Atnaujinkite slapukų nuostatas

El. knyga: Principles of Computer Security, Fourth Edition

3.83/5 (6 ratings by Goodreads)
, , , ,
  • Formatas: 768 pages
  • Išleidimo metai: 01-Jan-2016
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071836012
Kitos knygos pagal šią temą:
Principles of Computer Security, Fourth EditionDidesnis paveikslėlis
  • Formatas: 768 pages
  • Išleidimo metai: 01-Jan-2016
  • Leidėjas: McGraw-Hill Professional
  • Kalba: eng
  • ISBN-13: 9780071836012
Kitos knygos pagal šią temą:

DRM apribojimai

  • Kopijuoti:

    neleidžiama

  • Spausdinti:

    neleidžiama

  • El. knygos naudojimas:

    Skaitmeninių teisių valdymas (DRM)
    Leidykla pateikė šią knygą šifruota forma, o tai reiškia, kad norint ją atrakinti ir perskaityti reikia įdiegti nemokamą programinę įrangą. Norint skaityti šią el. knygą, turite susikurti Adobe ID . Daugiau informacijos  čia. El. knygą galima atsisiųsti į 6 įrenginius (vienas vartotojas su tuo pačiu Adobe ID).

    Reikalinga programinė įranga
    Norint skaityti šią el. knygą mobiliajame įrenginyje (telefone ar planšetiniame kompiuteryje), turite įdiegti šią nemokamą programėlę: PocketBook Reader (iOS / Android)

    Norint skaityti šią el. knygą asmeniniame arba „Mac“ kompiuteryje, Jums reikalinga  Adobe Digital Editions “ (tai nemokama programa, specialiai sukurta el. knygoms. Tai nėra tas pats, kas „Adobe Reader“, kurią tikriausiai jau turite savo kompiuteryje.)

    Negalite skaityti šios el. knygos naudodami „Amazon Kindle“.

Publisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product.



Written by leading information security educators, this fully revised, full-color computer security textbook covers CompTIAs fastest-growing credential, CompTIA Security+.Principles of Computer Security, Fourth Edition is a student-tested, introductory computer security textbook that provides comprehensive coverage of computer and network security fundamentals in an engaging and dynamic full-color design.

In addition to teaching key computer security concepts, the textbook also fully prepares you for CompTIA Security+ exam SY0-401 with 100% coverage of all exam objectives. Each chapter begins with a list of topics to be covered and features sidebar exam and tech tips, a chapter summary, and an end-of-chapter assessment section that includes key term, multiple choice, and essay quizzes as well as lab projects. Electronic content includes CompTIA Security+ practice exam questions and a PDF copy of the book.

Key features:





CompTIA Approved Quality Content (CAQC) Electronic content features two simulated practice exams in the Total Tester exam engine and a PDF eBook Supplemented by Principles of Computer Security Lab Manual, Fourth Edition, available separately White and Conklin are two of the most well-respected computer security educators in higher education Instructor resource materials for adopting instructors include: Instructor Manual, PowerPoint slides featuring artwork from the book, and a test bank of questions for use as quizzes or exams Answers to the end of chapter sections are not included in the book and are only available to adopting instructors

Learn how to:





