiding Other and Future Traps 334\u003cbr\u003eParting Thoughts 334\u003c\/p\u003e \u003cp\u003e\u003cstrong\u003eAppendix: Short Background Explanations 336\u003c\/strong\u003e\u003c\/p\u003e \u003cp\u003e\u003cem\u003eAcronyms 344\u003c\/em\u003e\u003cbr\u003e\u003cem\u003eIndex 350\u003c\/em\u003e\u003c\/p\u003e","brand":"Pearson Education (US)","offers":[{"title":"Default Title","offer_id":48864176800087,"sku":"9780137929238","price":29.69,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9780137929238.jpg?v=1722270751"},{"product_id":"hacking-9780596154578","title":"Hacking","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eThe security world is changing as the advent of modern Web 2.0 sites and rich Internet applications has given rise to a generation of hacking techniques. This book offers information on hacks that attempt to exploit technical flaws. It explains how to assess attacks against technologies in Internet applications and social networking sites.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48865368801623,"sku":"9780596154578","price":25.59,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9780596154578.jpg?v=1722274024"},{"product_id":"security-and-microservice-architecture-on-aws-9781098101466","title":"Security and Microservice Architecture on AWS","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eAuthor Gaurav Raje shows cloud solution architects and software developers with AWS experience how to build highly secure systems on AWS without increasing overhead.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48866330542423,"sku":"9781098101466","price":39.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781098101466.jpg?v=1722278162"},{"product_id":"security-chaos-engineering-9781098113827","title":"Security Chaos Engineering","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eIn this pragmatic and comprehensive guide, authors Kelly Shortridge and Aaron Rinehart help you navigate the challenges of securing complex software systems. Using the principles and practices of security chaos engineering, software engineering teams will explore how to cultivate resilience across the software delivery lifecycle.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48866331328855,"sku":"9781098113827","price":39.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781098113827.jpg?v=1722278166"},{"product_id":"certified-kubernetes-security-specialist-cks-study-guide-9781098132972","title":"Certified Kubernetes Security Specialist CKS","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eThis practical book helps you fully prepare for the certification exam by walking you through all of the topics covered.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48866332016983,"sku":"9781098132972","price":33.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781098132972.jpg?v=1722278170"},{"product_id":"microsoft-windows-security-essentials-9781118016848","title":"Microsoft Windows Security Essentials","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eWindows security concepts and technologies for IT beginners IT security can be a complex topic, especially for those new to the field of IT.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003eIntroduction. \u003cp\u003eChapter 1 Understanding Core Security Principles.\u003c\/p\u003e \u003cp\u003eChapter 2 Understanding Malware and Social Engineering.\u003c\/p\u003e \u003cp\u003eChapter 3 Understanding User Authentication.\u003c\/p\u003e \u003cp\u003eChapter 4 Securing Access with Permissions.\u003c\/p\u003e \u003cp\u003eChapter 5 Using Audit Policies and Network Auditing.\u003c\/p\u003e \u003cp\u003eChapter 6 Protecting Clients and Servers.\u003c\/p\u003e \u003cp\u003eChapter 7 Protecting a Network.\u003c\/p\u003e \u003cp\u003eChapter 8 Understanding Wireless Security.\u003c\/p\u003e \u003cp\u003eChapter 9 Understanding Physical Security.\u003c\/p\u003e \u003cp\u003eChapter 10 Enforcing Confidentiality with Encryption.\u003c\/p\u003e \u003cp\u003eChapter 11 Understanding Certificates and a PKI.\u003c\/p\u003e \u003cp\u003eChapter 12 Understanding Internet Explorer Security.\u003c\/p\u003e \u003cp\u003eAppendix A Answers to Review Questions.\u003c\/p\u003e \u003cp\u003eAppendix B Microsoft's Certification Program.\u003c\/p\u003e \u003cp\u003eIndex.\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866364031319,"sku":"9781118016848","price":24.79,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781118016848.jpg?v=1722278296"},{"product_id":"wireshark-for-security-professionals-9781118918210","title":"Wireshark for Security Professionals","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eMaster Wireshark to solve real-world security problems\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIf you don't already use Wireshark for a wide range of information security tasks, you will after this book. Mature and powerful, Wireshark is commonly used to find root cause of challenging network issues. This book extends that power to information security professionals, complete with a downloadable, virtual lab environment.\u003c\/p\u003e \u003cp\u003e\u003ci\u003eWireshark for Security Professionals\u003c\/i\u003e covers both offensive and defensive concepts that can be applied to essentially any InfoSec role. Whether into network security, malware analysis, intrusion detection, or penetration testing, this book demonstrates Wireshark through relevant and useful examples.\u003c\/p\u003e \u003cp\u003eMaster Wireshark through both lab scenarios and exercises. Early in the book, a virtual lab environment is provided for the purpose of getting hands-on experience with Wireshark. Wireshark is combined with two popular platforms: Kali, the security-focused Linux distribution, a\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eIntroduction xiii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introducing Wireshark 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Is Wireshark? 2\u003c\/p\u003e \u003cp\u003eA Best Time to Use Wireshark? 2\u003c\/p\u003e \u003cp\u003eAvoiding Being Overwhelmed 3\u003c\/p\u003e \u003cp\u003eThe Wireshark User Interface 3\u003c\/p\u003e \u003cp\u003ePacket List Pane 5\u003c\/p\u003e \u003cp\u003ePacket Details Pane 6\u003c\/p\u003e \u003cp\u003ePacket Bytes Pane 8\u003c\/p\u003e \u003cp\u003eFilters 9\u003c\/p\u003e \u003cp\u003eCapture Filters 9\u003c\/p\u003e \u003cp\u003eDisplay Filters 13\u003c\/p\u003e \u003cp\u003eSummary 17\u003c\/p\u003e \u003cp\u003eExercises 18\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Setting Up the Lab 19\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKali Linux 20\u003c\/p\u003e \u003cp\u003eVirtualization 22\u003c\/p\u003e \u003cp\u003eBasic Terminology and Concepts 23\u003c\/p\u003e \u003cp\u003eBenefits of Virtualization 23\u003c\/p\u003e \u003cp\u003eVirtual Box 24\u003c\/p\u003e \u003cp\u003eInstalling VirtualBox 24\u003c\/p\u003e \u003cp\u003eInstalling the VirtualBox Extension Pack 31\u003c\/p\u003e \u003cp\u003eCreating a Kali Linux Virtual Machine 33\u003c\/p\u003e \u003cp\u003eInstalling Kali Linux 40\u003c\/p\u003e \u003cp\u003eThe W4SP Lab 46\u003c\/p\u003e \u003cp\u003eRequirements 46\u003c\/p\u003e \u003cp\u003eA Few Words about Docker 47\u003c\/p\u003e \u003cp\u003eWhat Is GitHub? 48\u003c\/p\u003e \u003cp\u003eCreating the Lab User 49\u003c\/p\u003e \u003cp\u003eInstalling the W4SP Lab on the Kali Virtual Machine 50\u003c\/p\u003e \u003cp\u003eSetting Up the W4SP Lab 53\u003c\/p\u003e \u003cp\u003eThe Lab Network 54\u003c\/p\u003e \u003cp\u003eSummary 55\u003c\/p\u003e \u003cp\u003eExercises 56\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 The Fundamentals 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eNetworking 58\u003c\/p\u003e \u003cp\u003eOSI Layers 58\u003c\/p\u003e \u003cp\u003eNetworking between Virtual Machines 61\u003c\/p\u003e \u003cp\u003eSecurity 63\u003c\/p\u003e \u003cp\u003eThe Security Triad 63\u003c\/p\u003e \u003cp\u003eIntrusion Detection and Prevention Systems 63\u003c\/p\u003e \u003cp\u003eFalse Positives and False Negatives 64\u003c\/p\u003e \u003cp\u003eMalware 64\u003c\/p\u003e \u003cp\u003eSpoofing and Poisoning 66\u003c\/p\u003e \u003cp\u003ePacket and Protocol Analysis 66\u003c\/p\u003e \u003cp\u003eA Protocol Analysis Story 67\u003c\/p\u003e \u003cp\u003ePorts and Protocols 71\u003c\/p\u003e \u003cp\u003eSummary 73\u003c\/p\u003e \u003cp\u003eExercises 74\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Capturing Packets 75\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSniffing 76\u003c\/p\u003e \u003cp\u003ePromiscuous Mode 76\u003c\/p\u003e \u003cp\u003eStarting the First Capture 78\u003c\/p\u003e \u003cp\u003eTShark 82\u003c\/p\u003e \u003cp\u003eDealing with the Network 86\u003c\/p\u003e \u003cp\u003eLocal Machine 87\u003c\/p\u003e \u003cp\u003eSniffing Localhost 88\u003c\/p\u003e \u003cp\u003eSniffing on Virtual Machine Interfaces 92\u003c\/p\u003e \u003cp\u003eSniffing with Hubs 96\u003c\/p\u003e \u003cp\u003eSPAN Ports 98\u003c\/p\u003e \u003cp\u003eNetwork Taps 101\u003c\/p\u003e \u003cp\u003eTransparent Linux Bridges 103\u003c\/p\u003e \u003cp\u003eWireless Networks 105\u003c\/p\u003e \u003cp\u003eLoading and Saving Capture Files 108\u003c\/p\u003e \u003cp\u003eFile Formats 108\u003c\/p\u003e \u003cp\u003eRing Buffers and Multiple Files 111\u003c\/p\u003e \u003cp\u003eRecent Capture Files 116\u003c\/p\u003e \u003cp\u003eDissectors 118\u003c\/p\u003e \u003cp\u003eW4SP Lab: Managing Nonstandard HTTP Traffic 118\u003c\/p\u003e \u003cp\u003eFiltering SMB Filenames 120\u003c\/p\u003e \u003cp\u003ePacket Colorization 123\u003c\/p\u003e \u003cp\u003eViewing Someone Else’s Captures 126\u003c\/p\u003e \u003cp\u003eSummary 127\u003c\/p\u003e \u003cp\u003eExercises 128\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Diagnosing Attacks 129\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAttack Type: Man-in-the-Middle 130\u003c\/p\u003e \u003cp\u003eWhy MitM Attacks Are Effective 130\u003c\/p\u003e \u003cp\u003eHow MitM Attacks Get Done: ARP 131\u003c\/p\u003e \u003cp\u003eW4SP Lab: Performing an ARP MitM Attack 133\u003c\/p\u003e \u003cp\u003eW4SP Lab: Performing a DNS MitM Attack 141\u003c\/p\u003e \u003cp\u003eHow to Prevent MitM Attacks 147\u003c\/p\u003e \u003cp\u003eAttack Type: Denial of Service 148\u003c\/p\u003e \u003cp\u003eWhy DoS Attacks Are Effective 149\u003c\/p\u003e \u003cp\u003eHow DoS Attacks Get Done 150\u003c\/p\u003e \u003cp\u003eHow to Prevent DoS Attacks 155\u003c\/p\u003e \u003cp\u003eAttack Type: Advanced Persistent Threat 156\u003c\/p\u003e \u003cp\u003eWhy APT Attacks Are Effective 156\u003c\/p\u003e \u003cp\u003eHow APT Attacks Get Done 157\u003c\/p\u003e \u003cp\u003eExample APT Traffic in Wireshark 157\u003c\/p\u003e \u003cp\u003eHow to Prevent APT Attacks 161\u003c\/p\u003e \u003cp\u003eSummary 162\u003c\/p\u003e \u003cp\u003eExercises 162\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Offensive Wireshark 163\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAttack Methodology 163\u003c\/p\u003e \u003cp\u003eReconnaissance Using Wireshark 165\u003c\/p\u003e \u003cp\u003eEvading IPS\/IDS 168\u003c\/p\u003e \u003cp\u003eSession Splicing and Fragmentation 168\u003c\/p\u003e \u003cp\u003ePlaying to the Host, Not the IDS 169\u003c\/p\u003e \u003cp\u003eCovering Tracks and Placing Backdoors 169\u003c\/p\u003e \u003cp\u003eExploitation 170\u003c\/p\u003e \u003cp\u003eSetting Up the W4SP Lab with Metasploitable 171\u003c\/p\u003e \u003cp\u003eLaunching Metasploit Console 171\u003c\/p\u003e \u003cp\u003eVSFTP Exploit 172\u003c\/p\u003e \u003cp\u003eDebugging with Wireshark 173\u003c\/p\u003e \u003cp\u003eShell in Wireshark 175\u003c\/p\u003e \u003cp\u003eTCP Stream Showing a Bind Shell 176\u003c\/p\u003e \u003cp\u003eTCP Stream Showing a Reverse Shell 183\u003c\/p\u003e \u003cp\u003eStarting ELK 188\u003c\/p\u003e \u003cp\u003eRemote Capture over SSH 190\u003c\/p\u003e \u003cp\u003eSummary 191\u003c\/p\u003e \u003cp\u003eExercises 192\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Decrypting TLS, Capturing USB, Keyloggers, and Network Graphing 193\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDecrypting SSL\/TLS 193\u003c\/p\u003e \u003cp\u003eDecrypting SSL\/TLS Using Private Keys 195\u003c\/p\u003e \u003cp\u003eDecrypting SSL\/TLS Using Session Keys 199\u003c\/p\u003e \u003cp\u003eUSB and Wireshark 202\u003c\/p\u003e \u003cp\u003eCapturing USB Traffic on Linux 203\u003c\/p\u003e \u003cp\u003eCapturing USB Traffic on Windows 206\u003c\/p\u003e \u003cp\u003eTShark Keylogger 208\u003c\/p\u003e \u003cp\u003eGraphing the Network 212\u003c\/p\u003e \u003cp\u003eLua with Graphviz Library 213\u003c\/p\u003e \u003cp\u003eSummary 218\u003c\/p\u003e \u003cp\u003eExercises 219\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Scripting with Lua 221\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy Lua? 222\u003c\/p\u003e \u003cp\u003eScripting Basics 223\u003c\/p\u003e \u003cp\u003eVariables 225\u003c\/p\u003e \u003cp\u003eFunctions and Blocks 226\u003c\/p\u003e \u003cp\u003eLoops 228\u003c\/p\u003e \u003cp\u003eConditionals 230\u003c\/p\u003e \u003cp\u003eSetup 230\u003c\/p\u003e \u003cp\u003eChecking for Lua Support 231\u003c\/p\u003e \u003cp\u003eLua Initialization 232\u003c\/p\u003e \u003cp\u003eWindows Setup 233\u003c\/p\u003e \u003cp\u003eLinux Setup 233\u003c\/p\u003e \u003cp\u003eTools 234\u003c\/p\u003e \u003cp\u003eHello World with TShark 236\u003c\/p\u003e \u003cp\u003eCounting Packets Script 237\u003c\/p\u003e \u003cp\u003eARP Cache Script 241\u003c\/p\u003e \u003cp\u003eCreating Dissectors for Wireshark 244\u003c\/p\u003e \u003cp\u003eDissector Types 245\u003c\/p\u003e \u003cp\u003eWhy a Dissector Is Needed 245\u003c\/p\u003e \u003cp\u003eExperiment 253\u003c\/p\u003e \u003cp\u003eExtending Wireshark 255\u003c\/p\u003e \u003cp\u003ePacket Direction Script 255\u003c\/p\u003e \u003cp\u003eMarking Suspicious Script 257\u003c\/p\u003e \u003cp\u003eSnooping SMB File Transfers 260\u003c\/p\u003e \u003cp\u003eSummary 262\u003c\/p\u003e \u003cp\u003eIndex 265\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866380742999,"sku":"9781118918210","price":34.0,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781118918210.jpg?v=1722278382"},{"product_id":"comptia-security-practice-tests-exam-sy0601-9781119735465","title":"CompTIA Security Practice Tests Exam SY0601","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eIntroduction xix\u003c\/p\u003e \u003cp\u003eChapter 1 Threats, Attacks, and Vulnerabilities 1\u003c\/p\u003e \u003cp\u003eChapter 2 Architecture and Design 45\u003c\/p\u003e \u003cp\u003eChapter 3 Implementation 81\u003c\/p\u003e \u003cp\u003eChapter 4 Operations and Incident Response 129\u003c\/p\u003e \u003cp\u003eChapter 5 Governance, Risk, and Compliance 159\u003c\/p\u003e \u003cp\u003eAppendix Answers and Explanations 185\u003c\/p\u003e \u003cp\u003eIndex 299\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866413707607,"sku":"9781119735465","price":28.05,"currency_code":"GBP","in_stock":false}]},{"product_id":"threats-9781119895169","title":"Threats","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eSecure your applications with help from your favorite Jedi masters In Threats: What Every Engineer Should Learn From Star Wars, accomplished security expert and educator Adam Shostack delivers an easy-to-read and engaging discussion of security threats and how to develop secure systems. The book will prepare you to take on the Dark Side as you learnin a structured and memorable wayabout the threats to your systems. You'll move from thinking of security issues as clever one-offs and learn to see the patterns they follow. This book brings to light the burning questions software developers should be asking about securing systems, and answers them in a fun and entertaining way, incorporating cybersecurity lessons from the much-loved Star Wars series. You don't need to be fluent in over 6 million forms of exploitation to face these threats with the steely calm of a Jedi master. You'll also find: Understandable and memorable introductions to the most important threats that every engineer should knowStraightforward software security frameworks that will help engineers bake security directly into their systemsStrategies to align large teams to achieve application security in today's fast-moving and agile worldStrategies attackers use, like tampering, to interfere with the integrity of applications and systems, and the kill chains that combine these threats into fully executed campaignsAn indispensable resource for software developers and security engineers, Threats: What Every Engineer Should Learn From Star Wars belongs on the bookshelves of everyone delivering or operating technology: from engineers to executives responsible for shipping secure code.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003ePreface xi\u003c\/p\u003e \u003cp\u003eIntroduction xv\u003c\/p\u003e \u003cp\u003e1 Spoofing and Authenticity 1\u003c\/p\u003e \u003cp\u003e2 Tampering and Integrity 41\u003c\/p\u003e \u003cp\u003e3 Repudiation and Proof 63\u003c\/p\u003e \u003cp\u003e4 Information Disclosure and Confidentiality 95\u003c\/p\u003e \u003cp\u003e5 Denial of Service and Availability 131\u003c\/p\u003e \u003cp\u003e6 Expansion of Authority and Isolation 151\u003c\/p\u003e \u003cp\u003e7 Predictability and Randomness 187\u003c\/p\u003e \u003cp\u003e8 Parsing and Corruption 211\u003c\/p\u003e \u003cp\u003e9 Kill Chains 249\u003c\/p\u003e \u003cp\u003eEpilogue 291\u003c\/p\u003e \u003cp\u003eGlossary 295\u003c\/p\u003e \u003cp\u003eBibliography 303\u003c\/p\u003e \u003cp\u003eStory Index 317\u003c\/p\u003e \u003cp\u003eIndex 323\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866424258903,"sku":"9781119895169","price":17.09,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119895169.jpg?v=1722278580"},{"product_id":"the-official-isc2-ccsp-cbk-reference-9781119909019","title":"The Official ISC2 CCSP CBK Reference","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eForeword to the Fourth Edition xxi\u003c\/p\u003e \u003cp\u003eIntroduction xix\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Cloud Concepts, Architecture, and Design 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstand Cloud Computing Concepts 2\u003c\/p\u003e \u003cp\u003eCloud Computing Definitions 2\u003c\/p\u003e \u003cp\u003eCloud Computing Roles and Responsibilities 3\u003c\/p\u003e \u003cp\u003eKey Cloud Computing Characteristics 7\u003c\/p\u003e \u003cp\u003eBuilding Block Technologies 11\u003c\/p\u003e \u003cp\u003eDescribe Cloud Reference Architecture 14\u003c\/p\u003e \u003cp\u003eCloud Computing Activities 14\u003c\/p\u003e \u003cp\u003eCloud Service Capabilities 15\u003c\/p\u003e \u003cp\u003eCloud Service Categories 17\u003c\/p\u003e \u003cp\u003eCloud Deployment Models 18\u003c\/p\u003e \u003cp\u003eCloud Shared Considerations 21\u003c\/p\u003e \u003cp\u003eImpact of Related Technologies 27\u003c\/p\u003e \u003cp\u003eUnderstand Security Concepts Relevant to Cloud Computing 33\u003c\/p\u003e \u003cp\u003eCryptography and Key Management 33\u003c\/p\u003e \u003cp\u003eIdentity and Access Control 34\u003c\/p\u003e \u003cp\u003eData and Media Sanitization 36\u003c\/p\u003e \u003cp\u003eNetwork Security 37\u003c\/p\u003e \u003cp\u003eVirtualization Security 39\u003c\/p\u003e \u003cp\u003eCommon Threats 41\u003c\/p\u003e \u003cp\u003eSecurity Hygiene 41\u003c\/p\u003e \u003cp\u003eUnderstand Design Principles of Secure Cloud Computing 43\u003c\/p\u003e \u003cp\u003eCloud Secure Data Lifecycle 43\u003c\/p\u003e \u003cp\u003eCloud- Based Business Continuity and Disaster Recovery Plan 44\u003c\/p\u003e \u003cp\u003eBusiness Impact Analysis 45\u003c\/p\u003e \u003cp\u003eFunctional Security Requirements 46\u003c\/p\u003e \u003cp\u003eSecurity Considerations for Different Cloud Categories 48\u003c\/p\u003e \u003cp\u003eCloud Design Patterns 49\u003c\/p\u003e \u003cp\u003eDevOps Security 51\u003c\/p\u003e \u003cp\u003eEvaluate Cloud Service Providers 51\u003c\/p\u003e \u003cp\u003eVerification against Criteria 52\u003c\/p\u003e \u003cp\u003eSystem\/Subsystem Product Certifications 54\u003c\/p\u003e \u003cp\u003eSummary 56\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Cloud Data Security 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDescribe Cloud Data Concepts 58\u003c\/p\u003e \u003cp\u003eCloud Data Lifecycle Phases 58\u003c\/p\u003e \u003cp\u003eData Dispersion 61\u003c\/p\u003e \u003cp\u003eData Flows 62\u003c\/p\u003e \u003cp\u003eDesign and Implement Cloud Data Storage Architectures 63\u003c\/p\u003e \u003cp\u003eStorage Types 63\u003c\/p\u003e \u003cp\u003eThreats to Storage Types 66\u003c\/p\u003e \u003cp\u003eDesign and Apply Data Security Technologies and Strategies 67\u003c\/p\u003e \u003cp\u003eEncryption and Key Management 67\u003c\/p\u003e \u003cp\u003eHashing 70\u003c\/p\u003e \u003cp\u003eData Obfuscation 71\u003c\/p\u003e \u003cp\u003eTokenization 73\u003c\/p\u003e \u003cp\u003eData