Atnaujinkite slapukų nuostatas

CISSP Boxed Set [Other merchandise]

4.08/5 (133 ratings by Goodreads)
  • Formatas: Other merchandise, 1632 pages, aukštis x plotis x storis: 229x178x114 mm, weight: 3175 g, 280 Illustrations
  • Serija: All-in-One
  • Išleidimo metai: 16-Jun-2011
  • Leidėjas: McGraw-Hill Professional
  • ISBN-10: 0071768459
  • ISBN-13: 9780071768450
Kitos knygos pagal šią temą:
CISSP Boxed SetDidesnis paveikslėlis
  • Formatas: Other merchandise, 1632 pages, aukštis x plotis x storis: 229x178x114 mm, weight: 3175 g, 280 Illustrations
  • Serija: All-in-One
  • Išleidimo metai: 16-Jun-2011
  • Leidėjas: McGraw-Hill Professional
  • ISBN-10: 0071768459
  • ISBN-13: 9780071768450
Kitos knygos pagal šią temą:
Pastovi nuoroda: https://www.kriso.lt/db/9780071768450.html
A money-saving CISSP boxed set from the #1 name in IT security certification and trainingCISSP Boxed Set bundles Shon Harris bestselling CISSP All-in-One Exam Guide, Fifth Edition and CISSP Practice Exams with a bonus, second CD-ROM featuring all-new training materialall at a discount of 12% off MSRP. CISSP All-in-One Exam Guide, Fifth Edition provides a comprehensive and in-depth exam review and self-study system covering all ten CISSP domains. The book includes exam tips that highlight actual exam topics, technical discussion sidebars, and hands-on examples and exercises that support practical learning for real-world situations. The CD-ROM contains practice exam questions, a video training excerpt, and an e-book. CISSP Practice Exams reinforces what is taught in the Exam Guide with questions for review organized by exam domain and more than 1000 additional questions available online. A bonus CD-ROM available only with this Boxed Set features two additional practice exams as well as all-new audio and video training led by Shon Harris. Covers all 10 CISSP domains: Information security and risk management; Access control; Security architecture and design; Physical and environmental security; Telecommunications and network security; Cryptography; Business continuity and disaster recovery planning; Legal regulations, compliance, and investigations; Application security; Operations securityTotal CD-ROM content for the boxed set includes:

1200+ practice exam questions covering all 10 CISSP domainsPractice exam questions hosted in practice testing engines complete with in-depth answer explanations3+ hours of audio and video training Audio training features Shon Harris reviewing access control conceptsVideo training features Shon Harris teaching core cryptography conceptsE-book version of CISSP All-in-One Exam Guide, Fifth Edition Additional training content! 1000+ practice exam questions and 30+ hours of audio training available online!
Forewords xviii
Acknowledgments xxi
Introduction xxii
Chapter 1 Becoming a CISSP
1(16)
Why Become a CISSP?
1(1)
The CISSP Exam
2(5)
CISSP: A Brief History
7(1)
How Do You Become a CISSP?
8(1)
What Does This Book Cover?
8(1)
Tips for Taking the CISSP Exam
9(2)
How to Use This Book
11(6)
Questions
11(4)
Answers
15(2)
Chapter 2 Security Trends
17(28)
How Security Became an Issue
17(3)
Areas of Security
20(1)
Benign to Scary
21(12)
Evidence of the Evolution of Hacking
22(3)
How Are Nations Affected?
25(2)
How Are Companies Affected?
27(2)
The U.S. Government's Actions
29(4)
Politics and Laws
33(3)
So What Does This Mean to Us?
35(1)
Hacking and Attacking
36(1)
Management
37(2)
A Layered Approach
39(3)
An Architectural View
40(1)
A Layer Missed
41(1)
Bringing the Layers Together
42(1)
Education
42(1)
Summary
43(2)
Chapter 3 Information Security and Risk Management
45(108)
Security Management
45(3)
Security Management Responsibilities
46(1)
The Top-Down Approach to Security
47(1)
Security Administration and Supporting Controls
48(9)
Fundamental Principles of Security
51(1)
Availability
51(1)
Integrity
52(1)
Confidentiality
53(1)
Security Definitions
54(2)
Security Through Obscurity
56(1)
Organizational Security Model
57(16)
Security Program Components
59(14)
Information Risk Management
73(3)
Who Really Understands Risk Management?
