The InfoSec Handbook : (Kayıt no. 15666)
[ düz görünüm ]
| 000 -BAŞLIK | |
|---|---|
| Sabit Uzunluktaki Kontrol Alanı | 10979nam a22004453i 4500 |
| 001 - KONTROL NUMARASI | |
| Control Dosyası | EBC6422542 |
| 003 - KONTROL NUMARASI KİMLİĞİ | |
| Kontrol Alanı | MiAaPQ |
| 005 - EN SON İŞLEM TARİHİ ve ZAMANI | |
| Kontrol Alanı | 20220623112330.0 |
| 006 - FIXED-LENGTH DATA ELEMENTS--ADDITIONAL MATERIAL CHARACTERISTICS | |
| fixed length control field | m o d | |
| 007 - PHYSICAL DESCRIPTION FIXED FIELD--GENERAL INFORMATION | |
| fixed length control field | cr cnu|||||||| |
| 008 - SABİT UZUNLUKTAKİ VERİ ÖGELERİ - GENEL BİLGİ | |
| Sabit Alan | 220617s2014 xx o ||||0 eng d |
| 020 ## - ISBN - ULUSLARARASI STANDART KİTAP NUMARASI | |
| Isbn | 9781430263838 |
| -- | (electronic bk.) |
| 020 ## - ISBN - ULUSLARARASI STANDART KİTAP NUMARASI | |
| Cancelled/invalid ISBN | 9781430263821 |
| 035 ## - SİSTEM KONTROL NUMARASI | |
| Sistem Kontrol Numarası | (MiAaPQ)EBC6422542 |
| 035 ## - SİSTEM KONTROL NUMARASI | |
| Sistem Kontrol Numarası | (Au-PeEL)EBL6422542 |
| 035 ## - SİSTEM KONTROL NUMARASI | |
| Sistem Kontrol Numarası | (OCoLC)1202555273 |
| 040 ## - KATALOGLAMA KAYNAĞI | |
| Özgün Kataloglama Kurumu | MiAaPQ |
| Kataloglama Dili | eng |
| Açıklama Kuralları | rda |
| -- | pn |
| Çeviri Kurumu | MiAaPQ |
| Değiştiren Kurum | MiAaPQ |
| 050 #4 - SINIFLAMA ve YER NUMARASI | |
| Sınıflama Numarası | QA76.9.A25 |
| 100 1# - KİŞİ ADI | |
| Yazar Adı (Kişi adı) | Nayak, Umesha. |
| 245 14 - ESER ADI BİLDİRİMİ | |
| Başlık | The InfoSec Handbook : |
| Alt Eseradı vb. | An Introduction to Information Security. |
| 264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Place of production, publication, distribution, manufacture | Berkeley, CA : |
| Name of producer, publisher, distributor, manufacturer | Apress L. P., |
| Date of production, publication, distribution, manufacture, or copyright notice | 2014. |
| 264 #4 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE | |
| Date of production, publication, distribution, manufacture, or copyright notice | �2014. |
| 300 ## - FİZİKSEL TANIMLAMA | |
| Sayfa, Cilt vb. | 1 online resource (376 pages) |
| 336 ## - CONTENT TYPE | |
| Content type term | text |
| Content type code | txt |
| Source | rdacontent |
| 337 ## - MEDIA TYPE | |
| Media type term | computer |
| Media type code | c |
| Source | rdamedia |
| 338 ## - CARRIER TYPE | |
| Carrier type term | online resource |
| Carrier type code | cr |
| Source | rdacarrier |
| 505 0# - İÇİNDEKİLER NOTU | |
| İçindekiler Notu | Intro -- Contents at a Glance -- Contents -- About the Authors -- Acknowledgments -- Introduction -- Part I: Introduction -- Chapter 1: Introduction to Security -- What is Security? -- Why is Security Important? -- What if You Do Not Care About Security? -- The Evolution of the Computer and Information Security -- Information Security Today -- Applicable Standards and Certifications -- The Role of a Security Program -- Chapter 2: History of Computer Security -- Introduction -- Communication -- World Wars and Their Influence on the Field of Security -- Cypher Machine: Enigma -- Bletchley Park -- Code Breakers -- Some Historical Figures of Importance: Hackers and Phreakers -- Kevin Mitnick -- Chapter Summary -- Part II: Key Principles and Practices -- Chapter 3: Key Concepts and Principles -- Introduction -- Security Threats -- External and Internal Threats -- Information Security Frameworks and Information Security Architecture -- Information Security Management Systems Framework Provided by ISO/IEC 27001:2013 -- NIST Special Publication 800-39 complemented by 800-53 -- SABSA� -- Pillars of Security -- People -- Organization of Information Security -- The Need for Independence -- Specific Roles and Responsibilities -- Audit Committee or Information Security Committee at the Board Level -- Information Security Sponsor or Champion -- Chief Information Security Officer or Information Security Officer -- Information Security Forum -- Information Security Specialists -- Project Managers -- Data Owners -- Data Custodians -- Users of the data -- Authority for Information Security -- Policies, Procedures, and Processes -- Technology -- Information Security Concepts -- CIA Triad -- Confidentiality -- Integrity -- Availability -- Parkerian Hexad -- Implementation of Information Security -- Risk Assessment -- Planning and Architecture -- Gap Analysis. |
| 505 8# - İÇİNDEKİLER NOTU | |