Loss Prevention 74\u003c\/p\u003e \u003cp\u003eKeys, Secrets, and Certificates Management 77\u003c\/p\u003e \u003cp\u003eImplement Data Discovery 78\u003c\/p\u003e \u003cp\u003eStructured Data 79\u003c\/p\u003e \u003cp\u003eUnstructured Data 80\u003c\/p\u003e \u003cp\u003eSemi- structured Data 81\u003c\/p\u003e \u003cp\u003eData Location 82\u003c\/p\u003e \u003cp\u003eImplement Data Classification 82\u003c\/p\u003e \u003cp\u003eData Classification Policies 83\u003c\/p\u003e \u003cp\u003eMapping 85\u003c\/p\u003e \u003cp\u003eLabeling 86\u003c\/p\u003e \u003cp\u003eDesign and Implement Information Rights Management 87\u003c\/p\u003e \u003cp\u003eObjectives 88\u003c\/p\u003e \u003cp\u003eAppropriate Tools 89\u003c\/p\u003e \u003cp\u003ePlan and Implement Data Retention, Deletion, and Archiving Policies 89\u003c\/p\u003e \u003cp\u003eData Retention Policies 90\u003c\/p\u003e \u003cp\u003eData Deletion Procedures and Mechanisms 93\u003c\/p\u003e \u003cp\u003eData Archiving Procedures and Mechanisms 94\u003c\/p\u003e \u003cp\u003eLegal Hold 95\u003c\/p\u003e \u003cp\u003eDesign and Implement Auditability, Traceability, and Accountability of Data Events 96\u003c\/p\u003e \u003cp\u003eDefinition of Event Sources and Requirement of Event Attribution 97\u003c\/p\u003e \u003cp\u003eLogging, Storage, and Analysis of Data Events 99\u003c\/p\u003e \u003cp\u003eChain of Custody and Nonrepudiation 100\u003c\/p\u003e \u003cp\u003eSummary 101\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Cloud Platform and Infrastructure Security 103\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eComprehend Cloud Infrastructure and Platform Components 104\u003c\/p\u003e \u003cp\u003ePhysical Environment 104\u003c\/p\u003e \u003cp\u003eNetwork and Communications 106\u003c\/p\u003e \u003cp\u003eCompute 107\u003c\/p\u003e \u003cp\u003eVirtualization 108\u003c\/p\u003e \u003cp\u003eStorage 110\u003c\/p\u003e \u003cp\u003eManagement Plane 111\u003c\/p\u003e \u003cp\u003eDesign a Secure Data Center 113\u003c\/p\u003e \u003cp\u003eLogical Design 114\u003c\/p\u003e \u003cp\u003ePhysical Design 116\u003c\/p\u003e \u003cp\u003eEnvironmental Design 117\u003c\/p\u003e \u003cp\u003eAnalyze Risks Associated with Cloud Infrastructure and Platforms 119\u003c\/p\u003e \u003cp\u003eRisk Assessment 119\u003c\/p\u003e \u003cp\u003eCloud Vulnerabilities, Threats, and Attacks 122\u003c\/p\u003e \u003cp\u003eRisk Mitigation Strategies 123\u003c\/p\u003e \u003cp\u003ePlan and Implementation of Security Controls 124\u003c\/p\u003e \u003cp\u003ePhysical and Environmental Protection 124\u003c\/p\u003e \u003cp\u003eSystem, Storage, and Communication Protection 125\u003c\/p\u003e \u003cp\u003eIdentification, Authentication, and Authorization in Cloud Environments 127\u003c\/p\u003e \u003cp\u003eAudit Mechanisms 128\u003c\/p\u003e \u003cp\u003ePlan Disaster Recovery and Business Continuity 131\u003c\/p\u003e \u003cp\u003eBusiness Continuity\/Disaster Recovery Strategy 131\u003c\/p\u003e \u003cp\u003eBusiness Requirements 132\u003c\/p\u003e \u003cp\u003eCreation, Implementation, and Testing of Plan 134\u003c\/p\u003e \u003cp\u003eSummary 138\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Cloud Application Security 139\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAdvocate Training and Awareness for Application Security 140\u003c\/p\u003e \u003cp\u003eCloud Development Basics 140\u003c\/p\u003e \u003cp\u003eCommon Pitfalls 141\u003c\/p\u003e \u003cp\u003eCommon Cloud Vulnerabilities 142\u003c\/p\u003e \u003cp\u003eDescribe the Secure Software Development Life Cycle Process 144\u003c\/p\u003e \u003cp\u003eNIST Secure Software Development Framework 145\u003c\/p\u003e \u003cp\u003eOWASP Software Assurance Maturity Model 145\u003c\/p\u003e \u003cp\u003eBusiness Requirements 145\u003c\/p\u003e \u003cp\u003ePhases and Methodologies 146\u003c\/p\u003e \u003cp\u003eApply the Secure Software Development Life Cycle 149\u003c\/p\u003e \u003cp\u003eCloud- Specific Risks 149\u003c\/p\u003e \u003cp\u003eThreat Modeling 153\u003c\/p\u003e \u003cp\u003eAvoid Common Vulnerabilities during Development 156\u003c\/p\u003e \u003cp\u003eSecure Coding 156\u003c\/p\u003e \u003cp\u003eSoftware Configuration Management and Versioning 157\u003c\/p\u003e \u003cp\u003eApply Cloud Software Assurance and Validation 158\u003c\/p\u003e \u003cp\u003eFunctional and Non- functional Testing 159\u003c\/p\u003e \u003cp\u003eSecurity Testing Methodologies 160\u003c\/p\u003e \u003cp\u003eQuality Assurance 164\u003c\/p\u003e \u003cp\u003eAbuse Case Testing 164\u003c\/p\u003e \u003cp\u003eUse Verified Secure Software 165\u003c\/p\u003e \u003cp\u003eSecuring Application Programming Interfaces 165\u003c\/p\u003e \u003cp\u003eSupply- Chain Management 166\u003c\/p\u003e \u003cp\u003eThird- Party Software Management 166\u003c\/p\u003e \u003cp\u003eValidated Open- Source Software 167\u003c\/p\u003e \u003cp\u003eComprehend the Specifics of Cloud Application Architecture 168\u003c\/p\u003e \u003cp\u003eSupplemental Security Components 169\u003c\/p\u003e \u003cp\u003eCryptography 171\u003c\/p\u003e \u003cp\u003eSandboxing 172\u003c\/p\u003e \u003cp\u003eApplication Virtualization and Orchestration 173\u003c\/p\u003e \u003cp\u003eDesign Appropriate Identity and Access Management Solutions 174\u003c\/p\u003e \u003cp\u003eFederated Identity 175\u003c\/p\u003e \u003cp\u003eIdentity Providers 175\u003c\/p\u003e \u003cp\u003eSingle Sign- on 176\u003c\/p\u003e \u003cp\u003eMultifactor Authentication 176\u003c\/p\u003e \u003cp\u003eCloud Access Security Broker 178\u003c\/p\u003e \u003cp\u003eSummary 179\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Cloud Security Operations 181\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBuild and Implement Physical and Logical Infrastructure for Cloud Environment 182\u003c\/p\u003e \u003cp\u003eHardware- Specific Security Configuration Requirements 182\u003c\/p\u003e \u003cp\u003eInstallation and Configuration of Virtualization Management Tools 185\u003c\/p\u003e \u003cp\u003eVirtual Hardware–Specific Security Configuration Requirements 186\u003c\/p\u003e \u003cp\u003eInstallation of Guest Operating System Virtualization Toolsets 188\u003c\/p\u003e \u003cp\u003eOperate Physical and Logical Infrastructure for Cloud Environment 188\u003c\/p\u003e \u003cp\u003eConfigure Access Control for Local and Remote Access 188\u003c\/p\u003e \u003cp\u003eSecure Network Configuration 190\u003c\/p\u003e \u003cp\u003eOperating System Hardening through the Application of Baselines 195\u003c\/p\u003e \u003cp\u003eAvailability of Stand- Alone Hosts 196\u003c\/p\u003e \u003cp\u003eAvailability of Clustered Hosts 197\u003c\/p\u003e \u003cp\u003eAvailability of Guest Operating Systems 199\u003c\/p\u003e \u003cp\u003eManage Physical and Logical Infrastructure for Cloud Environment 200\u003c\/p\u003e \u003cp\u003eAccess Controls for Remote Access 201\u003c\/p\u003e \u003cp\u003eOperating System Baseline Compliance Monitoring and Remediation 202\u003c\/p\u003e \u003cp\u003ePatch Management 203\u003c\/p\u003e \u003cp\u003ePerformance and Capacity Monitoring 205\u003c\/p\u003e \u003cp\u003eHardware Monitoring 206\u003c\/p\u003e \u003cp\u003eConfiguration of Host and Guest Operating System Backup and Restore Functions 207\u003c\/p\u003e \u003cp\u003eNetwork Security Controls 208\u003c\/p\u003e \u003cp\u003eManagement Plane 212\u003c\/p\u003e \u003cp\u003eImplement Operational Controls and Standards 212\u003c\/p\u003e \u003cp\u003eChange Management 213\u003c\/p\u003e \u003cp\u003eContinuity Management 214\u003c\/p\u003e \u003cp\u003eInformation Security Management 216\u003c\/p\u003e \u003cp\u003eContinual Service Improvement Management 217\u003c\/p\u003e \u003cp\u003eIncident Management 218\u003c\/p\u003e \u003cp\u003eProblem Management 221\u003c\/p\u003e \u003cp\u003eRelease Management 221\u003c\/p\u003e \u003cp\u003eDeployment Management 222\u003c\/p\u003e \u003cp\u003eConfiguration Management 224\u003c\/p\u003e \u003cp\u003eService Level Management 225\u003c\/p\u003e \u003cp\u003eAvailability Management 226\u003c\/p\u003e \u003cp\u003eCapacity Management 227\u003c\/p\u003e \u003cp\u003eSupport Digital Forensics 228\u003c\/p\u003e \u003cp\u003eForensic Data Collection Methodologies 228\u003c\/p\u003e \u003cp\u003eEvidence Management 230\u003c\/p\u003e \u003cp\u003eCollect, Acquire, and Preserve Digital Evidence 231\u003c\/p\u003e \u003cp\u003eManage Communication with Relevant Parties 234\u003c\/p\u003e \u003cp\u003eVendors 235\u003c\/p\u003e \u003cp\u003eCustomers 236\u003c\/p\u003e \u003cp\u003ePartners 238\u003c\/p\u003e \u003cp\u003eRegulators 238\u003c\/p\u003e \u003cp\u003eOther Stakeholders 239\u003c\/p\u003e \u003cp\u003eManage Security Operations 239\u003c\/p\u003e \u003cp\u003eSecurity Operations Center 240\u003c\/p\u003e \u003cp\u003eMonitoring of Security Controls 244\u003c\/p\u003e \u003cp\u003eLog Capture and Analysis 245\u003c\/p\u003e \u003cp\u003eIncident Management 248\u003c\/p\u003e \u003cp\u003eSummary 253\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Legal, Risk, and Compliance 255\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eArticulating Legal Requirements and Unique Risks within the Cloud Environment 256\u003c\/p\u003e \u003cp\u003eConflicting International Legislation 256\u003c\/p\u003e \u003cp\u003eEvaluation of Legal Risks Specific to Cloud Computing 258\u003c\/p\u003e \u003cp\u003eLegal Frameworks and Guidelines 258\u003c\/p\u003e \u003cp\u003eeDiscovery 265\u003c\/p\u003e \u003cp\u003eForensics Requirements 267\u003c\/p\u003e \u003cp\u003eUnderstand Privacy Issues 267\u003c\/p\u003e \u003cp\u003eDifference between Contractual and Regulated Private Data 268\u003c\/p\u003e \u003cp\u003eCountry- Specific Legislation Related to Private Data 272\u003c\/p\u003e \u003cp\u003eJurisdictional Differences in Data Privacy 277\u003c\/p\u003e \u003cp\u003eStandard Privacy Requirements 278\u003c\/p\u003e \u003cp\u003ePrivacy Impact Assessments 280\u003c\/p\u003e \u003cp\u003eUnderstanding Audit Process, Methodologies, and Required Adaptations for a Cloud Environment 281\u003c\/p\u003e \u003cp\u003eInternal and External Audit Controls 282\u003c\/p\u003e \u003cp\u003eImpact of Audit Requirements 283\u003c\/p\u003e \u003cp\u003eIdentify Assurance Challenges of Virtualization and Cloud 284\u003c\/p\u003e \u003cp\u003eTypes of Audit Reports 285\u003c\/p\u003e \u003cp\u003eRestrictions of Audit Scope Statements 288\u003c\/p\u003e \u003cp\u003eGap Analysis 289\u003c\/p\u003e \u003cp\u003eAudit Planning 