Computer security Books

Book SynopsisCybersecurity is more than a buzz word. It is a necessity for every computer system and network on the planet. Hacking is at an all-time high with digital criminals stealing data from governments to technology companies, and everyone in between. Your data may be the next treasure trove of information a hacker wants to get their hands on, and your network may be the next target beaconing vulnerabilities across the internet. History has shown the only effective method at defending a network is to implement a layered security approach with security appliances and applications strategically placed throughout a network. But even some of those methods have failed.Rethinking Cyber Security will give you the background information you need to understand how hackers operate, and the methodologies you can implement to make sure key components of your network are secure. The historic layered approach has been updated to include concepts rarely implemented with out the box solutions that will take network security to the next level. Defense of common attacks are given a new perspective with advice for more stringent controls to limit external and unauthorized access. And technical strategies are explained in simpler terms with examples anyone in the field can understand.You will learn that security does not have to be difficult, overly complicated, or extremely expensive to be effective. Simpler strategies which use already available internet technologies can heighten the security of any network and keep hackers at bay. Practical application is included for key concepts with tips on how to practice new skills in a safe environment. Common poorly figured technologies which give hackers easier access to systems and data are also discussed. Do not worry. Even the most insecure network system can be hardened against an attack when you apply this new information.Table of Contents Chapter 1: History Chapter 2: Paradigm Shift Chapter 3: Traffic Analysis Chapter 4: Vulnerability Assessment Chapter 5: Penetration Testing Chapter 6: Incident Response Evidence Collection Chapter 7: Incident Response Evidence Analysis Chapter 8: Hardening Windows Chapter 9: Hardening Linux Chapter 10: Hardening Network Chapter 11: Cloud Security Chapter 12: Cryptography Appendix 1: Linux Commands Appendix 2: Meterpreter Commands Appendix 3: Common Ports and Protocols

Read more less

Book SynopsisBuild and deploy secure Spring Framework and Spring Boot-based enterprise Java applications with the Spring Security Framework. This book explores a comprehensive set of functionalities to implement industry-standard authentication and authorization mechanisms for Java applications.Pro Spring Security, Third Edition has been updated to incorporate the changes in Spring Framework 6 and Spring Boot 3. It is an advanced tutorial and reference that guides you through the implementation of the security features for a Java web application by presenting consistent examples built from the ground up.This book also provides you with a broader look into Spring security by including up-to-date use cases such as building a security layer for RESTful web services and JSON Web Token applications.What You Will Learn Explore the scope of security and how to use the Spring Security Framework Master Spring security architecture and design Secure the web tier in Spring Work with alternative authentication providers Take advantage of business objects and logic security Extend Spring security with other frameworks and languages Secure the service layer Secure the application with JSON Web Token Who This Book Is ForExperienced Spring and Java developers with prior experience in building Spring Framework or Boot-based applicationsTable of Contents

Read more less

Book SynopsisThis is a comprehensive guide for individuals preparing for the Certified Information Systems Security Professional (CISSP) exam. The book's main focus is to provide readers with a wealth of practice questions and expert tips to help them pass the CISSP exam.The demand for certified information security professionals continues to increase, and the CISSP exam is widely recognized as one of the most challenging and comprehensive information security certification exams. This book will provide readers with the practice and exam strategies they need to pass the CISSP exam and launch their careers in information security. It covers all of the topics tested on the exam, including security management practices, access control systems and methodology; laws, regulations, standards, and compliance; and telecommunications and network security.In addition to providing practice questions, this book also includes background information on the CISSP exam, including the exam format, content, and best ways to study for the exam. It is designed to be user friendly and easy to follow, with clear explanations and examples for all the practice questions.What You Will Learn Gain a comprehensive understanding of the CISSP Common Body of Knowledge (CBK) Gain background information on the CISSP exam, including the exam format, content, and best ways to study for the exam Develop the critical thinking skills that are essential for success on the CISSP exam Master test-taking strategies for successfully passing the CISSP exam Prepare through a realistic simulation of the actual CISSP exam Who this book is for:Individuals preparing for the Certified Information Systems Security Professional (CISSP) exam—someone who has a background in information technology or information security and is looking to pass the CISSP exam and become a CISSP-certified professional.Secondary audiences include information technology professionals looking to expand their knowledge and skills in the field of information security, individuals interested in pursuing a career in information security and considering the CISSP certification, and current or aspiring information security managers who want to advance their careers and take on more responsibilities in their organizations.Table of ContentsChapter 1: Introduction.- Chapter 2: CISSP Exam Format and Content.- Chapter 3: Security and Risk Management.- Chapter 4: Asset Security.- Chapter5: Security Architecture and Engineering.- Chapter 6: Communications and Network Security.- Chapter 7: Identity and Access Management.- Chapter 8: Security Assessment and Testing.- Chapter 9: Security Operations.- Chapter 10: Software Development Security.- Chapter 11: Test-taking Strategies and Tips.- Chapter 12: Conclusion.