Ensure operational, organizational, and physical security Use cryptography and public key infrastructures (PKIs) Secure remote access, wireless networks, and virtual private networks (VPNs) Authenticate users and lock down mobile devices Harden network devices, operating systems, and applications Prevent network attacks, such as denial of service, spoofing, hijacking, and password guessing Combat viruses, worms, Trojan horses, and rootkits Manage e-mail, instant messaging, and web security Explore secure software development requirements Implement disaster recovery and business continuity measures Handle computer forensics and incident response Understand legal, ethical, and privacy issues
Foreword xxiv
Preface xxvi
Introduction xxviii
Instructor Web Site xxxi
Chapter 1 Introduction and Security Trends
1(17)
The Computer Security Problem
1(11)
Definition of Computer Security
1(1)
Historical Security Incidents
1(3)
The Current Threat Environment
4(3)
Threats to Security
7(4)
Security Trends
11(1)
Targets and Attacks
12(1)
Specific Target
12(1)
Opportunistic Target
12(1)
Minimizing Possible Avenues of Attack
12(1)
Approaches to Computer Security
13(1)
Ethics
14(1)
Additional References
14(4)
Chapter 1 Review
15(3)
Chapter 2 General Security Concepts
18(24)
Basic Security Terminology
19(14)
Security Basics
19(3)
Security Tenets
22(1)
Security Approaches
23(1)
Security Principles
24(7)
Access Control
31(1)
Authentication Mechanisms
32(1)
Authentication and Access Control Policies
32(1)
Security Models
33(9)
Confidentiality Models
34(1)
Integrity Models
35(3)
Chapter 2 Review
38(4)
Chapter 3 Operational and Organizational Security
42(30)
Policies, Procedures, Standards, and Guidelines
43(11)
Security Policies
44(1)
Change Management Policy
44(1)
Data Policies
45(2)
Human Resources Policies
47(6)
Due Care and Due Diligence
53(1)
Due Process
54(1)
Incident Response Policies and Procedures
54(1)
Security Awareness and Training
54(4)
Security Policy Training and Procedures
55(1)
Role-Based Training
55(1)
Compliance with Laws, Best Practices, and Standards
56(1)
User Habits
56(1)
New Threats and Security Trends/Alerts
57(1)
Training Metrics and Compliance
58(1)
Interoperability Agreements
58(2)
Service Level Agreements
59(1)
Business Partnership Agreement
59(1)
Memorandum of Understanding
59(1)
Interconnection Security Agreement
59(1)
The Security Perimeter
60(1)
Physical Security
61(2)
Physical Access Controls
61(2)
Physical Barriers
63(1)
Environmental Issues
63(2)
Fire Suppression
64(1)
Wireless
65(1)
Electromagnetic Eavesdropping
66(6)
Modern Eavesdropping
67(1)
Chapter 3 Review
68(4)
Chapter 4 The Role of People in Security
72(18)
People---A Security Problem
73(10)
Social Engineering
73(5)
Poor Security Practices
78(5)
People as a Security Tool
83(7)
Security Awareness
84(1)
Security Policy Training and Procedures
85(1)
Chapter 4 Review
86(4)
Chapter 5 Cryptography
90(38)
Cryptography in Practice
91(2)
Fundamental Methods
92(1)
Comparative Strengths and Performance of Algorithms
93(1)
Historical Perspectives
93(3)
Substitution Ciphers
94(2)
One-Time Pads
96(1)
Algorithms
96(3)
Key Management
98(1)
Random Numbers
98(1)
Hashing Functions
99(4)
SHA
100(1)
RIPEMD
101(1)
Message Digest
101(1)
Hashing Summary
102(1)