290\u003c\/p\u003e \u003cp\u003eInternal Information Security Management System 291\u003c\/p\u003e \u003cp\u003eInternal Information Security Controls System 292\u003c\/p\u003e \u003cp\u003ePolicies 293\u003c\/p\u003e \u003cp\u003eIdentification and Involvement of Relevant Stakeholders 296\u003c\/p\u003e \u003cp\u003eSpecialized Compliance Requirements for Highly Regulated Industries 297\u003c\/p\u003e \u003cp\u003eImpact of Distributed Information Technology Model 298\u003c\/p\u003e \u003cp\u003eUnderstand Implications of Cloud to Enterprise Risk Management 299\u003c\/p\u003e \u003cp\u003eAssess Providers Risk Management Programs 300\u003c\/p\u003e \u003cp\u003eDifferences between Data Owner\/Controller vs. Data Custodian\/Processor 301\u003c\/p\u003e \u003cp\u003eRegulatory Transparency Requirements 302\u003c\/p\u003e \u003cp\u003eRisk Treatment 303\u003c\/p\u003e \u003cp\u003eRisk Frameworks 304\u003c\/p\u003e \u003cp\u003eMetrics for Risk Management 307\u003c\/p\u003e \u003cp\u003eAssessment of Risk Environment 307\u003c\/p\u003e \u003cp\u003eUnderstand Outsourcing and Cloud Contract Design 309\u003c\/p\u003e \u003cp\u003eBusiness Requirements 309\u003c\/p\u003e \u003cp\u003eVendor Management 311\u003c\/p\u003e \u003cp\u003eContract Management 312\u003c\/p\u003e \u003cp\u003eSupply Chain Management 314\u003c\/p\u003e \u003cp\u003eSummary 316\u003c\/p\u003e \u003cp\u003eIndex 317\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866425012567,"sku":"9781119909019","price":48.75,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119909019.jpg?v=1722278582"},{"product_id":"isc2-ccsp-certified-cloud-security-professional-official-practice-tests-9781119909408","title":"ISC2 CCSP Certified Cloud Security Professional","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eIntroduction xv\u003c\/p\u003e \u003cp\u003eChapter 1 Domain 1: Cloud Concepts, Architecture, and Design 1\u003c\/p\u003e \u003cp\u003eChapter 2 Domain 2: Architecture and Design 23\u003c\/p\u003e \u003cp\u003eChapter 3 Domain 3: Cloud Platform and Infrastructure Security 45\u003c\/p\u003e \u003cp\u003eChapter 4 Domain 4: Cloud Application Security 65\u003c\/p\u003e \u003cp\u003eChapter 5 Domain 5: Cloud Security Operations 85\u003c\/p\u003e \u003cp\u003eChapter 6 Domain 6: Legal, Risk, and Compliance 105\u003c\/p\u003e \u003cp\u003eChapter 7 Practice Test 1 125\u003c\/p\u003e \u003cp\u003eChapter 8 Practice Test 2 151\u003c\/p\u003e \u003cp\u003eAppendix Answers to Review Questions 175\u003c\/p\u003e \u003cp\u003eChapter 1: Domain 1: Cloud Concepts, Architecture, and Design 176\u003c\/p\u003e \u003cp\u003eChapter 2: Domain 2: Architecture and Design 188\u003c\/p\u003e \u003cp\u003eChapter 3: Domain 3: Cloud Platform and Infrastructure Security 198\u003c\/p\u003e \u003cp\u003eChapter 4: Domain 4: Cloud Application Security 213\u003c\/p\u003e \u003cp\u003eChapter 5: Domain 5: Cloud Security Operations 223\u003c\/p\u003e \u003cp\u003eChapter 6: Domain 6: Legal, Risk, and Compliance 232\u003c\/p\u003e \u003cp\u003eChapter 7: Practice Test 1 245\u003c\/p\u003e \u003cp\u003eChapter 8: Practice Test 2 259\u003c\/p\u003e \u003cp\u003eIndex 273\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866425110871,"sku":"9781119909408","price":27.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119909408.jpg?v=1722278583"},{"product_id":"gpen-giac-certified-penetration-tester-allinone-exam-guide-9781260456745","title":"GPEN GIAC Certified Penetration Tester AllinOne","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cb\u003ePublisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, \u003cspan\u003e \u003c\/span\u003eauthenticity, or access to any online entitlements included with the product.\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eThis effective study guide provides 100% coverage of every topic on the GPEN GIAC Penetration Tester exam\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003eThis effective self-study guide fully prepares you for the Global Information Assurance Certificationâs challenging Penetration Tester exam, which validates advanced IT security skills. The book features exam-focused coverage of penetration testing methodologies, legal issues, and best practices.\u003ci\u003e GPEN GIAC Certified Penetration Tester All-in-One Exam Guide\u003c\/i\u003e contains useful tips and tricks, real-world examples, and case studies drawn from authorsâ extensive experience. Beyond exam preparation, the book also serves as a valuable on-the-job reference. \u003cbr\u003e\u003cbr\u003eCovers every topic on the exam, including:\u003cbr\u003e\u003cp\u003e\u003c\/p\u003e\u003cul\u003e\u003cli\u003ePre-engagement and planning \u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cb\u003eChapter 1:\u003c\/b\u003e Penetration Testing Fundamentals\u003cbr\u003e\u003cb\u003eChapter 2:\u003c\/b\u003e Pre-Engagement Activity\u003cbr\u003e\u003cb\u003eChapter 3:\u003c\/b\u003e Penetration Testing Lab Setup\u003cbr\u003e\u003cb\u003eChapter 4:\u003c\/b\u003e Reconnaissance, Open Source Intelligence (OSINT)\u003cbr\u003e\u003cb\u003eChapter 5:\u003c\/b\u003e Scanning, Enumerating Targets and Vulnerabilities\u003cbr\u003e\u003cb\u003eChapter 6:\u003c\/b\u003e Exploiting Targets\u003cbr\u003e\u003cb\u003eChapter 7:\u003c\/b\u003e Advanced Metasploit\u003cbr\u003e\u003cb\u003eChapter 8:\u003c\/b\u003e Password Attacks\u003cbr\u003e\u003cb\u003eChapter 9:\u003c\/b\u003e Stealing Data, Maintaining Access and Pivoting\u003cbr\u003e\u003cb\u003eChapter 10:\u003c\/b\u003e PowerShell for Penetration Testing\u003cbr\u003e\u003cb\u003eChapter 11:\u003c\/b\u003e Web Application Hacking\u003cbr\u003e\u003cb\u003eChapter 12:\u003c\/b\u003e Proxies, Crawlers, and Spiders\u003cbr\u003e\u003cb\u003eChapter 13:\u003c\/b\u003e OWASP Top 10\u003cbr\u003e\u003cb\u003eAppendix A:\u003c\/b\u003e Tools Reference\u003c\/li\u003e\u003c\/ul\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866491433303,"sku":"9781260456745","price":35.24,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781260456745.jpg?v=1722278912"},{"product_id":"cissp-allinone-exam-guide-ninth-edition-9781260467376","title":"CISSP AllinOne Exam Guide Ninth Edition","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eA new edition of Shon Harrisâ bestselling exam prep guideâfully updated for the 2021 version of the CISSP exam\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eThoroughly updated for the latest release of the Certified Information Systems Security Professional exam, this comprehensive resource covers all objectives in the 2021 CISSP exam developed by the International Information Systems Security Certification Consortium (ISC)2 . \u003ci\u003eCISSP All-in-One Exam Guide, Ninth Edition\u003c\/i\u003e features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations. Written by leading experts in information security certification and training, this completely up-to-date self-study system helps you pass the exam with ease and also serves as an essential on-the-job reference.\u003c\/p\u003e\u003cp\u003eCovers all 8 CISSP domains:\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eSecurity and risk management\u003c\/li\u003e\n\u003cli\u003eAsset security\u003c\/li\u003e\n\u003cli\u003eSecurity architecture and engineering\u003c\/li\u003e\n\u003cli\u003eCommunication and network security\u003c\/li\u003e\n\u003cli\u003eIdentity and access ma\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866492776791,"sku":"9781260467376","price":45.89,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781260467376.jpg?v=1722278917"},{"product_id":"csslp-certified-secure-software-lifecycle-professional-allinone-exam-guide-third-edition-9781264258208","title":"CSSLP Certified Secure Software Lifecycle","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eProviding 100% coverage of the latest CSSLP exam, this self-study guide offers everything you need to ace the exam\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eGet complete coverage of all the material included on the Certified Secure Software Lifecycle Professional exam.\u003ci\u003e CSSLP Certified Secure Software Lifecycle Professional All-in-One Exam Guide, Third Edition\u003c\/i\u003e covers all eight exam domains developed by the International Information Systems Security Certification Consortium (ISC)2 . Youâll find learning objectives at the beginning of each chapter, exam tips, and practice questions with explanations. Designed to help you pass the exam with ease, this definitive resource also serves as an essential on-the-job reference.\u003c\/p\u003e\u003cp\u003eCovers all eight exam domains:\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eSecure Software Concepts\u003c\/li\u003e\n\u003cli\u003eSecure Software Requirements\u003c\/li\u003e\n\u003cli\u003eSecure Software Architecture and Design\u003c\/li\u003e\n\u003cli\u003eSecure Software Implementation\u003c\/li\u003e\n\u003cli\u003eSecure Software Testing\u003c\/li\u003e\n\u003cli\u003eSecure Software Lifecycle Management\u003c\/li\u003e\n\u003cli\u003eSecure Soft\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866496577879,"sku":"9781264258208","price":43.19,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781264258208.jpg?v=1722278936"},{"product_id":"cism-certified-information-security-manager-allinone-exam-guide-second-edition-9781264268313","title":"CISM Certified Information Security Manager","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eProvides 100% coverage of every objective on the 2022 CISM exam\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eThis integrated self-study guide enables you to take the 2022 version of the challenging CISM exam with complete confidence. Written by an expert in the field, the book offers exam-focused coverage of information security governance, information risk management, information security program development and management, and information security incident management.\u003c\/p\u003e\u003cp\u003e\u003ci\u003eCISM Certified Information Security Manager All-in-One Exam Guide, Second Edition\u003c\/i\u003e features learning objectives, exam tips, practice questions, and in-depth explanations. All questions closely match those on the live test in tone, format, and content. Special design elements throughout provide real-world insight and call out potentially harmful situations. Beyond fully preparing you for the exam, the book also serves as a valuable on-the-job reference.