Read more less

Book SynopsisThis book will help you learn the importance of organizations treating enterprise cyber risk management (ECRM) as a value creator, a business enabler, and a mechanism to create a competitive advantage. Organizations began to see the real value of information and information technology in the mid-1980s. Forty years later, it’s time to leverage your ECRM program and cybersecurity strategy in the same way. The main topics covered include the case for action with specific coverage on the topic of cybersecurity as a value creator, including how the courts, legislators, and regulators are raising the bar for C-suite executives and board members. The book covers how the board’s three primary responsibilities (talent management, strategy, and risk management) intersect with their ECRM responsibilities.ECRM was once solely focused on managing the downside of risk by defending the organization from adversarial, accidental, structural, and environmental threat sources. Author Bob Chaput presents the view that we must focus equally on managing the upside of cyber strengths to increase customer trust and brand loyalty, improving social responsibility, driving revenue growth, lowering the cost of capital, attracting higher quality investments, creating competitive advantage, attracting and retaining talent, and facilitating M&A work. He focuses on the C-suite and board role in the first part and provides guidance on their roles and responsibilities, the most important decision about ECRM they must facilitate, and how to think differently about ECRM funding. You will learn how to the pivot from cost-center thinking to value-center thinking.Having built the case for action, in the second part, the book details the steps that organizations must take to develop and document their ECRM program and cybersecurity strategy. The book first covers how ECRM must be integrated into business strategy. The remainder of that part presents a sample table of contents for an ECRM Program and Cybersecurity Strategy document and works through each section to facilitate development of your own program and strategy. With all the content and ideas presented, you will be able to establish, implement, and mature your program and strategy.What You Will Learn Read new information and treat ECRM and cybersecurity as a value creator Receive updates on legal cases, legislative actions, and regulations that are raising the stakes for organizations, their C-suites, and boards Think differently about funding ECRM and cybersecurity initiatives Understand the most critical ECRM decision that boards must facilitate in their organizations Use practical, tangible, actionable content to develop and document your ECRM program and cybersecurity strategy “This book should be mandatory reading for C-suite executives and board members. It shows you how to move from viewing cybersecurity as a risk to avoid, and a cost center that does not add value and is overhead, to seeing cybersecurity as an enabler and part of your core strategy to transform your business and earn customer and stakeholder trust.” —Paul Connelly, First CISO at the White House and HCA Healthcare Who This Book Is ForThe primary audience includes Chief Information Security Officers, Chief Risk Officers, and Chief Compliance Officers. The secondary audience includes C-suite executives and board members. The tertiary audience includes any stakeholder responsible for privacy, security, compliance, and cyber risk management or students of these topics.Table of Contents