73(1)
Information Risk Management Policy
74(1)
The Risk Management Team
75(1)
Risk Analysis
76(26)
The Risk Analysis Team
77(1)
The Value of Information and Assets
78(1)
Costs That Make Up the Value
79(1)
Identifying Threats
80(3)
Failure and Fault Analysis
83(3)
Quantitative Risk Analysis
86(5)
Qualitative Risk Analysis
91(3)
Quantitative vs. Qualitative
94(1)
Protection Mechanisms
95(4)
Putting It Together
99(1)
Total Risk vs. Residual Risk
100(1)
Handling Risk
101(1)
Policies, Standards, Baselines, Guidelines, and Procedures
102(9)
Security Policy
103(3)
Standards
106(1)
Baselines
107(1)
Guidelines
108(1)
Procedures
108(1)
Implementation
109(2)
Information Classification
111(6)
Private Business vs. Military Classifications
112(3)
Classification Controls
115(2)
Layers of Responsibility
117(17)
Who's Involved?
117(8)
The Data Owner
125(1)
The Data Custodian
125(1)
The System Owner
126(1)
The Security Administrator
126(1)
The Security Analyst
127(1)
The Application Owner
127(1)
The Supervisor
127(1)
The Change Control Analyst
127(1)
The Data Analyst
128(1)
The Process Owner
128(1)
The Solution Provider
128(1)
The User
128(1)
The Product Line Manager
129(1)
The Auditor
129(1)
Why So Many Roles?
129(1)
Personnel
130(1)
Structure
130(1)
Hiring Practices
131(2)
Employee Controls
133(1)
Termination
133(1)
Security-Awareness Training
134(4)
Different Types of Security-Awareness Training
135(1)
Evaluating the Program
136(1)
Specialized Security Training
137(1)
Summary
138(1)
Quick Tips
139(14)
Questions
142(6)
Answers
148(5)
Chapter 4 Access Control
153(128)
Access Controls Overview
153(1)
Security Principles
154(2)
Availability
155(1)
Integrity
155(1)
Confidentiality
155(1)
Identification, Authentication, Authorization, and Accountability
156(54)
Identification and Authentication
158(11)
Password Management
169(25)
Authorization
194(16)
Access Control Models
210(6)
Discretionary Access Control
210(1)
Mandatory Access Control
211(2)
Role-Based Access Control
213(3)
Access Control Techniques and Technologies
216(5)
Rule-Based Access Control
216(2)
Constrained User Interfaces
218(1)
Access Control Matrix
218(2)
Content-Dependent Access Control
220(1)
Context-Dependent Access Control
220(1)
Access Control Administration
221(8)
Centralized Access Control Administration
222(7)
Decentralized Access Control Administration
229(1)
Access Control Methods
229(7)
Access Control Layers
230(1)
Administrative Controls
230(2)
Physical Controls
232(1)
Technical Controls
233(3)
Access Control Types
236(6)
Preventive: Administrative
238(1)
Preventive: Physical
238(1)
Preventive: Technical
239(3)
Accountability
242(6)
Review of Audit Information
244(1)
Keystroke Monitoring
244(1)
Protecting Audit Data and Log Information
245(3)
Access Control Monitoring
248(12)
Intrusion Detection
249(9)
Intrusion Prevention Systems
258(2)
A few Threats to Access Control
260(6)
Dictionary Attacks
261(1)
Brute force Attacks
262(1)
Spoofing at Logon
262(4)
Summary
266(1)
Quick Tips
266(15)
Questions
269(7)
Answers
276(5)
Chapter 5 Security Architecture and Design
281(120)
Computer Architecture
283(1)
The Central Processing Unit
283(41)
Multiprocessing
288(1)
Operating System Architecture
289(7)
Process Activity
296(1)
Memory Management
297(3)
Memory Types
300(8)
Virtual Memory
308(1)
CPU Modes and Protection Rings
309(3)
Operating System Architecture
312(1)
Domains
313(1)
Layering and Data Hiding
314(2)
The Evolution of Terminology
316(2)
Virtual Machines
318(2)
Additional Storage Devices
320(1)
Input/Output Device Management
320(4)
System Architecture
324(8)
Defined Subsets of Subjects and Objects
325(1)
Trusted Computing Base
326(3)
Security Perimeter
329(1)
Reference Monitor and Security Kernel
330(1)
Security Policy
331(1)
Least Privilege
332(1)
Security Models
332(21)
State Machine Models
334(2)
The Bell-LaPadula Model
336(2)
The Biba Model
338(3)
The Clark-Wilson Model
341(3)
The Information Flow Model
344(3)
The Noninterference Model
347(1)
The Lattice Model
348(2)
The Brewer and Nash Model
350(1)
The Graham-Denning Model
351(1)
The Harrison-Ruzzo-Ullman Model
351(2)
Security Modes of Operation
353(4)
Dedicated Security Mode
353(1)
System High-Security Mode
353(1)
Compartmented Security Mode
354(1)
Multilevel Security Mode
354(2)
Trust and Assurance
356(1)
Systems Evaluation Methods
357(5)
Why Put a Product Through Evaluation?