\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eFeatures complete coverage of all 2022 CISM exam domains\u003c\/li\u003e\n\u003cli\u003eOnline co\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866497462615,"sku":"9781264268313","price":38.24,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781264268313.jpg?v=1722278940"},{"product_id":"comptia-pentest-certification-allinone-exam-guide-second-edition-exam-pt0002-9781264274895","title":"CompTIA PenTest Certification AllinOne Exam Guide","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eThis fully-updated guide delivers complete coverage of every topic on the current version of the CompTIA PenTest+ certification exam.\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eGet complete coverage of all the objectives included on the CompTIA PenTest+ certification exam PT0-002 from this comprehensive resource. Written by expert penetration testers, the book provides learning objectives at the beginning of each chapter, hands-on exercises, exam tips, and practice questions with in-depth explanations. Designed to help you pass the exam with ease, this definitive volume also serves as an essential on-the-job reference.\u003c\/p\u003e\u003cp\u003eCovers all exam topics, including:\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003ePlanning and engagement\u003c\/li\u003e\n\u003cli\u003eInformation gathering\u003c\/li\u003e\n\u003cli\u003eVulnerability scanning\u003c\/li\u003e\n\u003cli\u003eNetwork-based attacks\u003c\/li\u003e\n\u003cli\u003eWireless and radio frequency attacks\u003c\/li\u003e\n\u003cli\u003eWeb and database attacks\u003c\/li\u003e\n\u003cli\u003eCloud attacks\u003c\/li\u003e\n\u003cli\u003eSpecialized and fragile systems\u003c\/li\u003e\n\u003cli\u003eSocial Engineering and physical attacks\u003c\/li\u003e\n\u003cli\u003ePost-exploitation tools and technique\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866498412887,"sku":"9781264274895","price":36.79,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781264274895.jpg?v=1722278948"},{"product_id":"cism-certified-information-security-manager-practice-exams-second-edition-9781264693740","title":"CISM Certified Information Security Manager","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cb\u003eUp-to-date practice questions that cover every topic on the 2022 version of the CISM exam\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003eTake the current version of the challenging CISM exam with complete confidence using the detailed information contained in this fully updated self-study guide. Written by an expert in the field, the book features hundreds of practice exam questions that match those on the live test in content, format, tone, and feel. In-depth answer explanations are provided for both the correct and incorrect answer choices. \u003cbr\u003e\u003cbr\u003e\u003ci\u003eCISM Certified Information Security Manager Practice Exams, Second Edition\u003c\/i\u003e supplements the \u003ci\u003eCISM All-in-One Exam Guide\u003c\/i\u003e and completely covers every objective of the 2022 exam release. In total, the book contains more than 300 realistic practice questions.\u003cbr\u003e\u003cbr\u003eâ\u003cspan\u003e  \u003c\/span\u003eOffers 100% coverage of all four CISM exam domains\u003cbr\u003eâ\u003cspan\u003e  \u003c\/span\u003eOnline content includes access to an additional 150 practice questions in the TotalTester","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866500804951,"sku":"9781264693740","price":28.79,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781264693740.jpg?v=1722278953"},{"product_id":"ccsp-certified-cloud-security-professional-allinone-exam-guide-third-edition-9781264842209","title":"CCSP Certified Cloud Security Professional","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eThis fully updated self-study guide delivers 100% coverage of all topics on the current version of the CCSP exam\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eThoroughly revised for the 2022 edition of the exam, this highly effective test preparation guide covers all six domains within the CCSP Body of Knowledge. The book offers clear explanations of every subject on the CCSP exam and features accurate practice questions and real-world examples. New, updated, or expanded coverage includes cloud data security, DevOps security, mobile computing, threat modeling paradigms, regulatory and legal frameworks, and best practices and standards.\u003c\/p\u003e\u003cp\u003eWritten by a respected computer security expert,\u003ci\u003e CCSP Certified Cloud Security Professional All-in-One Exam Guide, Third Edition\u003c\/i\u003e is both a powerful study tool and a valuable reference that will serve professionals long after the test. To aid in self-study, each chapter includes exam tips that highlight key information, a summary that serves as a quick review of salient p\u003c\/p\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866501132631,"sku":"9781264842209","price":35.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781264842209.jpg?v=1722278954"},{"product_id":"cc-certified-in-cybersecurity-allinone-exam-guide-9781265203818","title":"CC Certified in Cybersecurity AllinOne Exam Guide","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eThis new self-study system delivers complete coverage of every topic on the Certified in Cybersecurity exam\u003c\/b\u003e\u003c\/p\u003e\u003cp\u003eTake the Certified in Cybersecurity exam from (ISC)2 with confidence using the information contained in this comprehensive study guide. Written by a pair of cybersecurity experts and successful trainers, \u003ci\u003eCC Certified in Cybersecurity All-in-One Exam Guide\u003c\/i\u003e offers background material, detailed examples, and over 200 practice questions. Each exam domain is presented with information corresponding to the (ISC)2 certification exam outline. Using the trusted âœAll-in-Oneâ format, the book reviews every topic on the test and presents foundational knowledge and skills important for an entry-level cybersecurity role. You will get explanations and technical details on core concepts as well as stories, discussions, and anecdotes from real-world cybersecurity experts.\u003c\/p\u003e\u003cp\u003eCoverage includes:\u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eSecurity Principles\u003c\/li\u003e\n\u003cli\u003eBusiness Continuity (BC), Disaster Rec\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"McGraw-Hill Education","offers":[{"title":"Default Title","offer_id":48866502934871,"sku":"9781265203818","price":33.74,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781265203818.jpg?v=1722278963"},{"product_id":"comptia-security-study-guide-with-over-500-practice-test-questions-9781394211418","title":"CompTIA Security Study Guide with over 500","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eIntroduction xxxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Today’s Security Professional 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCybersecurity Objectives 2\u003c\/p\u003e \u003cp\u003eData Breach Risks 3\u003c\/p\u003e \u003cp\u003eThe DAD Triad 4\u003c\/p\u003e \u003cp\u003eBreach Impact 5\u003c\/p\u003e \u003cp\u003eImplementing Security Controls 7\u003c\/p\u003e \u003cp\u003eGap Analysis 7\u003c\/p\u003e \u003cp\u003eSecurity Control Categories 8\u003c\/p\u003e \u003cp\u003eSecurity Control Types 9\u003c\/p\u003e \u003cp\u003eData Protection 10\u003c\/p\u003e \u003cp\u003eData Encryption 11\u003c\/p\u003e \u003cp\u003eData Loss Prevention 11\u003c\/p\u003e \u003cp\u003eData Minimization 12\u003c\/p\u003e \u003cp\u003eAccess Restrictions 13\u003c\/p\u003e \u003cp\u003eSegmentation and Isolation 13\u003c\/p\u003e \u003cp\u003eSummary 13\u003c\/p\u003e \u003cp\u003eExam Essentials 14\u003c\/p\u003e \u003cp\u003eReview Questions 16\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Cybersecurity Threat Landscape 21\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExploring Cybersecurity Threats 23\u003c\/p\u003e \u003cp\u003eClassifying Cybersecurity Threats 23\u003c\/p\u003e \u003cp\u003eThreat Actors 25\u003c\/p\u003e \u003cp\u003eAttacker Motivations 31\u003c\/p\u003e \u003cp\u003eThreat Vectors and Attack Surfaces 32\u003c\/p\u003e \u003cp\u003eThreat Data and Intelligence 35\u003c\/p\u003e \u003cp\u003eOpen Source Intelligence 35\u003c\/p\u003e \u003cp\u003eProprietary and Closed- Source Intelligence 38\u003c\/p\u003e \u003cp\u003eAssessing Threat Intelligence 39\u003c\/p\u003e \u003cp\u003eThreat Indicator Management and Exchange 40\u003c\/p\u003e \u003cp\u003eInformation Sharing Organizations 41\u003c\/p\u003e \u003cp\u003eConducting Your Own Research 42\u003c\/p\u003e \u003cp\u003eSummary 42\u003c\/p\u003e \u003cp\u003eExam Essentials 43\u003c\/p\u003e \u003cp\u003eReview Questions 45\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Malicious Code 49\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eMalware 50\u003c\/p\u003e \u003cp\u003eRansomware 51\u003c\/p\u003e \u003cp\u003eTrojans 52\u003c\/p\u003e \u003cp\u003eWorms 54\u003c\/p\u003e \u003cp\u003eSpyware 55\u003c\/p\u003e \u003cp\u003eBloatware 56\u003c\/p\u003e \u003cp\u003eViruses 57\u003c\/p\u003e \u003cp\u003eKeyloggers 59\u003c\/p\u003e \u003cp\u003eLogic Bombs 60\u003c\/p\u003e \u003cp\u003eRootkits 60\u003c\/p\u003e \u003cp\u003eSummary 62\u003c\/p\u003e \u003cp\u003eExam Essentials 62\u003c\/p\u003e \u003cp\u003eReview Questions 64\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Social Engineering and Password Attacks 69\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSocial Engineering and Human Vectors 70\u003c\/p\u003e \u003cp\u003eSocial Engineering Techniques 71\u003c\/p\u003e \u003cp\u003ePassword Attacks 76\u003c\/p\u003e \u003cp\u003eSummary 78\u003c\/p\u003e \u003cp\u003eExam Essentials 78\u003c\/p\u003e \u003cp\u003eReview Questions 80\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Security Assessment and Testing 85\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eVulnerability Management 87\u003c\/p\u003e \u003cp\u003eIdentifying Scan Targets 87\u003c\/p\u003e \u003cp\u003eDetermining Scan Frequency 89\u003c\/p\u003e \u003cp\u003eConfiguring Vulnerability Scans 91\u003c\/p\u003e \u003cp\u003eScanner Maintenance 95\u003c\/p\u003e \u003cp\u003eVulnerability Scanning Tools 98\u003c\/p\u003e \u003cp\u003eReviewing and Interpreting Scan Reports 101\u003c\/p\u003e \u003cp\u003eConfirmation of Scan Results 111\u003c\/p\u003e \u003cp\u003eVulnerability Classification 112\u003c\/p\u003e \u003cp\u003ePatch Management 