Read more less

Book SynopsisToday, it's easier for threat actors to simply log in versus hack in. As cyberattacks continue to increase in volume and sophistication, it's not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identitieswhether human or machine, to initiate or progress their attack. Detecting and defending against these malicious activities should be the basis of all modern cybersecurity initiatives. This bookdetails the risks associated with poor identity security hygiene, the techniques that external and internal threat actors leverage, and the operational best practices that organizations should adopt to protect against identity theft, account compromises, and to develop an effective identity and access security strategy. As a solution to these challenges, Identity Security has emerged as a cornerstone of modern Identity and Access Management (IAM) initiatives. Managing accounts, credentials, roles, entitlements, certifications, and attestation reporting for all identities is now a security and regulatory compliance requirement. In this book, you will discover how inadequate identity and privileged access controls can be exploited to compromise accounts and credentials within an organization. You will understand the modern identity threat landscape and learn how role-based identity assignments, entitlements, and auditing strategies can be used to mitigate the threats across an organization's entire Identity Fabric.What You Will LearnUnderstand the concepts behind an identity and how its associated credentials and accounts can be leveraged as an attack vectorImplement an effective identity security strategy to manage identities and accounts based on roles and entitlements, including the most sensitive privileged accountsKnow the role that identity security controls play in the cyber kill chain and how privileges should be managed as a potential weak linkBuild upon industry standards and strategies such as Zero Trust to integrate key identity security technologies into a corporate ecosystemPlan for a successful identity and access security deployment; create an implementation scope and measurable risk reduction; design auditing, discovery, and regulatory reporting; and develop oversight based on real-world strategies to prevent identity attack vectorsWho This Book Is ForManagement and implementers in IT operations, security, and auditing looking to understand and implement an Identity and Access Management (IAM) program and manage privileges in these environments

Read more less

Book SynopsisSpace is one of the fastest growing military, government and industry sectors. Because everything in today's world exists within or connected to cyberspace, there is a dire need to ensure cybersecurity is addressed in the burgeoning field of space operations. This revised and expanded edition will prime the reader with the knowledge needed to understand the unique challenges to space operations which affect the implementation of cybersecurity. Further, the reader will have foundational knowledge on what impacts cyber threats can have on space systems and how cybersecurity must rise to meet them. The author, who spent years in the United States Marine Corps, originally involved in satellite communications is now a seasoned cyber security practitioner who has provided cyber security vision and strategy to a large portfolio of systems and programs, many focused specifically in space. A published academic and experienced professional, he brings a practical, real-world and tempered approach to securing the final frontier.What You Will LearnBasic concepts of how different space vehicles operate in general. How such systems and their components integrate into cyberspace. A clear picture of the potential damage available via cyber-attacks to such systems.Basic efforts to mitigate such cyber threats will be presented through the various portions of space operations. Foundational issues at the intersection of the space and cyber domainsWho This Book Is ForThis book is written for anyone curious about warfare in the era of cyber everything, those involved in cyber operations and cyber warfare, as well as security practitioners and policy or decision makers who are on the sending or receiving end of such activity.

Read more less

Book SynopsisChapter 1:   Introduction to Modern network Systems.- Chapter 2:  Building Blocks of Network Security.- Chapter 3: Navigating the Cyber Threat Landscape.- Chapter 4: Cryptography: The Backbone of Secure Communications.

Read more less

Book SynopsisIn today's digital landscape, safeguarding sensitive information is paramount. This book offers a comprehensive roadmap for managing and mitigating the impact of security incidents and data breaches. This essential guide goes beyond the basics, providing expert insights and strategies to help organizations of all sizes navigate the complexities of cybersecurity. With seven in-depth chapters and 10 appendices, this book covers everything from defining information security incidents and data breaches to understanding key privacy regulations such as GDPR and LGPD. You'll learn a practical, step-by-step approach to incident response, including how to assess and improve your organization's security posture. The book contains a well-tested and practical information security incident and breach management approach to manage information security incidents and data privacy breaches in four phases: Security and Breach Obligations and Requirements Comprehension; Security and Privacy Framework Assurance; Security Incident and Data Breach Response Management; and Security and Breach Response Process Evaluation. Knowing how to handle such security and breach issues will avoid compliance and sanctions to organizations of all types and protect the company's reputation and brand name. What You Will LearnIdentify and manage information security incidents and data breaches more effectivelyUnderstand the importance of incident response in avoiding compliance issues, sanctions, and reputational damageReview case studies and examples that illustrate best practices and common pitfalls in incident response and data breach managementBenefit from a well-tested approach that goes beyond the NIST 800-61 standard, aligning with the international information security standard ISO 27001:2022Who This Book Is ForCybersecurity leaders, executives, consultants, and entry-level professionals responsible for executing the incident response plan when something goes wrong, including: ISO 27001 implementation and transition project managers; ISO 27001 auditors and inspectors; auditors (IT, internal, external, etc.); IT managers and development staff; senior executives, CISOs and corporate security managers; administration, HR managers and staff; compliance and data protection officers; cybersecurity professionals; IT development, auditing, and security university students; and anyone else interested in information security issues