357(1)
The Orange Book
358(4)
The Orange Book and the Rainbow Series
362(1)
The Red Book
363(1)
Information Technology Security Evaluation Criteria
364(3)
Common Criteria
367(3)
Certification vs. Accreditation
370(2)
Certification
371(1)
Accreditation
371(1)
Open vs. Closed Systems
372(1)
Open Systems
372(1)
Closed Systems
373(1)
Enterprise Architecture
373(9)
A Few Threats to Review
382(6)
Maintenance Hooks
382(1)
Time-of-Check/Time-of-Use Attacks
383(1)
Buffer Overflows
384(4)
Summary
388(1)
Quick Tips
389(12)
Questions
392(5)
Answers
397(4)
Chapter 6 Physical and Environmental Security
401(82)
Introduction to Physical Security
401(3)
The Planning Process
404(24)
Crime Prevention Through Environmental Design
408(5)
Designing a Physical Security Program
413(15)
Protecting Assets
428(1)
Internal Support Systems
429(17)
Electric Power
430(4)
Environmental Issues
434(3)
Ventilation
437(1)
Fire Prevention, Detection, and Suppression
438(8)
Perimeter Security
446(24)
Facility Access Control
447(7)
Personnel Access Controls
454(1)
External Boundary Protection Mechanisms
455(9)
Intrusion Detection Systems
464(4)
Patrol Force and Guards
468(1)
Dogs
468(1)
Auditing Physical Access
469(1)
Testing and Drills
469(1)
Summary
470(1)
Quick Tips
471(12)
Questions
473(5)
Answers
478(5)
Chapter 7 Telecommunications and Network Security
483(182)
Open Systems Interconnection Reference Model
485(14)
Protocol
485(4)
Application Layer
489(1)
Presentation Layer
489(2)
Session Layer
491(1)
Transport Layer
492(1)
Network Layer
493(1)
Data Link Layer
494(2)
Physical Layer
496(1)
Functions and Protocols in the OSI Model
496(2)
Tying the Layers Together
498(1)
TCP/IP
499(11)
TCP
500(6)
IP Addressing
506(2)
IPv6
508(2)
Types of Transmission
510(3)
Analog and Digital
510(1)
Asynchronous and Synchronous
511(1)
Broadband and Baseband
512(1)
LAN Networking
513(25)
Network Topology
513(3)
LAN Media Access Technologies
516(6)
Cabling
522(6)
Transmission Methods
528(1)
Media Access Technologies
529(4)
LAN Protocols
533(5)
Routing Protocols
538(3)
Networking Devices
541(32)
Repeaters
541(1)
Bridges
542(2)
Routers
544(2)
Switches
546(4)
Gateways
550(2)
PBXs
552(1)
Firewalls
553(19)
Honeypot
572(1)
Network Segregation and Isolation
572(1)
Networking Services and Protocols
573(9)
Domain Name Service
573(5)
Directory Services
578(2)
Lightweight Directory Access Protocol
580(1)
Network Address Translation
580(2)
Intranets and Extranets
582(3)
Metropolitan Area Networks
585(1)
Wide Area Networks
586(24)
Telecommunications Evolution
587(2)
Dedicated Links
589(3)
WAN Technologies
592(18)
Remote Access
610(14)
Dial-Up and RAS
610(1)
ISDN
611(2)
DSL
613(1)
Cable Modems
613(2)
VPN
615(6)
Authentication Protocols
621(2)
Remote Access Guidelines
623(1)
Wireless Technologies
624(25)
Wireless Communications
625(2)
WLAN Components
627(3)
Wireless Standards
630(11)
WAP
641(1)
i-Mode
642(1)
Mobile Phone Security
643(1)
War Driving for WLANs
644(2)
Satellites
646(3)
Rootkits
649(3)
Spyware and Adware
650(1)
Instant Messaging
651(1)
Summary
652(1)
Quick Tips
652(13)
Questions
656(4)
Answers
660(5)
Chapter 8 Cryptography
665(112)
The History of Cryptography
666(5)
Cryptography Definitions and Concepts
671(12)
Kerckhoffs' Principle
672(2)
The Strength of the Cryptosystem
674(1)
Services of Cryptosystems
675(2)
One-Time Pad
677(2)
Running and Concealment Ciphers
679(1)
Steganography
680(3)
Types of Ciphers
683(3)
Substitution Ciphers
683(1)
Transposition Ciphers
684(2)
Methods of Encryption
686(16)