Symmetric Encryption
103(6)
DES
103(1)
3DES
104(1)
AES
105(1)
CAST
105(1)
RC
106(1)
Blowfish
107(1)
Twofish
107(1)
IDEA
107(1)
Block vs. Stream
108(1)
Symmetric Encryption Summary
108(1)
Asymmetric Encryption
109(4)
Diffie-Hellman
110(1)
RSA
110(1)
ElGamal
111(1)
ECC
112(1)
Asymmetric Encryption Summary
113(1)
Symmetric vs. Asymmetric
113(1)
Quantum Cryptography
113(1)
Steganography
114(2)
Cryptography Algorithm Use
116(12)
Confidentiality
116(1)
Integrity
116(1)
Authentication
116(1)
Nonrepudiation
117(1)
Cipher Suites
117(1)
Key Exchange
117(1)
Key Escrow
118(1)
Session Keys
119(1)
Ephemeral Keys
119(1)
Key Stretching
119(1)
Secrecy Principles
120(1)
Transport Encryption
120(1)
Digital Signatures
120(1)
Digital Rights Management
121(1)
Cryptographic Applications
122(1)
Use of Proven Technologies
123(1)
Chapter 5 Review
124(4)
Chapter 6 Public Key Infrastructure
128(38)
The Basics of Public Key Infrastructures
129(1)
Certificate Authorities
130(1)
Registration Authorities
131(3)
Local Registration Authorities
132(2)
Digital Certificates
134(3)
Certificate Extensions
135(1)
Certificate Attributes
136(1)
Certificate Lifecycles
137(6)
Registration and Generation
137(1)
CSR
138(1)
Renewal
138(1)
Suspension
139(1)
Revocation
139(3)
Key Destruction
142(1)
Certificate Repositories
143(1)
Trust and Certificate Verification
143(3)
Centralized and Decentralized Infrastructures
146(5)
Hardware Security Modules
147(1)
Private Key Protection
148(1)
Key Recovery
149(1)
Key Escrow
150(1)
Public Certificate Authorities
151(1)
In-House Certificate Authorities
152(8)
Choosing Between a Public CA and an In-House CA
152(1)
Outsourced Certificate Authorities
153(1)
Tying Different PKIs Together
154(1)
Trust Models
155(5)
Certificate-Based Threats
160(6)
Stolen Certificates
161(1)
Chapter 6 Review
162(4)
Chapter 7 PKI Standards and Protocols
166(24)
PKIX and PKCS
168(4)
PKIX Standards
169(1)
PKCS
170(2)
Why You Need to Know the PKIX and PKCS Standards
172(1)
X.509
172(1)
SSL/TLS
173(1)
Cipher Suites
174(1)
ISAKMP
174(2)
CMP
176(1)
XKMS
176(2)
S/MIME
178(2)
IETF S/MIME History
178(1)
IETF S/MIME v3 Specifications
179(1)
PGP
180(2)
How PGP Works
180(2)
HTTPS
182(1)
IPsec
182(1)
CEP
183(1)
Other Standards
183(7)
FIPS
183(1)
Common Criteria
184(1)
WTLS
184(1)
ISO/IEC 27002 (Formerly ISO 17799)
184(1)
SAML
185(1)
Chapter 7 Review
186(4)
Chapter 8 Physical Security
190(30)
The Security Problem
191(4)
Physical Security Safeguards
195(10)
Walls and Guards
195(1)
Physical Access Controls and Monitoring
196(4)
Convergence
200(1)
Policies and Procedures
200(4)
Environmental Controls
204(1)
Fire Suppression
205(3)
Water-Based Fire Suppression Systems
205(1)
Halon-Based Fire Suppression Systems
205(1)
Clean-Agent Fire Suppression Systems
206(1)
Handheld Fire Extinguishers
206(1)
Fire Detection Devices
207(1)
Power Protection
208(2)
UPS
208(1)
Backup Power and Cable Shielding
209(1)
Electromagnetic Interference
209(1)
Electronic Access Control Systems
210(10)
Access Tokens
211(5)
Chapter 8 Review
216(4)
Chapter 9 Network Fundamentals
220(32)
Network Architectures
221(1)
Network Topology
222(1)
Network Protocols
223(3)
Protocols
223(2)
Packets
225(1)
Internet Protocol
226(5)
IP Packets
226(1)
TCP vs. UDP
227(2)
ICMP
229(2)
IPv4 vs. IPv6
231(2)