Read more less

Book SynopsisChapter 1: AI is Everywhere.- Chapter 2: Overview of AI and ML.- Chapter 3: AI for Defense.- Chapter 4: ML in an Adversarial Environment.- Chapter 5: Combatting AI Threats.- Chapter 6: The Need for Speed The Driving Forces of Security Automation.- Chapter 7: The OODA Loop.- Chapter 8: Common SOAR Use Cases.- Chapter 9: Strategies for Success (and Failure).- Chapter 10: Active Cyber Defense.- Chapter 11: The OODA Loop Revisited.- Chapter 12: Deception.- Chapter 13: The Cybersecurity Trinity.

Read more less

Book SynopsisNavigate the complex landscape of Artificial Intelligence (AI) governance and model risk management using a holistic approach encompassing people, processes, and technology. This book provides practical guidance, oversight structure and centers of excellence, and actionable insights for organizations seeking to harness the power of AI responsibly, ethically, and transparently. By addressing the technical, ethical, and societal dimensions of AI governance, organizations will be empowered to build trustworthy AI systems that benefit both their bottom line and the broader community. Featuring successful mitigating controls based on proven use cases, the book underscores the importance of aligning AI strategy with AI governance, striking a balance between AI innovation, risk mitigation as well as broader business goals. You'll receive pointers for designing a well-governed AI development lifecycle, emphasizing transparency, accountability, and continuous monitoring throughout the AI development lifecycle. This book highlights the importance of collaboration between stakeholders, i.e., boards of directors, CxOs, corporate counsel, compliance officers, audit executives, data scientists, developers, validators, etc. You'll gain practical advice on addressing the challenges related to the ownership of AI-generated content and models, stressing the need for legal frameworks and international collaboration. You'll also learn the importance of auditing AI systems, developing protocols for rapid response in case of AI-related crises, and building capacity for AI actors through education. Principles of AI Governance and Model Risk Management demonstrates its value-added uniqueness by detailing a strategy to ensure a cohesive approach to managing AI-related risks, global compliance, policy, privacy, and AI-human collaboration and oversight. What You Will LearnDifferent approaches to AI adoption, from building in-house AI capabilities to partnering with external providersKey factors to consider when choosing an AI solution and how to ensure its successful integration into existing workflowsAI technologies, their business impact, and ethical considerations to make informed decisions and foster responsible AIThe environmental impacts of AI systems and the need for sustainable practices in AI development and deployment. Who This Book is ForBusiness executives and process owners/representatives, risk officers, cybersecurity professionals, legal counsel and ethics officers, human resource professionals, data scientists, AI developers, and CTOs.

Read more less

Book SynopsisChapter 1: The Chess Game of Cybersecurity.- Chapter 2: Setting Up the Board.- Chapter 3: Playing the Game Differently.- Chapter 4: Check and Countercheck.- Chapter 5: Endgame.