Symmetric vs. Asymmetric Algorithms
686(1)
Symmetric Cryptography
686(5)
Block and Stream Ciphers
691(5)
Hybrid Encryption Methods
696(6)
Types of Symmetric Systems
702(11)
Data Encryption Standard
703(7)
Triple-DES
710(1)
The Advanced Encryption Standard
711(1)
International Data Encryption Algorithm
711(1)
Blowfish
712(1)
RC4
712(1)
RC5
712(1)
RC6
712(1)
Types of Asymmetric Systems
713(8)
The Diffie-Hellman Algorithm
713(3)
RSA
716(3)
El Gamal
719(1)
Elliptic Curve Cryptosystems
719(1)
LUC
720(1)
Knapsack
720(1)
Zero Knowledge Proof
720(1)
Message Integrity
721(12)
The One-Way Hash
721(5)
Various Hashing Algorithms
726(1)
MD2
727(1)
MD4
727(1)
MD5
727(2)
Attacks Against One-Way Hash Functions
729(1)
Digital Signatures
730(3)
Digital Signature Standard
733(1)
Public Key Infrastructure
733(7)
Certificate Authorities
734(3)
Certificates
737(1)
The Registration Authority
737(1)
PKI Steps
738(2)
Key Management
740(2)
Key Management Principles
741(1)
Rules for Keys and Key Management
742(1)
Link Encryption vs. End-to-End Encryption
742(3)
E-mail Standards
745(5)
Multipurpose Internet Mail Extension
745(1)
Privacy-Enhanced Mail
746(1)
Message Security Protocol
747(1)
Pretty Good Privacy
747(1)
Quantum Cryptography
748(2)
Internet Security
750(11)
Start with the Basics
750(11)
Attacks
761(4)
Cipher-Only Attacks
761(1)
Known-Plaintext Attacks
761(1)
Chosen-Plaintext Attacks
761(1)
Chosen-Ciphertext Attacks
762(1)
Differential Cryptanalysis
762(1)
Linear Cryptanalysis
763(1)
Side-Channel Attacks
763(1)
Replay Attacks
764(1)
Algebraic Attacks
764(1)
Analytic Attacks
764(1)
Statistical Attacks
764(1)
Summary
765(1)
Quick Tips
765(12)
Questions
769(4)
Answers
773(4)
Chapter 9 Business Continuity and Disaster Recovery
777(68)
Business Continuity and Disaster Recovery
778(7)
Business Continuity Steps
780(1)
Making BCP Part of the Security Policy and Program
781(2)
Project Initiation
783(2)
Business Continuity Planning Requirements
785(47)
Business Impact Analysis
786(7)
Preventive Measures
793(1)
Recovery Strategies
794(2)
Business Process Recovery
796(1)
Facility Recovery
797(6)
Supply and Technology Recovery
803(5)
The End-User Environment
808(1)
Data Backup Alternatives
809(3)
Electronic Backup Solutions
812(2)
Choosing a Software Backup Facility
814(2)
Insurance
816(1)
Recovery and Restoration
817(4)
Developing Goals for the Plans
821(2)
Implementing Strategies
823(1)
Testing and Revising the Plan
824(5)
Maintaining the Plan
829(3)
Summary
832(1)
Quick Tips
832(13)
Questions
834(6)
Answers
840(5)
Chapter 10 Legal, Regulations, Compliance, and Investigations
845(76)
The Many Facets of Cyberlaw
846(1)
The Crux of Computer Crime Laws
847(2)
Complexities in Cybercrime
849(11)
Electronic Assets
851(1)
The Evolution of Attacks
851(3)
Different Countries
854(2)
Types of Laws
856(4)
Intellectual Property Laws
860(5)
Trade Secret
861(1)
Copyright
861(1)
Trademark
862(1)
Patent
862(1)
Internal Protection of Intellectual Property
863(1)
Software Piracy
863(2)
Privacy
865(9)
Laws, Directives, and Regulations
866(8)
Liability and Its Ramifications
874(5)
Personal Information
877(1)
Hacker Intrusion
878(1)
Investigations
879(27)
Incident Response
879(4)
Incident Response Procedures
883(4)
Computer Forensics and Proper Collection of Evidence
887(1)
International Organization on Computer Evidence
888(1)
Motive, Opportunity, and Means
889(1)
Computer Criminal Behavior
890(1)
Incident Investigators
890(2)
The Forensics Investigation Process
892(6)
What Is Admissible in Court?