| İçindekiler Notu | Integration and Deployment -- Operations -- Monitoring -- Legal Compliance and Audit -- Crisis Management -- Principles of Information Security -- Chapter Summary -- Chapter 4: Access Controls -- Introduction -- Confidentiality and Data Integrity -- Who Can Access the Data? -- What is an Access Control? -- Authentication and Authorization -- Authentication and Access Control Layers -- Administrative Access Controls (Layer) -- Access Control Policy -- Personnel related - jobs, responsibilities, and authorities -- Segregation of duties -- Supporting policies and procedure -- Control Over Information Access to Trade Restricted Persons -- Technical (Logical) Controls -- Passwords -- Smartcards -- Encryption -- Network Access -- System Access -- Physical Access Controls -- Network Segregation -- Perimeter Security -- Security Guards -- Badge Systems -- Biometric Access Controls -- Access Control Strategies -- Discretionary Access Control (DAC) -- Mandatory Access Control (MAC) -- Role-Based Access Control (RBAC) -- Attribute Based Access Control -- Implementing Access Controls -- Access Control Lists (ACLs) -- File System ACLs -- Network ACLs -- AAA Framework -- RADIUS and TACAS+ -- LDAP and Active Directory -- IDAM -- Chapter Summary -- Chapter 5: Information Systems Management -- Introduction -- Risk -- Incident -- Disaster -- Disaster Recovery -- Business Continuity -- Risk Management -- Identification of Risk -- Risk Analysis -- Risk Responses -- Execution of the Risk Treatment Plans -- The Importance of Conducting a Periodic Risk Assessment -- Incident Response -- Incident Response Policy, Plan, and Processes -- Incident Response Policy -- Purpose and Scope of the Policy -- Definition of Information Security Incidents and Related Terms 2 -- Organizational Structure, Roles, Responsibilities, and Authorities -- Ratings of Incidents -- Measurements. |
| 505 8# - İÇİNDEKİLER NOTU | |
| İçindekiler Notu | Incident Response Plan -- Purpose and Scope -- Strategies, Goals, and Approach to Incident Response -- Internal and External Communication Plan -- Plan for the Incident Response Capability 2 -- Measurement of Incident Response Capability and its Effectiveness -- Integration with the Other Plans of the Organization -- Incident Response Processes -- Incident Response Teams -- Incident Response Team structuring based on distribution of the Responsibilities -- Centralized Incident Response Teams 2 -- Distributed Incident Response Teams 2 -- Hybrid Incident Response Teams -- Incident Response Team Structuring Based on who Constitutes the Teams -- Fully Employee Constituted Incident Response Teams -- Fully Outsourced Incident Response Teams -- Hybrid Teams: Partially Constituted by Employees and Partially Constituted by Outsourced Contractors -- Ensuring Effectiveness of Incident Response -- Preparation 2 -- Incident Detection 2 -- Precursors and Indicators of Incidents 2 -- Sources of Precursors and Indicators -- Analysis of the Incidents: 2 -- Incident Im pact Analysis and Prioritization of the Actions 2 -- Incident Documentation and Incident Notification 2 -- Incident Containment, Eradication, and Recovery 2 -- Containment Strategy 2 -- Evidence Gathering and Handling 2 -- Eradication and Recovery 2 -- Post Incident Analysis and Activities 2 -- Analysis of Learnings -- Use of Incident Data 2 -- Disaster Recovery and Business Continuity -- How to Approach Business Continuity Plan -- Assign Clear Roles and Responsibilities -- Sponsor -- Project Manager -- Business Continuity Planning Team -- Life Cycle of Business Continuity Planning -- Scoping -- Plan for Formulation of Business Continuity Plan -- Business Continuity Plan Kick-Off Meeting -- Business Impact Analysis (BIA) -- Business Continuity Plan Preparation -- Business Continuity Plan Validation &. |
| 505 8# - İÇİNDEKİLER NOTU | |