Read more less

Book SynopsisChapter 1: The Myth of Mitigation.- Chapter 2: Public Access: The Original Flaw.- Chapter 3: The Legal and Economic Time Bomb of MFA Deception.- Chapter 4: The Pervasiveness of Cybersecurity Deception.- Chapter 5: Complicity Through Blind Conformity.- Chapter 6: The Failure of the Cybersecurity Education System.- Chapter 7: The Failure to Look Beyond the Immediate Horizon.- Chapter 8: The Internet as a Crime Scene.- Chapter 9: Regulatory Failures and the Consequences of Inaction.- Chapter 10: The Role of Vendors and Auditors in Perpetuating the Cybersecurity Crisis.- Chapter 11: The Victims of Cybersecurity Deception: Internet Users and the Global Economy.- Chapter 12: The Long Road to Correction: An Elegantly Simple Solution.- Chapter 13: Corporate Leadership's Role in Cybersecurity: The Cost of Complacency and the Call for Accountability.- Chapter 14: The Path to Rebuilding Trust with Vendors and Stakeholders.- Chapter 15: Looking Ahead: The Future of Cybersecurity and the End of the Mitigation Era.- Chapter 16: The Role of Digital IDs and Direct User Interaction.- Chapter 17: A Call for Integrity and Real Security.- Chapter 18: The Impact of AI on Cybersecurity.- Chapter 19: The Global Landscape: Cybersecurity Challenges Across Borders.

Read more less

Book SynopsisChapter 1. The Origins of Cybersecurity.- Chapter 2. The Devil is in the Details.- Chapter 3. The Science of Authentication.- Chapter 4. The Failure of Indirect Interaction.- Chapter 5. Digital IDs: The Solution That Was Ignored.- Chapter 6. Direct User Interaction: The Game Changer.- Chapter 7. Digital Superposition: A New Layer in Network Security.- Chapter 8. Rethinking Security: Insights from Einstein and Hawking.- Chapter 9. Pre-Authentication vs. Post-Authentication in Network Security.- Chapter 10. The Illusion of MFA Compliance.- Chapter 11. Pre-Authentication vs. Post-Authentication in Network Security.- Chapter 12. Digital ID: Transforming Key Industries.- Chapter 13. The Mitigations That No Longer Matter.- Chapter 14. The Battle for Integrity in Security.- Chapter 15. Big Data Vs. Network Security.- Chapter 16. The Future of Network Security.- Chapter 17. Implementing the Change.- Chapter 18. Digital ID as the New Endpoint.- Chapter 19. The Inescapable Conflict: Public vs. Private in Cybersecurity.- Chapter 20. The Unified Quantum Security Model: A New Approach to Cybersecurity.- Chapter 21. The Urgency of Action.

Read more less

Book SynopsisTabletop exercises are a common way to test disaster recovery and business continuity plans, but they can also be some of the most dry and boring meetings any professional can attend. Following a set script with no variation can cause folks to lose interest and question the value of such exercises, even when they are required for compliance frameworks such as SOC2.What is a security professional to do? Simpleintroduce variability by adding dice!Gamification isn't a new idea, but applying some principles of gamification to a traditional tabletop exercise can breathe new life into a potentially monotonous activity. This book covers how to build a gamified tabletop exercise from the ground up, and provides example exercises you can build upon for your own needs. Not only will participation improve, but you will have reusable exercises to work with as each walk-through can produce different results, helping to cover multiple outcomes when testing your recovery capabilities. By providing examples and a methodical approach on how to build gamification into a traditional tabletop, the goal is to provide a new perspective on tabletop exercises that should be more engaging for all participants, and thus more beneficial for everyone involved. Avoid the monotony and start practicing with realistic consequences for decisions with dice rolls!What You Will LearnPlan, build, and execute tabletop exercises with participantsUnderstand and explaingamification benefits and how to add it to traditional tabletop exercisesUnderstandwhy and how to introduce such concepts to a traditional tabletop exerciseGet up to speed on the purpose of tabletop exercises as well as how to improve participation and retention of exercise participantsCompile tips and tricks to help when encountering unexpected issues during tabletop exercises, from unexpected decisions to difficult participantsKnow tools and techniques, such as using mind maps, tohelpplan and build gamified tabletop exercisesWho This Book Is ForGRC or security professionals who would are responsible for executing a tabletop exercise or otherwise tasked with annual testing of the company disaster recovery/business continuity plans. Even participants who are looking for alternatives to traditional happy path tabletops may be interested.

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less