898(3)
Surveillance, Search, and Seizure
901(1)
Interviewing and Interrogating
902(1)
A Few Different Attack Types
903(3)
Ethics
906(4)
The Computer Ethics Institute
907(1)
The Internet Architecture Board
908(1)
Corporate Ethics Programs
909(1)
Summary
910(1)
Quick Tips
910(11)
Questions
913(5)
Answers
918(3)
Chapter 11 Application Security
921(128)
Software's Importance
921(1)
Where Do We Place the Security?
922(2)
Different Environments Demand Different Security
924(1)
Environment vs. Application
924(1)
Complexity of Functionality
925(1)
Data Types, Format, and Length
926(1)
Implementation and Default Issues
926(2)
Failure States
928(1)
Database Management
928(23)
Database Management Software
929(1)
Database Models
930(5)
Database Programming Interfaces
935(1)
Relational Database Components
936(4)
Integrity
940(2)
Database Security Issues
942(6)
Data Warehousing and Data Mining
948(3)
System Development
951(25)
Management of Development
951(1)
Life-Cycle Phases
952(16)
Software Development Methods
968(1)
Computer-Aided Software Engineering
969(1)
Prototyping
970(1)
Secure Design Methodology
970(1)
Secure Development Methodology
971(1)
Security Testing
972(1)
Change Control
972(2)
The Capability Maturity Model
974(2)
Software Escrow
976(1)
Application Development Methodology
976(2)
Object-Oriented Concepts
978(11)
Polymorphism
984(2)
Data Modeling
986(1)
Software Architecture
986(1)
Data Structures
987(1)
Cohesion and Coupling
987(2)
Distributed Computing
989(6)
CORBA and ORBs
989(2)
COM and DCOM
991(2)
Enterprise JavaBeans
993(1)
Object Linking and Embedding
993(1)
Distributed Computing Environment
994(1)
Expert Systems and Knowledge-Based Systems
995(3)
Artificial Neural Networks
998(2)
Web Security
1000(27)
Vandalism
1000(1)
Financial Fraud
1001(1)
Privileged Access
1001(1)
Theft of Transaction Information
1001(1)
Theft of Intellectual Property
1001(1)
Denial-of-Service (DoS) Attacks
1001(1)
Create a Quality Assurance Process
1002(1)
Web Application Firewalls
1002(1)
Intrusion Prevention Systems
1002(1)
Implement SYN Proxies on the Firewall
1003(1)
Specific Threats for Web Environments
1003(10)
Mobile Code 1013(132)
Java Applets
1013(2)
ActiveX Controls
1015(1)
Malicious Software (Malware)
1016(6)
Antivirus Software
1022(3)
Spam Detection
1025(1)
Anti-Malware Programs
1026(1)
Patch Management
1027(8)
Step 1 Infrastructure
1028(1)
Step 2 Research
1028(1)
Step 3 Assess and Test
1028(1)
Step 4 Mitigation ("Rollback")
1029(1)
Step 5 Deployment ("Rollout")
1029(1)
Step 6 Validation, Reporting, and Logging
1029(1)
Limitations to Patching
1030(1)
Best Practices
1030(1)
Anything Else?