Packet Delivery
233(7)
Ethernet
233(1)
Local Packet Delivery
233(1)
Remote Packet Delivery
234(2)
IP Addresses and Subnetting
236(2)
Network Address Translation
238(2)
Security Zones
240(6)
DMZ
240(1)
Internet
241(1)
Intranet
242(1)
Extranet
243(1)
Flat Networks
243(1)
Enclaves
243(1)
VLANs
244(2)
Zones and Conduits
246(1)
Tunneling
246(1)
Storage Area Networks
247(5)
iSCSI
247(1)
Fibre Channel
247(1)
FCoE
247(1)
Chapter 9 Review
248(4)
Chapter 10 Infrastructure Security
252(36)
Devices
253(3)
Workstations
253(1)
Servers
253(1)
Virtualization
254(1)
Mobile Devices
255(1)
Device Security, Common Concerns
255(1)
Network Attached Storage
255(1)
Removable Storage
256(1)
Networking
256(11)
Network Interface Cards
256(1)
Hubs
257(1)
Bridges
257(1)
Switches
257(1)
Routers
258(2)
Firewalls
260(1)
How Do Firewalls Work?
261(2)
Next-Generation Firewalls
263(1)
Web Application Firewalls vs. Network Firewalls
264(1)
Concentrators
264(1)
Wireless Devices
264(1)
Modems
265(1)
Telephony
266(1)
VPN Concentrator
266(1)
Security Devices
267(6)
Intrusion Detection Systems
267(1)
Network Access Control
267(1)
Network Monitoring/Diagnostic
268(1)
Load Balancers
269(1)
Proxies
270(1)
Web Security Gateways
271(1)
Internet Content Filters
272(1)
Data Loss Prevention
272(1)
Unified Threat Management
272(1)
Media
273(4)
Coaxial Cable
274(1)
UTP/STP
274(1)
Fiber
275(1)
Unguided Media
276(1)
Removable Media
277(4)
Magnetic Media
278(1)
Optical Media
279(1)
Electronic Media
280(1)
Security Concerns for Transmission Media
281(1)
Physical Security Concerns
282(1)
Cloud Computing
283(5)
Private
283(1)
Public
284(1)
Hybrid
284(1)
Community
284(1)
Software as a Service
284(1)
Platform as a Service
284(1)
Infrastructure as a Service
284(1)
Chapter 10 Review
285(3)
Chapter 11 Authentication and Remote Access
288(48)
User, Group, and Role Management
289(3)
User
289(2)
Group
291(1)
Role
292(1)
Password Policies
292(2)
Domain Password Policy
293(1)
Single Sign-On
294(3)
Time of Day Restrictions
295(1)
Tokens
296(1)
Account and Password Expiration
297(1)
Security Controls and Permissions
297(7)
Access Control Lists
300(1)
Mandatory Access Control (MAC)
301(1)
Discretionary Access Control (DAC)
302(1)
Role-Based Access Control (RBAC)
303(1)
Rule-Based Access Control
303(1)
Attribute Based Access Control (ABAC)
303(1)
Account Expiration
304(1)
Preventing Data Loss or Theft
304(1)
The Remote Access Process
305(6)
Identification
305(1)
Authentication
306(4)
Authorization
310(1)
Access Control
311(1)
Remote Access Methods
311(19)
IEEE 802.1X
311(1)
RADIUS
312(2)
TACACS+
314(3)
Authentication Protocols
317(5)
FTP/FTPS/SFTP
322(1)
VPNs
323(1)
IPsec
324(5)
Vulnerabilities of Remote Access Methods
329(1)
Connection Summary
330(6)
Chapter 11 Review
331(5)
Chapter 12 Wireless Security and Mobile Devices
336(40)
Introduction to Wireless Networking
337(1)
Mobile Phones
338(5)
Wireless Application Protocol
340(2)
3G Mobile Networks
342(1)
4G Mobile Networks
343(1)
Bluetooth
343(4)
Bluetooth Attacks
345(2)
Near Field Communication
347(1)
IEEE 802.11 Series
347(12)
802.11: Individual Standards
348(2)
Attacking 802.11
350(4)
Current Security Methods
354(5)
Wireless Systems Configuration
359(3)
Antenna Types
359(1)
Antenna Placement
360(1)
Power Level Controls
361(1)
Site Surveys