| İçindekiler Notu | Training -- Up-to-date Maintenance of the BCP -- Chapter Summary -- Part III: Application Security -- Chapter 6: Application and Web Security -- Introduction -- Software Applications -- Completeness of the Inputs -- Correctness of the Inputs -- Completeness of Processing -- Correctness of Processing -- Completeness of the Updates -- Correctness of the Updates -- Preservation of the Integrity of the Data in Storage -- Preservation of the Integrity of the Data while in Transmission -- Importance of an Effective Application Design and Development Life Cycle -- Important Guidelines for Secure Design and Development -- Web Browsers, Web Servers, and Web Applications -- Vulnerabilities in Web Browsers -- Inappropriate Configuration -- Unnecessary or Untrusted Add-ons -- Malware or Executables run on the Web Browser -- No Patching up or Carrying out the Security Updates -- How to Overcome the Vulnerabilities of Web Browsers -- Vulnerabilities of Web Servers -- Default Users and Default Permissions are not changed -- Sample files and scripts are not removed -- Default Configuration is Not Changed -- File and Directory Permissions are not Set Properly -- Security Loop-Holes or Defects in the Web Server Software or Underlying Operating System -- How to Overcome the Web Server Vulnerabilities -- Web Applications -- SQL Injection Attacks -- Command Injection Attacks -- Buffer Overflow Attacks -- Cro ss-Site Scripting -- Cookie Poisoning -- Session Hijacking Attacks -- How to Overcome Web Application Vulnerabilities -- Secure Socket Layer (SSL) Security and Digital Certificate -- Chapter Summary -- Chapter 7: Malicious Software and Anti-Virus Software -- Introduction -- Malware Software -- Introduction to Malware -- Covert channels -- Types of Malware in Detail -- Spyware -- Adware -- Trojans -- Viruses -- Worms -- Backdoors -- Botnets -- A Closer Look at Spyware. |
| 505 8# - İÇİNDEKİLER NOTU | |
| İçindekiler Notu | Trojans and Backdoors -- Rootkits -- Viruses and Worms -- Botnets -- Brief History of Viruses, Worms, and Trojans -- The Current Situation -- Anti-Virus Software -- Need for Anti-Virus Software -- Top 5 Commercially Available Anti-Virus Software -- Symantec Norton Anti-Virus Software -- McAfee Anti- Virus -- Kaspersky Anti- Virus -- Bitdefender Anti- Virus -- AVG Anti-Virus Software -- A Few Words of Caution -- Chapter Summary -- Chapter 8: Cryptography -- Introduction -- Cryptographic Algorithms -- Symmetric Key Cryptography -- Key Distribution -- Asymmetric Key Cryptography -- Public Key Cryptography -- RSA Algorithm -- Advantages of Public Key Cryptography -- Applications of PKC -- Public Key Infrastructure (PKI) -- Certificate Authority (CA) -- Digital Certificate -- Hash Function Cryptography -- Popular Hashes -- Digital Signatures -- Summary of Cryptography Standard Algorithms -- Disk / Drive Encryption -- Attacks on Cryptography -- Chapter Summary -- Part IV: Network Security -- Chapter 9: Understanding Networks and Network Security -- Introduction -- Networking Fundamentals -- Computer Communication -- Network and its Components -- Network Protocols -- OSI (Open Systems Interconnection) Reference Model -- TCP/IP Model -- Network Vulnerabilities and Threats -- Vulnerabilities -- Security Policy Weaknesses -- Technology Weaknesses -- Configuration Weaknesses -- Threats -- Attacks -- Reconnaissance -- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) -- Other Attacks on Networks -- How to counter the Network Attacks -- Chapter Summary -- Chapter 10: Firewalls -- Introduction -- How Do You Protect a Network? -- Firewall -- Basic Functions of Firewall -- Packet Filtering -- How a packet filtering firewall works -- TCP Layer -- An Example of Packet Filtering Rules -- Advantages and Disadvantages of Packet filtering. |
| 505 8# - İÇİNDEKİLER NOTU | |
| İçindekiler Notu | Stateful Packet Filtering. |
| 590 ## - LOCAL NOTE (RLIN) | |
| Local note | Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2022. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries. |
| 655 #4 - INDEX TERM--GENRE/FORM | |
| Genre/form data or focus term | Electronic books. |
| 700 1# - EK GİRİŞ - KİŞİ ADI | |
| Yazar Adı (Kişi adı) | Rao, Umesh Hodeghatta. |
| 776 08 - ADDITIONAL PHYSICAL FORM ENTRY | |
| Display text | Print version: |
| Main entry heading | Nayak, Umesha |
| Title | The InfoSec Handbook |
| Place, publisher, and date of publication | Berkeley, CA : Apress L. P.,c2014 |
| International Standard Book Number | 9781430263821 |
| 797 2# - LOCAL ADDED ENTRY--CORPORATE NAME (RLIN) | |
| Corporate name or jurisdiction name as entry element | ProQuest (Firm) |
| 856 40 - ELEKTRONİK YER ve ERİŞİM | |
| Kaynak Tanımlayıcı (URL) | <a href="https://ebookcentral.proquest.com/lib/ostimteknik/detail.action?docID=6422542">https://ebookcentral.proquest.com/lib/ostimteknik/detail.action?docID=6422542</a> |
| Public note | Click to View |
| 588 ## - SOURCE OF DESCRIPTION NOTE | |
| Ekli Tam Metin | Description based on publisher supplied metadata and other sources. |
Kullanılabilir materyal yok.