112\u003c\/p\u003e \u003cp\u003eLegacy Platforms 113\u003c\/p\u003e \u003cp\u003eWeak Configurations 115\u003c\/p\u003e \u003cp\u003eError Messages 115\u003c\/p\u003e \u003cp\u003eInsecure Protocols 116\u003c\/p\u003e \u003cp\u003eWeak Encryption 117\u003c\/p\u003e \u003cp\u003ePenetration Testing 118\u003c\/p\u003e \u003cp\u003eAdopting the Hacker Mindset 119\u003c\/p\u003e \u003cp\u003eReasons for Penetration Testing 120\u003c\/p\u003e \u003cp\u003eBenefits of Penetration Testing 120\u003c\/p\u003e \u003cp\u003ePenetration Test Types 121\u003c\/p\u003e \u003cp\u003eRules of Engagement 123\u003c\/p\u003e \u003cp\u003eReconnaissance 125\u003c\/p\u003e \u003cp\u003eRunning the Test 125\u003c\/p\u003e \u003cp\u003eCleaning Up 126\u003c\/p\u003e \u003cp\u003eAudits and Assessments 126\u003c\/p\u003e \u003cp\u003eSecurity Tests 127\u003c\/p\u003e \u003cp\u003eSecurity Assessments 128\u003c\/p\u003e \u003cp\u003eSecurity Audits 129\u003c\/p\u003e \u003cp\u003eVulnerability Life Cycle 131\u003c\/p\u003e \u003cp\u003eVulnerability Identification 131\u003c\/p\u003e \u003cp\u003eVulnerability Analysis 132\u003c\/p\u003e \u003cp\u003eVulnerability Response and Remediation 132\u003c\/p\u003e \u003cp\u003eValidation of Remediation 132\u003c\/p\u003e \u003cp\u003eReporting 133\u003c\/p\u003e \u003cp\u003eSummary 133\u003c\/p\u003e \u003cp\u003eExam Essentials 134\u003c\/p\u003e \u003cp\u003eReview Questions 136\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Application Security 141\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSoftware Assurance Best Practices 143\u003c\/p\u003e \u003cp\u003eThe Software Development Life Cycle 143\u003c\/p\u003e \u003cp\u003eSoftware Development Phases 144\u003c\/p\u003e \u003cp\u003eDevSecOps and DevOps 146\u003c\/p\u003e \u003cp\u003eDesigning and Coding for Security 147\u003c\/p\u003e \u003cp\u003eSecure Coding Practices 148\u003c\/p\u003e \u003cp\u003eAPI Security 149\u003c\/p\u003e \u003cp\u003eSoftware Security Testing 149\u003c\/p\u003e \u003cp\u003eAnalyzing and Testing Code 150\u003c\/p\u003e \u003cp\u003eInjection Vulnerabilities 151\u003c\/p\u003e \u003cp\u003eSQL Injection Attacks 151\u003c\/p\u003e \u003cp\u003eCode Injection Attacks 155\u003c\/p\u003e \u003cp\u003eCommand Injection Attacks 155\u003c\/p\u003e \u003cp\u003eExploiting Authentication Vulnerabilities 156\u003c\/p\u003e \u003cp\u003ePassword Authentication 156\u003c\/p\u003e \u003cp\u003eSession Attacks 157\u003c\/p\u003e \u003cp\u003eExploiting Authorization Vulnerabilities 160\u003c\/p\u003e \u003cp\u003eInsecure Direct Object References 161\u003c\/p\u003e \u003cp\u003eDirectory Traversal 161\u003c\/p\u003e \u003cp\u003eFile Inclusion 163\u003c\/p\u003e \u003cp\u003ePrivilege Escalation 163\u003c\/p\u003e \u003cp\u003eExploiting Web Application Vulnerabilities 164\u003c\/p\u003e \u003cp\u003eCross- Site Scripting (XSS) 164\u003c\/p\u003e \u003cp\u003eRequest Forgery 167\u003c\/p\u003e \u003cp\u003eApplication Security Controls 168\u003c\/p\u003e \u003cp\u003eInput Validation 168\u003c\/p\u003e \u003cp\u003eWeb Application Firewalls 170\u003c\/p\u003e \u003cp\u003eParameterized Queries 170\u003c\/p\u003e \u003cp\u003eSandboxing 171\u003c\/p\u003e \u003cp\u003eCode Security 171\u003c\/p\u003e \u003cp\u003eSecure Coding Practices 173\u003c\/p\u003e \u003cp\u003eSource Code Comments 174\u003c\/p\u003e \u003cp\u003eError Handling 174\u003c\/p\u003e \u003cp\u003eHard- Coded Credentials 175\u003c\/p\u003e \u003cp\u003ePackage Monitoring 175\u003c\/p\u003e \u003cp\u003eMemory Management 176\u003c\/p\u003e \u003cp\u003eRace Conditions 177\u003c\/p\u003e \u003cp\u003eUnprotected APIs 178\u003c\/p\u003e \u003cp\u003eAutomation and Orchestration 178\u003c\/p\u003e \u003cp\u003eUse Cases of Automation and Scripting 179\u003c\/p\u003e \u003cp\u003eBenefits of Automation and Scripting 179\u003c\/p\u003e \u003cp\u003eOther Considerations 180\u003c\/p\u003e \u003cp\u003eSummary 181\u003c\/p\u003e \u003cp\u003eExam Essentials 181\u003c\/p\u003e \u003cp\u003eReview Questions 183\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Cryptography and the PKI 189\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAn Overview of Cryptography 190\u003c\/p\u003e \u003cp\u003eHistorical Cryptography 191\u003c\/p\u003e \u003cp\u003eGoals of Cryptography 196\u003c\/p\u003e \u003cp\u003eConfidentiality 197\u003c\/p\u003e \u003cp\u003eIntegrity 199\u003c\/p\u003e \u003cp\u003eAuthentication 200\u003c\/p\u003e \u003cp\u003eNon-repudiation 200\u003c\/p\u003e \u003cp\u003eCryptographic Concepts 200\u003c\/p\u003e \u003cp\u003eCryptographic Keys 201\u003c\/p\u003e \u003cp\u003eCiphers 202\u003c\/p\u003e \u003cp\u003eModern Cryptography 202\u003c\/p\u003e \u003cp\u003eCryptographic Secrecy 202\u003c\/p\u003e \u003cp\u003eSymmetric Key Algorithms 204\u003c\/p\u003e \u003cp\u003eAsymmetric Key Algorithms 205\u003c\/p\u003e \u003cp\u003eHashing Algorithms 208\u003c\/p\u003e \u003cp\u003eSymmetric Cryptography 208\u003c\/p\u003e \u003cp\u003eData Encryption Standard 208\u003c\/p\u003e \u003cp\u003eAdvanced Encryption Standard 209\u003c\/p\u003e \u003cp\u003eSymmetric Key Management 209\u003c\/p\u003e \u003cp\u003eAsymmetric Cryptography 211\u003c\/p\u003e \u003cp\u003eRSA 212\u003c\/p\u003e \u003cp\u003eElliptic Curve 213\u003c\/p\u003e \u003cp\u003eHash Functions 214\u003c\/p\u003e \u003cp\u003eSha 215\u003c\/p\u003e \u003cp\u003emd 5 216\u003c\/p\u003e \u003cp\u003eDigital Signatures 216\u003c\/p\u003e \u003cp\u003eHMAC 217\u003c\/p\u003e \u003cp\u003ePublic Key Infrastructure 218\u003c\/p\u003e \u003cp\u003eCertificates 218\u003c\/p\u003e \u003cp\u003eCertificate Authorities 219\u003c\/p\u003e \u003cp\u003eCertificate Generation and Destruction 220\u003c\/p\u003e \u003cp\u003eCertificate Formats 223\u003c\/p\u003e \u003cp\u003eAsymmetric Key Management 224\u003c\/p\u003e \u003cp\u003eCryptographic Attacks 225\u003c\/p\u003e \u003cp\u003eBrute Force 225\u003c\/p\u003e \u003cp\u003eFrequency Analysis 225\u003c\/p\u003e \u003cp\u003eKnown Plain Text 226\u003c\/p\u003e \u003cp\u003eChosen Plain Text 226\u003c\/p\u003e \u003cp\u003eRelated Key Attack 226\u003c\/p\u003e \u003cp\u003eBirthday Attack 226\u003c\/p\u003e \u003cp\u003eDowngrade Attack 227\u003c\/p\u003e \u003cp\u003eHashing, Salting, and Key Stretching 227\u003c\/p\u003e \u003cp\u003eExploiting Weak Keys 228\u003c\/p\u003e \u003cp\u003eExploiting Human Error 228\u003c\/p\u003e \u003cp\u003eEmerging Issues in Cryptography 229\u003c\/p\u003e \u003cp\u003eTor and the Dark Web 229\u003c\/p\u003e \u003cp\u003eBlockchain 229\u003c\/p\u003e \u003cp\u003eLightweight Cryptography 230\u003c\/p\u003e \u003cp\u003eHomomorphic Encryption 230\u003c\/p\u003e \u003cp\u003eQuantum Computing 230\u003c\/p\u003e \u003cp\u003eSummary 231\u003c\/p\u003e \u003cp\u003eExam Essentials 231\u003c\/p\u003e \u003cp\u003eReview Questions 233\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Identity and Access Management 237\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIdentity 239\u003c\/p\u003e \u003cp\u003eAuthentication and Authorization 240\u003c\/p\u003e \u003cp\u003eAuthentication and Authorization Technologies 241\u003c\/p\u003e \u003cp\u003eAuthentication Methods 246\u003c\/p\u003e \u003cp\u003ePasswords 247\u003c\/p\u003e \u003cp\u003eMultifactor Authentication 251\u003c\/p\u003e \u003cp\u003eOne- Time Passwords 252\u003c\/p\u003e \u003cp\u003eBiometrics 254\u003c\/p\u003e \u003cp\u003eAccounts 256\u003c\/p\u003e \u003cp\u003eAccount Types 256\u003c\/p\u003e \u003cp\u003eProvisioning and Deprovisioning Accounts 257\u003c\/p\u003e \u003cp\u003eAccess Control Schemes 259\u003c\/p\u003e \u003cp\u003eFilesystem Permissions 260\u003c\/p\u003e \u003cp\u003eSummary 262\u003c\/p\u003e \u003cp\u003eExam Essentials 262\u003c\/p\u003e \u003cp\u003eReview Questions 264\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Resilience and Physical Security 269\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eResilience and Recovery in Security Architectures 271\u003c\/p\u003e \u003cp\u003eArchitectural Considerations and Security 273\u003c\/p\u003e \u003cp\u003eStorage Resiliency 274\u003c\/p\u003e \u003cp\u003eResponse and Recovery Controls 280\u003c\/p\u003e \u003cp\u003eCapacity Planning for Resilience and Recovery 283\u003c\/p\u003e \u003cp\u003eTesting Resilience and Recovery Controls and Designs 284\u003c\/p\u003e \u003cp\u003ePhysical Security Controls 285\u003c\/p\u003e \u003cp\u003eSite Security 285\u003c\/p\u003e \u003cp\u003eDetecting Physical Attacks 291\u003c\/p\u003e \u003cp\u003eSummary 291\u003c\/p\u003e \u003cp\u003eExam Essentials 292\u003c\/p\u003e \u003cp\u003eReview Questions 294\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Cloud and Virtualization Security 299\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExploring the Cloud 300\u003c\/p\u003e \u003cp\u003eBenefits of the Cloud 301\u003c\/p\u003e \u003cp\u003eCloud Roles 303\u003c\/p\u003e \u003cp\u003eCloud Service Models 303\u003c\/p\u003e \u003cp\u003eCloud Deployment Models 307\u003c\/p\u003e \u003cp\u003ePrivate Cloud 307\u003c\/p\u003e \u003cp\u003eShared Responsibility Model 309\u003c\/p\u003e \u003cp\u003eCloud Standards and Guidelines 312\u003c\/p\u003e \u003cp\u003eVirtualization 314\u003c\/p\u003e \u003cp\u003eHypervisors 314\u003c\/p\u003e \u003cp\u003eCloud Infrastructure Components 316\u003c\/p\u003e \u003cp\u003eCloud Compute Resources 316\u003c\/p\u003e \u003cp\u003eCloud Storage Resources 319\u003c\/p\u003e \u003cp\u003eCloud Networking 322\u003c\/p\u003e \u003cp\u003eCloud Security Issues 325\u003c\/p\u003e \u003cp\u003eAvailability 325\u003c\/p\u003e \u003cp\u003eData Sovereignty 326\u003c\/p\u003e \u003cp\u003eVirtualization Security 327\u003c\/p\u003e \u003cp\u003eApplication Security 327\u003c\/p\u003e \u003cp\u003eGovernance and Auditing of Third- Party Vendors 328\u003c\/p\u003e \u003cp\u003eHardening Cloud Infrastructure 328\u003c\/p\u003e \u003cp\u003eCloud Access Security Brokers 328\u003c\/p\u003e \u003cp\u003eResource Policies 329\u003c\/p\u003e \u003cp\u003eSecrets Management 330\u003c\/p\u003e \u003cp\u003eSummary 331\u003c\/p\u003e \u003cp\u003eExam Essentials 331\u003c\/p\u003e \u003cp\u003eReview Questions 333\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 11 Endpoint Security 337\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOperating System Vulnerabilities 339\u003c\/p\u003e \u003cp\u003eHardware Vulnerabilities 340\u003c\/p\u003e \u003cp\u003eProtecting Endpoints 341\u003c\/p\u003e \u003cp\u003ePreserving