361(1)
Captive Portals
362(1)
Securing Public Wi-Fi
362(1)
Mobile Devices
362(14)
Mobile Device Security
363(3)
BYOD Concerns
366(4)
Location Services
370(1)
Mobile Application Security
370(3)
Chapter 12 Review
373(3)
Chapter 13 Intrusion Detection Systems and Network Security
376(32)
History of Intrusion Detection Systems
377(1)
IDS Overview
378(4)
IDS Models
379(2)
Signatures
381(1)
False Positives and False Negatives
382(1)
Network-Based IDSs
382(6)
Advantages of a NIDS
386(1)
Disadvantages of a NIDS
386(1)
Active vs. Passive NIDSs
387(1)
NIDS Tools
387(1)
Host-Based IDSs
388(6)
Advantages of HIDSs
391(1)
Disadvantages of HIDSs
392(1)
Active vs. Passive HIDSs
393(1)
Resurgence and Advancement of HIDSs
393(1)
Intrusion Prevention Systems
394(2)
Honeypots and Honeynets
396(2)
Tools
398(10)
Protocol Analyzer
398(2)
Switched Port Analyzer
400(1)
Port Scanner
400(2)
Passive vs. Active Tools
402(1)
Banner Grabbing
403(2)
Chapter 13 Review
405(3)
Chapter 14 System Hardening and Baselines
408(56)
Overview of Baselines
409(1)
Operating System and Network Operating System Hardening
409(1)
OS Security
410(1)
Host Security
410(27)
Machine Hardening
411(1)
Operating System Security and Settings
412(1)
OS Hardening
412(1)
Hardening Microsoft Operating Systems
413(4)
Hardening UNIX- or Linux-Based Operating Systems
417(6)
Updates (a.k.a. Hotfixes, Service Packs, and Patches)
423(3)
Antimalware
426(8)
White Listing vs. Black Listing Applications
434(1)
Trusted OS
434(1)
Host-based Firewalls
435(1)
Hardware Security
436(1)
Host Software Baselining
437(1)
Host-Based Security Controls
437(4)
Hardware-Based Encryption Devices
437(1)
Data Encryption
438(1)
Data Security
439(1)
Handling Big Data
440(1)
Cloud Storage
440(1)
Storage Area Network
441(1)
Permissions/ACL
441(1)
Network Hardening
441(3)
Software Updates
442(1)
Device Configuration
442(1)
Securing Management Interfaces
443(1)
VLAN Management
443(1)
IPv4 vs. IPv6
443(1)
Application Hardening
444(6)
Application Configuration Baseline
444(1)
Application Patches
444(1)
Patch Management
445(3)
Host Software Baselining
448(2)
Group Policies
450(2)
Security Templates
452(2)
Alternative Environments
454(10)
SCADA
454(1)
Embedded Systems
455(1)
Phones and Mobile Devices
455(1)
Mainframe
456(1)
Game Consoles
457(1)
In-Vehicle Computing Systems
457(1)
Alternative Environment Methods
457(1)
Network Segmentation
457(1)
Security Layers
458(1)
Application Firewalls
458(1)
Manual Updates
458(1)
Firmware Version Control
458(1)
Wrappers
459(1)
Control Redundancy and Diversity
459(1)
Chapter 14 Review
460(4)
Chapter 15 Types of Attacks and Malicious Software
464(40)
Avenues of Attack
465(1)
Minimizing Possible Avenues of Attack
465(1)
Malicious Code
466(8)
Viruses
466(3)
Worms
469(1)
Polymorphic Malware
469(1)
Trojan Horses
470(1)
Rootkits
470(1)
Logic Bombs
471(1)
Spyware
471(1)
Adware
471(1)
Botnets
472(1)
Backdoors and Trapdoors
472(1)
Ransomware
473(1)
Malware Defenses
473(1)
Attacking Computer Systems and Networks
474(21)
Denial-of-Service Attacks
474(4)
Social Engineering
478(1)
Null Sessions
478(1)
Sniffing
479(1)
Spoofing
480(3)
TCP/IP Hijacking
483(1)
Man-in-the-Middle Attacks
483(1)
Replay Attacks
484(1)
Transitive Access
484(1)
Spam
484(1)
Spim
485(1)
Phishing
485(1)