1030(1)
Attacks
1031(4)
Summary
1035(1)
Quick Tips
1036(13)
Questions
1040(4)
Answers
1044(5)
Chapter 12 Operations Security
1049(84)
The Role of the Operations Department
1050(1)
Administrative Management
1051(5)
Security and Network Personnel
1053(2)
Accountability
1055(1)
Clipping Levels
1055(1)
Assurance Levels
1056(1)
Operational Responsibilities
1056(11)
Unusual or Unexplained Occurrences
1057(1)
Deviations from Standards
1057(1)
Unscheduled Initial Program Loads (a.k.a. Rebooting)
1058(1)
Asset Identification and Management
1058(1)
System Controls
1059(1)
Trusted Recovery
1060(2)
Input and Output Controls
1062(1)
System Hardening
1063(3)
Remote Access Security
1066(1)
Configuration Management
1067(3)
Change Control Process
1067(2)
Change Control Documentation
1069(1)
Media Controls
1070(7)
Data Leakage
1077(2)
Network and Resource Availability
1079(14)
Mean Time Between Failures (MTBF)
1080(1)
Mean Time to Repair (MTTR)
1080(1)
Single Points of Failure
1081(8)
Backups
1089(3)
Contingency Planning
1092(1)
Mainframes
1093(2)
E-mail Security
1095(15)
How E-mail Works
1096(3)
Facsimile Security
1099(2)
Hack and Attack Methods
1101(9)
Vulnerability Testing
1110(12)
Penetration Testing
1113(4)
Wardialing
1117(1)
Other Vulnerability Types
1118(2)
Postmortem
1120(2)
Summary
1122(1)
Quick Tips
1122(11)
Questions
1124(6)
Answers
1130(3)
Appendix A Security Content Automation Protocol Overview
1133(8)
Background
1133(1)
SCAP---More Than Just a Protocol
1134(1)
A Vulnerability Management Problem
1134(2)
A Vulnerability Management Solution---SCAP and SCAP Specifications
1136(2)
SCAP Product Validation Program
1138(1)
The Future of Security Automation
1139(1)
Conclusion
1139(2)
Appendix B About the CD-ROM
1141(4)
Running the QuickTime Cryptography Video Sample
1142(1)
Troubleshooting
1143(1)
Installing Total Seminars' Test Software
1143(1)
Navigation
1143(1)
Practice Mode
1143(1)
Final Mode
1143(1)
Minimum System Requirements for Total Seminars' Software
1144(1)
Technical Support
1144(1)
Glossary 1145(16)
Index 1161
Preface viii
Introduction x
Chapter 1 Information Security and Risk Management
1(36)
Questions
2(8)
Quick Answer Key
10(1)
Answers
11(26)
Chapter 2 Access Control
37(40)
Questions
38(8)
Quick Answer Key
46(1)
Answers
47(30)
Chapter 3 Security Architecture and Design
77(42)
Questions
78(8)
Quick Answer Key
86(1)
Answers
87(32)
Chapter 4 Physical and Environmental Security
119(36)
Questions
120(7)
Quick Answer Key
127(1)
Answers
128(27)
Chapter 5 Telecommunications and Networking Security
155(38)
Questions
156(7)
Quick Answer Key
163(1)
Answers
164(29)
Chapter 6 Cryptography
193(38)
Questions
194(9)
Quick Answer Key
203(1)
Answers
204(27)
Chapter 7 Business Continuity and Disaster Recovery
231(38)
Questions
232(8)
Quick Answer Key
240(1)
Answers
241(28)
Chapter 8 Legal, Regulations, Compliance, and Investigations
269(34)
Questions
270(5)
Quick Answer Key
275(1)
Answers
276(27)
Chapter 9 Application Security
303(38)
Questions
304(8)
Quick Answer Key
312(1)
Answers
313(28)
Chapter 10 Operations Security
341(34)
Questions
342(8)
Quick Answer Key
350(1)
Answers
351(24)
Appendix About the Free Online Practice Exams and MP3s 375(1)
Free Online Practice Exam and MP3 Instructions 375(1)
Technical Support 376(1)
Index 377
Shon Harris is the founder and CEO of Logical Security LLC, an information security consultant, a former engineer in the Air Forces Information Warfare unit, an instructor and an author. She has authored several international bestselling books on information security published by McGraw-Hill and Pearson which has sold over a million copies and have been translated into six languages. Ms. Harris authors academic textbooks, security articles for publication and is a technical editor for Information Security Magazine. Ms. Harris has consulted for a large number of organizations in every business sector (financial, medical, retail, entertainment, utility) and several U.S. government agencies over the last 18 years. Ms. Harris provides high-end, advanced and specialized consulting for organizations globally. She also works directly with law firms as a technical and expert witness on cases that range from patent infringement, criminal investigations, civil lawsuits and she specializes in cryptographic technologies. Ms. Harris has taught information security to a wide range of clients over the last 18 years, some of which have included; West Point, Microsoft, DHS, DoD, DoE, NSA, FBI, NASA, CDC, PWC, DISA, RSA, Visa, Intel, Cisco, Oracle, HP, Boeing, Northrop Grumman, Shell, Verizon, Citi, BoA, HSBC, Morgan Stanley, Symantec, Warner Brothers, Bridgestone, American Express, etc. Ms. Harris was recognized as one of the top 25 women in the Information Security field by Information Security Magazine.