Boot Integrity 342\u003c\/p\u003e \u003cp\u003eEndpoint Security Tools 344\u003c\/p\u003e \u003cp\u003eHardening Techniques 350\u003c\/p\u003e \u003cp\u003eHardening 350\u003c\/p\u003e \u003cp\u003eService Hardening 350\u003c\/p\u003e \u003cp\u003eNetwork Hardening 352\u003c\/p\u003e \u003cp\u003eDefault Passwords 352\u003c\/p\u003e \u003cp\u003eRemoving Unnecessary Software 353\u003c\/p\u003e \u003cp\u003eOperating System Hardening 353\u003c\/p\u003e \u003cp\u003eConfiguration, Standards, and Schemas 356\u003c\/p\u003e \u003cp\u003eEncryption 357\u003c\/p\u003e \u003cp\u003eSecuring Embedded and Specialized Systems 358\u003c\/p\u003e \u003cp\u003eEmbedded Systems 358\u003c\/p\u003e \u003cp\u003eSCADA and ICS 361\u003c\/p\u003e \u003cp\u003eSecuring the Internet of Things 362\u003c\/p\u003e \u003cp\u003eCommunication Considerations 363\u003c\/p\u003e \u003cp\u003eSecurity Constraints of Embedded Systems 364\u003c\/p\u003e \u003cp\u003eAsset Management 365\u003c\/p\u003e \u003cp\u003eSummary 368\u003c\/p\u003e \u003cp\u003eExam Essentials 369\u003c\/p\u003e \u003cp\u003eReview Questions 371\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 12 Network Security 375\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDesigning Secure Networks 377\u003c\/p\u003e \u003cp\u003eInfrastructure Considerations 380\u003c\/p\u003e \u003cp\u003eNetwork Design Concepts 380\u003c\/p\u003e \u003cp\u003eNetwork Segmentation 383\u003c\/p\u003e \u003cp\u003eZero Trust 385\u003c\/p\u003e \u003cp\u003eNetwork Access Control 387\u003c\/p\u003e \u003cp\u003ePort Security and Port- Level Protections 388\u003c\/p\u003e \u003cp\u003eVirtual Private Networks and Remote Access 390\u003c\/p\u003e \u003cp\u003eNetwork Appliances and Security Tools 392\u003c\/p\u003e \u003cp\u003eDeception and Disruption Technology 399\u003c\/p\u003e \u003cp\u003eNetwork Security, Services, and Management 400\u003c\/p\u003e \u003cp\u003eSecure Protocols 406\u003c\/p\u003e \u003cp\u003eUsing Secure Protocols 406\u003c\/p\u003e \u003cp\u003eSecure Protocols 407\u003c\/p\u003e \u003cp\u003eNetwork Attacks 410\u003c\/p\u003e \u003cp\u003eOn- Path Attacks 411\u003c\/p\u003e \u003cp\u003eDomain Name System Attacks 412\u003c\/p\u003e \u003cp\u003eCredential Replay Attacks 414\u003c\/p\u003e \u003cp\u003eMalicious Code 415\u003c\/p\u003e \u003cp\u003eDistributed Denial- of- Service Attacks 415\u003c\/p\u003e \u003cp\u003eSummary 418\u003c\/p\u003e \u003cp\u003eExam Essentials 419\u003c\/p\u003e \u003cp\u003eReview Questions 421\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 13 Wireless and Mobile Security 425\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBuilding Secure Wireless Networks 426\u003c\/p\u003e \u003cp\u003eConnection Methods 427\u003c\/p\u003e \u003cp\u003eWireless Network Models 431\u003c\/p\u003e \u003cp\u003eAttacks Against Wireless Networks and Devices 432\u003c\/p\u003e \u003cp\u003eDesigning a Network 435\u003c\/p\u003e \u003cp\u003eController and Access Point Security 438\u003c\/p\u003e \u003cp\u003eWi- Fi Security Standards 438\u003c\/p\u003e \u003cp\u003eWireless Authentication 440\u003c\/p\u003e \u003cp\u003eManaging Secure Mobile Devices 442\u003c\/p\u003e \u003cp\u003eMobile Device Deployment Methods 442\u003c\/p\u003e \u003cp\u003eHardening Mobile Devices 444\u003c\/p\u003e \u003cp\u003eMobile Device Management 444\u003c\/p\u003e \u003cp\u003eSummary 448\u003c\/p\u003e \u003cp\u003eExam Essentials 449\u003c\/p\u003e \u003cp\u003eReview Questions 450\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 14 Monitoring and Incident Response 455\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIncident Response 457\u003c\/p\u003e \u003cp\u003eThe Incident Response Process 458\u003c\/p\u003e \u003cp\u003eTraining 462\u003c\/p\u003e \u003cp\u003eThreat Hunting 463\u003c\/p\u003e \u003cp\u003eUnderstanding Attacks and Incidents 464\u003c\/p\u003e \u003cp\u003eIncident Response Data and Tools 466\u003c\/p\u003e \u003cp\u003eMonitoring Computing Resources 466\u003c\/p\u003e \u003cp\u003eSecurity Information and Event Management Systems 466\u003c\/p\u003e \u003cp\u003eAlerts and Alarms 469\u003c\/p\u003e \u003cp\u003eLog Aggregation, Correlation, and Analysis 470\u003c\/p\u003e \u003cp\u003eRules 471\u003c\/p\u003e \u003cp\u003eBenchmarks and Logging 478\u003c\/p\u003e \u003cp\u003eReporting and Archiving 478\u003c\/p\u003e \u003cp\u003eMitigation and Recovery 479\u003c\/p\u003e \u003cp\u003eSecure Orchestration, Automation, and Response (SOAR) 479\u003c\/p\u003e \u003cp\u003eContainment, Mitigation, and Recovery Techniques 479\u003c\/p\u003e \u003cp\u003eRoot Cause Analysis 482\u003c\/p\u003e \u003cp\u003eSummary 483\u003c\/p\u003e \u003cp\u003eExam Essentials 484\u003c\/p\u003e \u003cp\u003eReview Questions 485\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 15 Digital Forensics 489\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDigital Forensic Concepts 490\u003c\/p\u003e \u003cp\u003eLegal Holds and e- Discovery 491\u003c\/p\u003e \u003cp\u003eConducting Digital Forensics 493\u003c\/p\u003e \u003cp\u003eAcquiring Forensic Data 493\u003c\/p\u003e \u003cp\u003eAcquisition Tools 497\u003c\/p\u003e \u003cp\u003eValidating Forensic Data Integrity 500\u003c\/p\u003e \u003cp\u003eData Recovery 502\u003c\/p\u003e \u003cp\u003eForensic Suites and a Forensic Case Example 503\u003c\/p\u003e \u003cp\u003eReporting 507\u003c\/p\u003e \u003cp\u003eDigital Forensics and Intelligence 508\u003c\/p\u003e \u003cp\u003eSummary 508\u003c\/p\u003e \u003cp\u003eExam Essentials 509\u003c\/p\u003e \u003cp\u003eReview Questions 511\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 16 Security Governance and Compliance 515\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSecurity Governance 518\u003c\/p\u003e \u003cp\u003eCorporate Governance 518\u003c\/p\u003e \u003cp\u003eGovernance, Risk, and Compliance Programs 520\u003c\/p\u003e \u003cp\u003eInformation Security Governance 520\u003c\/p\u003e \u003cp\u003eTypes of Governance Structures 521\u003c\/p\u003e \u003cp\u003eUnderstanding Policy Documents 521\u003c\/p\u003e \u003cp\u003ePolicies 522\u003c\/p\u003e \u003cp\u003eStandards 524\u003c\/p\u003e \u003cp\u003eProcedures 526\u003c\/p\u003e \u003cp\u003eGuidelines 528\u003c\/p\u003e \u003cp\u003eExceptions and Compensating Controls 529\u003c\/p\u003e \u003cp\u003eMonitoring and Revision 530\u003c\/p\u003e \u003cp\u003eChange Management 531\u003c\/p\u003e \u003cp\u003eChange Management Processes and Controls 532\u003c\/p\u003e \u003cp\u003eVersion Control 534\u003c\/p\u003e \u003cp\u003eDocumentation 535\u003c\/p\u003e \u003cp\u003ePersonnel Management 535\u003c\/p\u003e \u003cp\u003eLeast Privilege 535\u003c\/p\u003e \u003cp\u003eSeparation of Duties 535\u003c\/p\u003e \u003cp\u003eJob Rotation and Mandatory Vacations 536\u003c\/p\u003e \u003cp\u003eClean Desk Space 536\u003c\/p\u003e \u003cp\u003eOnboarding and Offboarding 536\u003c\/p\u003e \u003cp\u003eNondisclosure Agreements 537\u003c\/p\u003e \u003cp\u003eSocial Media 537\u003c\/p\u003e \u003cp\u003eThird- Party Risk Management 537\u003c\/p\u003e \u003cp\u003eVendor Selection 537\u003c\/p\u003e \u003cp\u003eVendor Assessment 538\u003c\/p\u003e \u003cp\u003eVendor Agreements 538\u003c\/p\u003e \u003cp\u003eVendor Monitoring 539\u003c\/p\u003e \u003cp\u003eWinding Down Vendor Relationships 540\u003c\/p\u003e \u003cp\u003eComplying with Laws and Regulations 540\u003c\/p\u003e \u003cp\u003eCommon Compliance Requirements 541\u003c\/p\u003e \u003cp\u003eCompliance Reporting 541\u003c\/p\u003e \u003cp\u003eConsequences of Noncompliance 542\u003c\/p\u003e \u003cp\u003eCompliance Monitoring 543\u003c\/p\u003e \u003cp\u003eAdopting Standard Frameworks 543\u003c\/p\u003e \u003cp\u003eNIST Cybersecurity Framework 544\u003c\/p\u003e \u003cp\u003eNIST Risk Management Framework 546\u003c\/p\u003e \u003cp\u003eISO Standards 547\u003c\/p\u003e \u003cp\u003eBenchmarks and Secure Configuration Guides 549\u003c\/p\u003e \u003cp\u003eSecurity Awareness and Training 550\u003c\/p\u003e \u003cp\u003eUser Training 551\u003c\/p\u003e \u003cp\u003eOngoing Awareness Efforts 553\u003c\/p\u003e \u003cp\u003eSummary 554\u003c\/p\u003e \u003cp\u003eExam Essentials 555\u003c\/p\u003e \u003cp\u003eReview Questions 557\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 17 Risk Management and Privacy 561\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAnalyzing Risk 563\u003c\/p\u003e \u003cp\u003eRisk Identification 564\u003c\/p\u003e \u003cp\u003eRisk Assessment 565\u003c\/p\u003e \u003cp\u003eRisk Analysis 567\u003c\/p\u003e \u003cp\u003eManaging Risk 570\u003c\/p\u003e \u003cp\u003eRisk Mitigation 571\u003c\/p\u003e \u003cp\u003eRisk Avoidance 572\u003c\/p\u003e \u003cp\u003eRisk Transference 572\u003c\/p\u003e \u003cp\u003eRisk Acceptance 573\u003c\/p\u003e \u003cp\u003eRisk Tracking 574\u003c\/p\u003e \u003cp\u003eRisk Register 575\u003c\/p\u003e \u003cp\u003eRisk Reporting 576\u003c\/p\u003e \u003cp\u003eDisaster Recovery Planning 577\u003c\/p\u003e \u003cp\u003eDisaster Types 577\u003c\/p\u003e \u003cp\u003eBusiness Impact Analysis 578\u003c\/p\u003e \u003cp\u003ePrivacy 578\u003c\/p\u003e \u003cp\u003eData Inventory 579\u003c\/p\u003e \u003cp\u003eInformation Classification 580\u003c\/p\u003e \u003cp\u003eData Roles and Responsibilities 581\u003c\/p\u003e \u003cp\u003eInformation Life Cycle 583\u003c\/p\u003e \u003cp\u003ePrivacy Enhancing Technologies 584\u003c\/p\u003e \u003cp\u003ePrivacy and Data Breach Notification 585\u003c\/p\u003e \u003cp\u003eSummary 585\u003c\/p\u003e \u003cp\u003eExam Essentials 585\u003c\/p\u003e \u003cp\u003eReview Questions 587\u003c\/p\u003e \u003cp\u003eAppendix Answers to Review Questions 591\u003c\/p\u003e \u003cp\u003eChapter 1: Today’s Security Professional 592\u003c\/p\u003e \u003cp\u003eChapter 2: Cybersecurity Threat Landscape 593\u003c\/p\u003e \u003cp\u003eChapter 3: Malicious Code 595\u003c\/p\u003e \u003cp\u003eChapter 4: Social Engineering and Password Attacks 597\u003c\/p\u003e \u003cp\u003eChapter 5: Security Assessment and Testing 600\u003c\/p\u003e \u003cp\u003eChapter 6: Application Security 602\u003c\/p\u003e \u003cp\u003eChapter 7: Cryptography and the PKI 604\u003c\/p\u003e \u003cp\u003eChapter 8: Identity and Access Management 605\u003c\/p\u003e \u003cp\u003eChapter 9: Resilience and Physical Security 607\u003c\/p\u003e \u003cp\u003eChapter 10: Cloud and Virtualization Security 609\u003c\/p\u003e \u003cp\u003eChapter 11: Endpoint Security 611\u003c\/p\u003e \u003cp\u003eChapter 12: Network Security 614\u003c\/p\u003e \u003cp\u003eChapter 13: Wireless and Mobile Security 616\u003c\/p\u003e \u003cp\u003eChapter 14: Monitoring and Incident Response 619\u003c\/p\u003e \u003cp\u003eChapter 15: Digital Forensics 621\u003c\/p\u003e \u003cp\u003eChapter 16: Security Governance and Compliance 623\u003c\/p\u003e \u003cp\u003eChapter 17: Risk Management and Privacy 626\u003c\/p\u003e \u003cp\u003eIndex 629\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866618900823,"sku":"9781394211418","price":34.0,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781394211418.jpg?v=1722279488"},{"product_id":"people-hacker-9781398519015","title":"People Hacker","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cb\u003e'This is a rip-roaring read, full of derring-do and sometimes comic, often foolhardy bravery. [Jenny] sounds an absolute hoot, and her book is never anything less' – \u003ci\u003eDaily Mail\u003c\/i\u003e\u003cbr\u003e\u003cbr\u003e ‘A fascinating and quirky take on how easily we can be hoodwinked and hacked. Next time you hear anyone complain about the cost of cyber-protection, hand them a copy of People Hacker. It could save them a fortune’ – \u003ci\u003eThe Times\u003c\/i\u003e\u003cbr\u003e\u003cbr\u003e -------\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e\u003cb\u003e'From an early age, locked doors, high fences and the secrets kept by businesses, buildings and people, fascinated me. I wanted to find out what they wanted to hide away.'\u003c\/b\u003e\u003cbr\u003e\u003cbr\u003e A burglar for hire, con-artist and expert in deception and physical infiltration – Jenny Radcliffe is a professional people hacker. After being schooled in the art of breaking and entering by her family, she became an expert social engineer, doing an insider’s job \u003cbr\u003e\u003cbr\u003e\u003cb\u003eTrade Review\u003c\/b\u003e\u003cbr\u003e'This is \u003cb\u003ea rip-roaring read\u003c\/b\u003e, full of derring-do and sometimes comic, often foolhardy bravery. [Jenny] sounds an absolute hoot, and her book is never anything less' * Daily Mail *\u003cbr\u003e‘A \u003cb\u003efascinating\u003c\/b\u003e and quirky take on how easily we can be hoodwinked and hacked. Next time you hear anyone complain about the cost of cyber-protection, hand them a copy of \u003ci\u003ePeople Hacker.\u003c\/i\u003e It could save them a fortune’ * The Times *","brand":"Simon \u0026 Schuster Ltd","offers":[{"title":"Default Title","offer_id":48866633646423,"sku":"9781398519015","price":999.99,"currency_code":"GBP","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781398519015.jpg?v=1722279561"},{"product_id":"effective-monitoring-and-alerting-9781449333522","title":"Effective Monitoring and Alerting","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eThe book describes data-driven approach to optimal monitoring and alerting in distributed computer systems. It interprets monitoring as a continuous process aimed at extraction of meaning from system's data. The resulting wisdom drives effective maintenance and fast recovery - the bread and butter of web operations.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48867116482903,"sku":"9781449333522","price":15.75,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781449333522.jpg?v=1722281766"},{"product_id":"rational-cybersecurity-for-business-9781484259511","title":"Rational Cybersecurity for Business","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003eUse the guidance in this comprehensive field guide to gain the support of your top executives for aligning a rational cybersecurity plan with your business. You will learn how to improve working relationships with stakeholders in complex digital businesses, IT, and development environments. You will know how to prioritize your security program, and motivate and retain your team.\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eMisalignment between security and your business can start at the top at the C-suite or happen at the line of business, IT, development, or user level. It has a corrosive effect on any security project it touches. But it does not have to be like this. \u003c\/p\u003e\u003cp\u003eAuthor Dan Blum presents valuable lessons learned from interviews with over 70 security and business leaders. You will discover how to successfully solve issues related to: risk management, operational security, privacy protection, hybrid cloud management, security culture and user awareness, and communication challenges.\u003cbr\u003e\u003c\/p\u003e\u003cdiv\u003eThis o\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eIntroduction\u003c\/b\u003e \u003c\/p\u003e \u003cp\u003eExplain the book’s focus, audience, organization, and contents.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1: Rationalize Cybersecurity for your Business Landscape\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDescribes the six cybersecurity priority focus areas.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2: Identify and Empower Security-Related Roles\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExplains how the people in the business each contribute to the secure operation of the business and its digital systems.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3: Establish a Control Baseline\u003c\/b\u003e\u003c\/p\u003e Combs through control frameworks such as ISO 27001 and the NIST Cybersecurity Framework to select controls providing a minimum viable program (MVP) for many businesses. It also details how to align people, process, and technology for these controls; how to scale the implementation for different types of businesses; and how to sure share responsibility for delivering the controls with third parties.\u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4: Simplify and Rationalize IT and Security\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eArgues that security leaders have a stake in developing an effective IT strategy, what that strategy might look like, and how security leaders – who don’t own IT - can still engage IT functions to help develop and deliver on the strategy. \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5: Manage Risk in the Language of Business\u003c\/b\u003e\u003c\/p\u003e Clarifies why risk management literally must be the brains of the security program. It must analyze, monitor, and communicate what potential losses or circumstances constitute the business’s top risk scenarios. An effective tiered risk analysis process can efficiently address the myriad secondary risk issues that arise through processes and prioritize controls or other risk treatments.\u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6: Create a Strong Security Culture\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eBrings the cultural subtext that can make or break a cybersecurity environment into the foreground. It analyzes the components of security culture and provides guidance on how to devise a security culture improvement process and measure its effectiveness. User awareness, training, and appropriate day to day engagement with the business can all play a part in forging a constructive security culture. \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7: Put the Right Governance Model in Place\u003c\/b\u003e\u003c\/p\u003e Contrasts basic security governance structures that businesses can use, and provides guidance on how to select one and make it work. It describes core elements of the security program such as steering committees and security policy life cycle management. It also offers guidance on where the CISO should report in an organization. \u003cp\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8: Control Access with Minimal Drag on the Business\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eExplains why access is the critical balance beam for the business, compliance mandates, and the security program. It addresses the need for information classification, data protection, and identity and access management (IAM) controls to implement access restrictions as required to reduce risk or attain regulatory compliance but do so in a way that enables appropriate digital relationships and data sharing with internal and external users.\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9: Institute Resilience, Detection, and Response\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eGuides readers on how to formulate contingency plans and strategies for detection, response, and recovery which together comprise cyber-resilience. \u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10: Putting the Pieces Together\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSummarizes guidance given throughout the book in the “keys” for aligning with the business. It reiterates guidance on how to scale security programs and the way they align to the business based on business size, complexity, and other factors.\u003c\/p\u003e\n\u003c\/div\u003e","brand":"APress","offers":[{"title":"Default Title","offer_id":48867298083159,"sku":"9781484259511","price":35.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781484259511.jpg?v=1722282663"},{"product_id":"agile-application-security-9781491938843","title":"Agile Application Security","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eWritten by security experts and agile veterans, this book begins by introducing security principles to agile practitioners, and agile principles to security practitioners. The authors also reveal problems they encountered in their own experiences with agile security, and how they worked to solve them.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48867305259351,"sku":"9781491938843","price":35.99,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781491938843.jpg?v=1722282701"},{"product_id":"machine-learning-and-security-9781491979907","title":"Machine Learning and Security","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003eIn this practical guide, machine learning and security specialists Clarence Chio and David Freeman provide a framework for discussing the marriage of these two fields, as well as a toolkit of machine-learning algorithms that you can apply to an array of security problems.","brand":"O'Reilly Media","offers":[{"title":"Default Title","offer_id":48867306471767,"sku":"9781491979907","price":39.74,"currency_code":"GBP","in_stock":true}]}],"url":"https:\/\/bookcurl.com\/collections\/computer-security.oembed?page=23","provider":"Book Curl","version":"1.0","type":"link"}