Spear Phishing
485(1)
Vishing
485(1)
Pharming
485(1)
Scanning Attacks
486(1)
Attacks on Encryption
486(1)
Address System Attacks
487(1)
Cache Poisoning
488(2)
Password Guessing
490(2)
Pass-the-Hash Attacks
492(1)
Software Exploitation
492(2)
Client-Side Attacks
494(1)
Advanced Persistent Threat
495(1)
Remote Access Trojans
496(1)
Tools
496(1)
Metasploit
496(1)
BackTrack/Kali
496(1)
Social-Engineering Toolkit
496(1)
Cobalt Strike
497(1)
Core Impact
497(1)
Burp Suite
497(1)
Auditing
497(7)
Perform Routine Audits
498(2)
Chapter 15 Review
500(4)
Chapter 16 E-Mail and Instant Messaging
504(26)
How E-Mail Works
505(4)
E-Mail Structure
506(2)
MIME
508(1)
Security of E-Mail
509(8)
Malicious Code
510(3)
Hoax E-Mails
513(1)
Unsolicited Commercial E-Mail (Spam)
514(2)
Sender ID Framework
516(1)
DomainKeys Identified Mail
517(1)
Mail Encryption
517(5)
S/MIME
518(2)
PGP
520(2)
Instant Messaging
522(8)
Modern Instant Messaging Systems
524(2)
Chapter 16 Review
526(4)
Chapter 17 Web Components
530(28)
Current Web Components and Concerns
531(1)
Web Protocols
531(10)
Encryption (SSL and TLS)
531(6)
The Web (HTTP and HTTPS)
537(1)
HTTPS Everywhere
538(1)
HTTP Strict Transport Security
538(1)
Directory Services (DAP and LDAP)
539(1)
File Transfer (FTP and SFTP)
540(1)
Vulnerabilities
541(1)
Code-Based Vulnerabilities
541(11)
Buffer Overflows
542(1)
Java
542(2)
JavaScript
544(1)
ActiveX
545(1)
Securing the Browser
546(1)
CGI
546(1)
Server-Side Scripts
547(1)
Cookies
547(3)
Browser Plug-ins
550(1)
Malicious Add-ons
551(1)
Signed Applets
551(1)
Application-Based Weaknesses
552(6)
Session Hijacking
553(1)
Client-Side Attacks
554(1)
Web 2.0 and Security
554(1)
Chapter 17 Review
555(3)
Chapter 18 Secure Software Development
558(26)
The Software Engineering Process
559(9)
Process Models
559(1)
Secure Development Lifecycle
560(8)
Secure Coding Concepts
568(4)
Error and Exception Handling
568(1)
Input and Output Validation
568(3)
Fuzzing
571(1)
Bug Tracking
571(1)
Application Attacks
572(6)
Cross-Site Scripting
572(1)
Injections
573(2)
Directory Traversal/Command Injection
575(1)
Buffer Overflow
575(1)
Integer Overflow
576(1)
Cross-Site Request Forgery
576(1)
Zero-Day
577(1)
Attachments
577(1)
Locally Shared Objects
577(1)
Client-Side Attacks
577(1)
Arbitrary/Remote Code Execution
578(1)
Open Vulnerability and Assessment Language
578(1)
Application Hardening
578(6)
Application Configuration Baseline
579(1)
Application Patch Management
579(1)
NoSQL Databases vs. SQL Databases
579(1)
Server-Side vs. Client-Side Validation
579(2)
Chapter 18 Review
581(3)
Chapter 19 Business Continuity and Disaster Recovery, and Organizational Policies
584(24)
Business Continuity
585(2)
Business Continuity Plans
585(1)
Business Impact Analysis
586(1)
Identification of Critical Systems and Components
586(1)
Removing Single Points of Failure
586(1)
Risk Assessment
586(1)
Succession Planning
586(1)
Continuity of Operations
587(1)
Disaster Recovery
587(21)
Disaster Recovery Plans/Process
587(1)
Categories of Business Functions
588(1)
IT Contingency Planning
589(1)
Test, Exercise, and Rehearse
589(2)
Recovery Time Objective and Recovery Point Objective
591(1)
Backups
591(5)
Alternative Sites
596(1)
Utilities
597(1)
Secure Recovery
598(1)
Cloud Computing
599(1)
