Information Security: The Complete Reference, Second Edition
Language: English
Pages: 896
ISBN: 0071784357
Format: PDF / Kindle (mobi) / ePub
Develop and implement an effective end-to-end security program
Today’s complex world of mobile platforms, cloud computing, and ubiquitous data access puts new security demands on every IT professional. Information Security: The Complete Reference, Second Edition (previously titled Network Security: The Complete Reference) is the only comprehensive book that offers vendor-neutral details on all aspects of information protection, with an eye toward the evolving threat landscape. Thoroughly revised and expanded to cover all aspects of modern information security―from concepts to details―this edition provides a one-stop reference equally applicable to the beginner and the seasoned professional.
Find out how to build a holistic security program based on proven methodology, risk analysis, compliance, and business needs. You’ll learn how to successfully protect data, networks, computers, and applications. In-depth chapters cover data protection, encryption, information rights management, network security, intrusion detection and prevention, Unix and Windows security, virtual and cloud security, secure application development, disaster recovery, forensics, and real-world attacks and countermeasures. Included is an extensive security glossary, as well as standards-based references. This is a great resource for professionals and students alike.
- Understand security concepts and building blocks
- Identify vulnerabilities and mitigate risk
- Optimize authentication and authorization
- Use IRM and encryption to protect unstructured data
- Defend storage devices, databases, and software
- Protect network routers, switches, and firewalls
- Secure VPN, wireless, VoIP, and PBX infrastructure
- Design intrusion detection and prevention systems
- Develop secure Windows, Java, and mobile applications
- Perform incident response and forensic analysis
Practical Embedded Security: Building Secure Resource-Constrained Systems
Android Security: Attacks and Defenses
Practical Embedded Security: Building Secure Resource-Constrained Systems
Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
Successful security strategies, as well as those learned from poor ones. The basic principles apply equally well to any situation or environment, regardless of whether you apply them to defend computers, networks, people, houses, or any other assets. The Limitations of a Barrier: Case Study The Maginot Line, a wall built by the French in the 1930s to defend France from invasion by Germany, is one of the most famous defensive failures in history. A strict border defense, it was designed to deny.
Known as “fuzzing” can be performed via Bluetooth pairing. A fuzzing attack takes advantage of inherent software vulnerabilities in Bluetooth devices by sending invalid data to cause abnormal behavior such as crashing, privilege escalation, and intrusions that can implant malware. Application Risks Third-party apps for mobile devices are written by people you don’t know, in environments you can’t control, and you have no visibility into their process, development lifecycle, or quality control.
Features that allow .NET components to be isolated from each other and from the file system on your computer’s hard disk. Managed Code When it first appeared, Sun Microsystems’ Java broke new ground as a development platform for network-centric computing. Central to Sun’s vision was the notion of code portability, summed up in the pithy (if somewhat inaccurate) phrase “Write once, run anywhere.” This degree of portability is achieved by compiling source code to an intermediate representation.
The identity of the user running the code. This approach is known as role-based security (RBS). RBS is, of course, very familiar to computer users because it forms the basis of OS security. When you log in to a Windows machine, you provide credentials—typically a user ID and password—that must match a user account known to Windows. In this way, Windows authenticates you as a legitimate user of the system. The account provides you with an identity on the system, and the groups to which that.
Vary according to what the organization does. Financial companies typically require a larger and more robust security organization due to the capital financial risk involved in an event or incident that negatively impacts their integrity, confidentiality, and availability. Healthcare organizations, along with businesses in other highly regulated sectors such as publicly traded companies that must comply with Sarbanes-Oxley rules, and financial companies that are regulated by the.