High Availability and Fault Tolerance
599(1)
Failure and Recovery Timing
600(4)
Chapter 19 Review
604(4)
Chapter 20 Risk Management
608(26)
An Overview of Risk Management
609(2)
Example of Risk Management at the International Banking Level
609(1)
Risk Management Vocabulary
610(1)
What Is Risk Management?
611(2)
Risk Management Culture
612(1)
Business Risks
613(1)
Examples of Business Risks
613(1)
Examples of Technology Risks
613(1)
Risk Mitigation Strategies
614(1)
Change Management
614(1)
Incident Management
615(1)
User Rights and Permissions Reviews
615(1)
Data Loss or Theft
615(1)
Risk Management Models
615(5)
General Risk Management Model
616(2)
Software Engineering Institute Model
618(1)
NIST Risk Models
618(1)
Model Application
619(1)
Qualitatively Assessing Risk
620(1)
Quantitatively Assessing Risk
621(4)
Adding Objectivity to a Qualitative Assessment
621(1)
Risk Calculation
622(3)
Qualitative vs. Quantitative Risk Assessment
625(1)
Tools
625(2)
Cost-Effectiveness Modeling
626(1)
Risk Management Best Practices
627(7)
System Vulnerabilities
627(1)
Threat Vectors
627(1)
Probability/Threat Likelihood
628(1)
Risk-Avoidance, Transference, Acceptance, Mitigation, Deterrence
628(1)
Risks Associated with Cloud Computing and Virtualization
629(1)
Chapter 20 Review
630(4)
Chapter 21 Change Management
634(16)
Why Change Management?
635(2)
The Key Concept: Separation of Duties
637(2)
Elements of Change Management
639(1)
Implementing Change Management
640(2)
Back-out Plan
642(1)
The Purpose of a Change Control Board
642(2)
Code Integrity
643(1)
The Capability Maturity Model Integration
644(6)
Chapter 21 Review
646(4)
Chapter 22 Incident Response
650(24)
Foundations of Incident Response
651(3)
Incident Management
651(1)
Anatomy of an Attack
652(2)
Goals of Incident Response
654(1)
Incident Response Process
654(13)
Preparation
655(3)
Security Measure Implementation
658(1)
Incident Identification/Detection
659(1)
Initial Response
660(1)
Incident Isolation
661(2)
Strategy Formulation
663(1)
Investigation
664(1)
Recovery/Reconstitution Procedures
665(1)
Reporting
666(1)
Follow-up/Lessons Learned
666(1)
Standards and Best Practices
667(7)
State of Compromise
667(1)
NIST
667(1)
Department of Justice
667(1)
Indicators of Compromise
668(1)
Cyber Kill Chain
669(1)
Making Security Measurable
669(2)
Chapter 22 Review
671(3)
Chapter 23 Computer Forensics
674(22)
Evidence
675(2)
Types of Evidence
676(1)
Standards for Evidence
676(1)
Three Rules Regarding Evidence
677(1)
Forensic Process
677(7)
Acquiring Evidence
679(2)
Identifying Evidence
681(1)
Protecting Evidence
681(1)
Transporting Evidence
682(1)
Storing Evidence
682(1)
Conducting the Investigation
682(2)
Analysis
684(1)
Chain of Custody
684(1)
Message Digest and Hash
685(1)
Host Forensics
685(3)
File Systems
685(2)
Windows Metadata
687(1)
Linux Metadata
688(1)
Device Forensics
688(1)
Network Forensics
689(1)
E-Discovery
689(7)
Reference Model
689(1)
Big Data
690(1)
Cloud
690(1)
Chapter 23 Review
691(5)
Chapter 24 Legal Issues and Ethics
696(20)
Cybercrime
697(13)
Common Internet Crime Schemes
698(1)
Sources of Laws
698(1)
Computer Trespass
699(1)
Significant U.S. Laws
700(3)
Payment Card Industry Data Security Standard (PCI DSS)
703(2)
Import/Export Encryption Restrictions
705(1)
Non-U.S. Laws
706(1)
Digital Signature Laws
706(2)
Digital Rights Management
708(2)
Ethics
710(6)
Chapter 24 Review
713(3)
Chapter 25 Privacy
716(22)
Personally Identifiable Information (PII)
717(2)
Sensitive PII
718(1)
Notice, Choice, and Consent
719(1)
U.S. Privacy Laws
719(7)
Privacy Act of 1974
720(1)
Freedom of Information Act (FOIA)
720(1)
Family Education Records and Privacy Act (FERPA)
721(1)
U.S. Computer Fraud and Abuse Act (CFAA)
721(1)
U.S. Children's Online Privacy Protection Act (COPPA)
722(1)
Video Privacy Protection Act (VPPA)
722(1)
Health Insurance Portability & Accountability Act (HIPAA)
723(1)
Gramm-Leach-Bliley Act (GLBA)
724(1)
California Senate Bill 1386 (SB 1386)
724(1)
U.S. Banking Rules and Regulations
724(1)
Payment Card Industry Data Security Standard (PCI DSS)
725(1)
Fair Credit Reporting Act (FCRA)
725(1)
Fair and Accurate Credit Transactions Act (FACTA)
725(1)
Non-Federal Privacy Concerns in the United States
726(1)
International Privacy Laws
727(3)
OECD Fair Information Practices
727(1)
European Laws
728(1)
Canadian Laws
729(1)
Asian Laws
729(1)
Privacy-Enhancing Technologies
730(1)
Privacy Policies
730(1)
Privacy Impact Assessment
731(1)
Web Privacy Issues
731(1)
Cookies
732(1)
Privacy in Practice
732(6)
User Actions
732(1)
Data Breaches
733(2)
Chapter 25 Review
735(3)
Appendix A CompTIA Security+ Exam Objectives: SYO-401
738(18)
Appendix B About the CD-ROM
756(2)
System Requirements
756(1)
Total Tester Premium Practice Exam Software
756(1)
Installing and Running Total Tester Premium Practice Exam Software
757(1)
PDF Copy of the Book
757(1)
Technical Support
757(1)
Total Seminars Technical Support
757(1)
McGraw-Hill Education Content Support
757(1)
Glossary 758(23)
Index 781
Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklins interests are information security, systems theory, and secure software design.





Greg White (San Antonio, TX), CompTIA Security+, CISSP, is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. Dr. White is the Director of the Center for Infrastructure Assurance and Security at UTSA.





Chuck Cothren is a Research Scientist at University of Texas at San Antonio (UTSA) Center for Infrastructure Assurance and Security (CIAS) and currently serves on the Information Security Associations Alamo Chapter Board of Directors. Mr. Cothren has a wide array of security experience including performing controlled penetration testing, network security policies, computer intrusion forensics, and computer training. He is a Certified Information Systems Security Professional (CISSP) and has co-authored other McGraw-Hill/Osborne titles. Mr. Cothren holds a B.S. in Industrial Distribution from Texas A&M University.





Roger L. Davis is a Senior Internal Audit Manager at NuSkin Enterprises and is responsible for evaluating global business operations in over 35 countries. He is a retired Air Force Colonel with over 20 years of military and information security experience. Mr. Davis is a Certified Information Systems Security Professional (CISSP) and holds a Masters Degree in Computer Science from George Washington University.
Daugiau apie elektronines knygas Daugiau apie elektronines knygas
Pastovi nuoroda: https://www.kriso.lt/db/97800718360126e.html
Raktažodžiai: