The InfoSec Handbook : An Introduction to Information Security.

Yazar:Nayak, Umesha
Katkıda bulunan(lar):Rao, Umesh Hodeghatta
Materyal türü: KonuKonuYayıncı: Berkeley, CA : Apress L. P., 2014Telif hakkı tarihi: �2014Tanım: 1 online resource (376 pages)İçerik türü:text Ortam türü:computer Taşıyıcı türü: online resourceISBN: 9781430263838Tür/Form:Electronic books.Ek fiziksel biçimler:Print version:: The InfoSec HandbookLOC classification: QA76.9.A25Çevrimiçi kaynaklar: Click to View
İçindekiler:
Intro -- Contents at a Glance -- Contents -- About the Authors -- Acknowledgments -- Introduction -- Part I: Introduction -- Chapter 1: Introduction to Security -- What is Security? -- Why is Security Important? -- What if You Do Not Care About Security? -- The Evolution of the Computer and Information Security -- Information Security Today -- Applicable Standards and Certifications -- The Role of a Security Program -- Chapter 2: History of Computer Security -- Introduction -- Communication -- World Wars and Their Influence on the Field of Security -- Cypher Machine: Enigma -- Bletchley Park -- Code Breakers -- Some Historical Figures of Importance: Hackers and Phreakers -- Kevin Mitnick -- Chapter Summary -- Part II: Key Principles and Practices -- Chapter 3: Key Concepts and Principles -- Introduction -- Security Threats -- External and Internal Threats -- Information Security Frameworks and Information Security Architecture -- Information Security Management Systems Framework Provided by ISO/IEC 27001:2013 -- NIST Special Publication 800-39 complemented by 800-53 -- SABSA� -- Pillars of Security -- People -- Organization of Information Security -- The Need for Independence -- Specific Roles and Responsibilities -- Audit Committee or Information Security Committee at the Board Level -- Information Security Sponsor or Champion -- Chief Information Security Officer or Information Security Officer -- Information Security Forum -- Information Security Specialists -- Project Managers -- Data Owners -- Data Custodians -- Users of the data -- Authority for Information Security -- Policies, Procedures, and Processes -- Technology -- Information Security Concepts -- CIA Triad -- Confidentiality -- Integrity -- Availability -- Parkerian Hexad -- Implementation of Information Security -- Risk Assessment -- Planning and Architecture -- Gap Analysis.
Integration and Deployment -- Operations -- Monitoring -- Legal Compliance and Audit -- Crisis Management -- Principles of Information Security -- Chapter Summary -- Chapter 4: Access Controls -- Introduction -- Confidentiality and Data Integrity -- Who Can Access the Data? -- What is an Access Control? -- Authentication and Authorization -- Authentication and Access Control Layers -- Administrative Access Controls (Layer) -- Access Control Policy -- Personnel related - jobs, responsibilities, and authorities -- Segregation of duties -- Supporting policies and procedure -- Control Over Information Access to Trade Restricted Persons -- Technical (Logical) Controls -- Passwords -- Smartcards -- Encryption -- Network Access -- System Access -- Physical Access Controls -- Network Segregation -- Perimeter Security -- Security Guards -- Badge Systems -- Biometric Access Controls -- Access Control Strategies -- Discretionary Access Control (DAC) -- Mandatory Access Control (MAC) -- Role-Based Access Control (RBAC) -- Attribute Based Access Control -- Implementing Access Controls -- Access Control Lists (ACLs) -- File System ACLs -- Network ACLs -- AAA Framework -- RADIUS and TACAS+ -- LDAP and Active Directory -- IDAM -- Chapter Summary -- Chapter 5: Information Systems Management -- Introduction -- Risk -- Incident -- Disaster -- Disaster Recovery -- Business Continuity -- Risk Management -- Identification of Risk -- Risk Analysis -- Risk Responses -- Execution of the Risk Treatment Plans -- The Importance of Conducting a Periodic Risk Assessment -- Incident Response -- Incident Response Policy, Plan, and Processes -- Incident Response Policy -- Purpose and Scope of the Policy -- Definition of Information Security Incidents and Related Terms 2 -- Organizational Structure, Roles, Responsibilities, and Authorities -- Ratings of Incidents -- Measurements.
Incident Response Plan -- Purpose and Scope -- Strategies, Goals, and Approach to Incident Response -- Internal and External Communication Plan -- Plan for the Incident Response Capability 2 -- Measurement of Incident Response Capability and its Effectiveness -- Integration with the Other Plans of the Organization -- Incident Response Processes -- Incident Response Teams -- Incident Response Team structuring based on distribution of the Responsibilities -- Centralized Incident Response Teams 2 -- Distributed Incident Response Teams 2 -- Hybrid Incident Response Teams -- Incident Response Team Structuring Based on who Constitutes the Teams -- Fully Employee Constituted Incident Response Teams -- Fully Outsourced Incident Response Teams -- Hybrid Teams: Partially Constituted by Employees and Partially Constituted by Outsourced Contractors -- Ensuring Effectiveness of Incident Response -- Preparation 2 -- Incident Detection 2 -- Precursors and Indicators of Incidents 2 -- Sources of Precursors and Indicators -- Analysis of the Incidents: 2 -- Incident Im pact Analysis and Prioritization of the Actions 2 -- Incident Documentation and Incident Notification 2 -- Incident Containment, Eradication, and Recovery 2 -- Containment Strategy 2 -- Evidence Gathering and Handling 2 -- Eradication and Recovery 2 -- Post Incident Analysis and Activities 2 -- Analysis of Learnings -- Use of Incident Data 2 -- Disaster Recovery and Business Continuity -- How to Approach Business Continuity Plan -- Assign Clear Roles and Responsibilities -- Sponsor -- Project Manager -- Business Continuity Planning Team -- Life Cycle of Business Continuity Planning -- Scoping -- Plan for Formulation of Business Continuity Plan -- Business Continuity Plan Kick-Off Meeting -- Business Impact Analysis (BIA) -- Business Continuity Plan Preparation -- Business Continuity Plan Validation &amp.
Training -- Up-to-date Maintenance of the BCP -- Chapter Summary -- Part III: Application Security -- Chapter 6: Application and Web Security -- Introduction -- Software Applications -- Completeness of the Inputs -- Correctness of the Inputs -- Completeness of Processing -- Correctness of Processing -- Completeness of the Updates -- Correctness of the Updates -- Preservation of the Integrity of the Data in Storage -- Preservation of the Integrity of the Data while in Transmission -- Importance of an Effective Application Design and Development Life Cycle -- Important Guidelines for Secure Design and Development -- Web Browsers, Web Servers, and Web Applications -- Vulnerabilities in Web Browsers -- Inappropriate Configuration -- Unnecessary or Untrusted Add-ons -- Malware or Executables run on the Web Browser -- No Patching up or Carrying out the Security Updates -- How to Overcome the Vulnerabilities of Web Browsers -- Vulnerabilities of Web Servers -- Default Users and Default Permissions are not changed -- Sample files and scripts are not removed -- Default Configuration is Not Changed -- File and Directory Permissions are not Set Properly -- Security Loop-Holes or Defects in the Web Server Software or Underlying Operating System -- How to Overcome the Web Server Vulnerabilities -- Web Applications -- SQL Injection Attacks -- Command Injection Attacks -- Buffer Overflow Attacks -- Cro ss-Site Scripting -- Cookie Poisoning -- Session Hijacking Attacks -- How to Overcome Web Application Vulnerabilities -- Secure Socket Layer (SSL) Security and Digital Certificate -- Chapter Summary -- Chapter 7: Malicious Software and Anti-Virus Software -- Introduction -- Malware Software -- Introduction to Malware -- Covert channels -- Types of Malware in Detail -- Spyware -- Adware -- Trojans -- Viruses -- Worms -- Backdoors -- Botnets -- A Closer Look at Spyware.
Trojans and Backdoors -- Rootkits -- Viruses and Worms -- Botnets -- Brief History of Viruses, Worms, and Trojans -- The Current Situation -- Anti-Virus Software -- Need for Anti-Virus Software -- Top 5 Commercially Available Anti-Virus Software -- Symantec Norton Anti-Virus Software -- McAfee Anti- Virus -- Kaspersky Anti- Virus -- Bitdefender Anti- Virus -- AVG Anti-Virus Software -- A Few Words of Caution -- Chapter Summary -- Chapter 8: Cryptography -- Introduction -- Cryptographic Algorithms -- Symmetric Key Cryptography -- Key Distribution -- Asymmetric Key Cryptography -- Public Key Cryptography -- RSA Algorithm -- Advantages of Public Key Cryptography -- Applications of PKC -- Public Key Infrastructure (PKI) -- Certificate Authority (CA) -- Digital Certificate -- Hash Function Cryptography -- Popular Hashes -- Digital Signatures -- Summary of Cryptography Standard Algorithms -- Disk / Drive Encryption -- Attacks on Cryptography -- Chapter Summary -- Part IV: Network Security -- Chapter 9: Understanding Networks and Network Security -- Introduction -- Networking Fundamentals -- Computer Communication -- Network and its Components -- Network Protocols -- OSI (Open Systems Interconnection) Reference Model -- TCP/IP Model -- Network Vulnerabilities and Threats -- Vulnerabilities -- Security Policy Weaknesses -- Technology Weaknesses -- Configuration Weaknesses -- Threats -- Attacks -- Reconnaissance -- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) -- Other Attacks on Networks -- How to counter the Network Attacks -- Chapter Summary -- Chapter 10: Firewalls -- Introduction -- How Do You Protect a Network? -- Firewall -- Basic Functions of Firewall -- Packet Filtering -- How a packet filtering firewall works -- TCP Layer -- An Example of Packet Filtering Rules -- Advantages and Disadvantages of Packet filtering.
Stateful Packet Filtering.
Bu kütüphanenin etiketleri: Kütüphanedeki eser adı için etiket yok. Etiket eklemek için oturumu açın.
    Ortalama derecelendirme: 0.0 (0 oy)
Bu kayda ilişkin materyal yok

Intro -- Contents at a Glance -- Contents -- About the Authors -- Acknowledgments -- Introduction -- Part I: Introduction -- Chapter 1: Introduction to Security -- What is Security? -- Why is Security Important? -- What if You Do Not Care About Security? -- The Evolution of the Computer and Information Security -- Information Security Today -- Applicable Standards and Certifications -- The Role of a Security Program -- Chapter 2: History of Computer Security -- Introduction -- Communication -- World Wars and Their Influence on the Field of Security -- Cypher Machine: Enigma -- Bletchley Park -- Code Breakers -- Some Historical Figures of Importance: Hackers and Phreakers -- Kevin Mitnick -- Chapter Summary -- Part II: Key Principles and Practices -- Chapter 3: Key Concepts and Principles -- Introduction -- Security Threats -- External and Internal Threats -- Information Security Frameworks and Information Security Architecture -- Information Security Management Systems Framework Provided by ISO/IEC 27001:2013 -- NIST Special Publication 800-39 complemented by 800-53 -- SABSA� -- Pillars of Security -- People -- Organization of Information Security -- The Need for Independence -- Specific Roles and Responsibilities -- Audit Committee or Information Security Committee at the Board Level -- Information Security Sponsor or Champion -- Chief Information Security Officer or Information Security Officer -- Information Security Forum -- Information Security Specialists -- Project Managers -- Data Owners -- Data Custodians -- Users of the data -- Authority for Information Security -- Policies, Procedures, and Processes -- Technology -- Information Security Concepts -- CIA Triad -- Confidentiality -- Integrity -- Availability -- Parkerian Hexad -- Implementation of Information Security -- Risk Assessment -- Planning and Architecture -- Gap Analysis.

Integration and Deployment -- Operations -- Monitoring -- Legal Compliance and Audit -- Crisis Management -- Principles of Information Security -- Chapter Summary -- Chapter 4: Access Controls -- Introduction -- Confidentiality and Data Integrity -- Who Can Access the Data? -- What is an Access Control? -- Authentication and Authorization -- Authentication and Access Control Layers -- Administrative Access Controls (Layer) -- Access Control Policy -- Personnel related - jobs, responsibilities, and authorities -- Segregation of duties -- Supporting policies and procedure -- Control Over Information Access to Trade Restricted Persons -- Technical (Logical) Controls -- Passwords -- Smartcards -- Encryption -- Network Access -- System Access -- Physical Access Controls -- Network Segregation -- Perimeter Security -- Security Guards -- Badge Systems -- Biometric Access Controls -- Access Control Strategies -- Discretionary Access Control (DAC) -- Mandatory Access Control (MAC) -- Role-Based Access Control (RBAC) -- Attribute Based Access Control -- Implementing Access Controls -- Access Control Lists (ACLs) -- File System ACLs -- Network ACLs -- AAA Framework -- RADIUS and TACAS+ -- LDAP and Active Directory -- IDAM -- Chapter Summary -- Chapter 5: Information Systems Management -- Introduction -- Risk -- Incident -- Disaster -- Disaster Recovery -- Business Continuity -- Risk Management -- Identification of Risk -- Risk Analysis -- Risk Responses -- Execution of the Risk Treatment Plans -- The Importance of Conducting a Periodic Risk Assessment -- Incident Response -- Incident Response Policy, Plan, and Processes -- Incident Response Policy -- Purpose and Scope of the Policy -- Definition of Information Security Incidents and Related Terms 2 -- Organizational Structure, Roles, Responsibilities, and Authorities -- Ratings of Incidents -- Measurements.

Incident Response Plan -- Purpose and Scope -- Strategies, Goals, and Approach to Incident Response -- Internal and External Communication Plan -- Plan for the Incident Response Capability 2 -- Measurement of Incident Response Capability and its Effectiveness -- Integration with the Other Plans of the Organization -- Incident Response Processes -- Incident Response Teams -- Incident Response Team structuring based on distribution of the Responsibilities -- Centralized Incident Response Teams 2 -- Distributed Incident Response Teams 2 -- Hybrid Incident Response Teams -- Incident Response Team Structuring Based on who Constitutes the Teams -- Fully Employee Constituted Incident Response Teams -- Fully Outsourced Incident Response Teams -- Hybrid Teams: Partially Constituted by Employees and Partially Constituted by Outsourced Contractors -- Ensuring Effectiveness of Incident Response -- Preparation 2 -- Incident Detection 2 -- Precursors and Indicators of Incidents 2 -- Sources of Precursors and Indicators -- Analysis of the Incidents: 2 -- Incident Im pact Analysis and Prioritization of the Actions 2 -- Incident Documentation and Incident Notification 2 -- Incident Containment, Eradication, and Recovery 2 -- Containment Strategy 2 -- Evidence Gathering and Handling 2 -- Eradication and Recovery 2 -- Post Incident Analysis and Activities 2 -- Analysis of Learnings -- Use of Incident Data 2 -- Disaster Recovery and Business Continuity -- How to Approach Business Continuity Plan -- Assign Clear Roles and Responsibilities -- Sponsor -- Project Manager -- Business Continuity Planning Team -- Life Cycle of Business Continuity Planning -- Scoping -- Plan for Formulation of Business Continuity Plan -- Business Continuity Plan Kick-Off Meeting -- Business Impact Analysis (BIA) -- Business Continuity Plan Preparation -- Business Continuity Plan Validation &amp.

Training -- Up-to-date Maintenance of the BCP -- Chapter Summary -- Part III: Application Security -- Chapter 6: Application and Web Security -- Introduction -- Software Applications -- Completeness of the Inputs -- Correctness of the Inputs -- Completeness of Processing -- Correctness of Processing -- Completeness of the Updates -- Correctness of the Updates -- Preservation of the Integrity of the Data in Storage -- Preservation of the Integrity of the Data while in Transmission -- Importance of an Effective Application Design and Development Life Cycle -- Important Guidelines for Secure Design and Development -- Web Browsers, Web Servers, and Web Applications -- Vulnerabilities in Web Browsers -- Inappropriate Configuration -- Unnecessary or Untrusted Add-ons -- Malware or Executables run on the Web Browser -- No Patching up or Carrying out the Security Updates -- How to Overcome the Vulnerabilities of Web Browsers -- Vulnerabilities of Web Servers -- Default Users and Default Permissions are not changed -- Sample files and scripts are not removed -- Default Configuration is Not Changed -- File and Directory Permissions are not Set Properly -- Security Loop-Holes or Defects in the Web Server Software or Underlying Operating System -- How to Overcome the Web Server Vulnerabilities -- Web Applications -- SQL Injection Attacks -- Command Injection Attacks -- Buffer Overflow Attacks -- Cro ss-Site Scripting -- Cookie Poisoning -- Session Hijacking Attacks -- How to Overcome Web Application Vulnerabilities -- Secure Socket Layer (SSL) Security and Digital Certificate -- Chapter Summary -- Chapter 7: Malicious Software and Anti-Virus Software -- Introduction -- Malware Software -- Introduction to Malware -- Covert channels -- Types of Malware in Detail -- Spyware -- Adware -- Trojans -- Viruses -- Worms -- Backdoors -- Botnets -- A Closer Look at Spyware.

Trojans and Backdoors -- Rootkits -- Viruses and Worms -- Botnets -- Brief History of Viruses, Worms, and Trojans -- The Current Situation -- Anti-Virus Software -- Need for Anti-Virus Software -- Top 5 Commercially Available Anti-Virus Software -- Symantec Norton Anti-Virus Software -- McAfee Anti- Virus -- Kaspersky Anti- Virus -- Bitdefender Anti- Virus -- AVG Anti-Virus Software -- A Few Words of Caution -- Chapter Summary -- Chapter 8: Cryptography -- Introduction -- Cryptographic Algorithms -- Symmetric Key Cryptography -- Key Distribution -- Asymmetric Key Cryptography -- Public Key Cryptography -- RSA Algorithm -- Advantages of Public Key Cryptography -- Applications of PKC -- Public Key Infrastructure (PKI) -- Certificate Authority (CA) -- Digital Certificate -- Hash Function Cryptography -- Popular Hashes -- Digital Signatures -- Summary of Cryptography Standard Algorithms -- Disk / Drive Encryption -- Attacks on Cryptography -- Chapter Summary -- Part IV: Network Security -- Chapter 9: Understanding Networks and Network Security -- Introduction -- Networking Fundamentals -- Computer Communication -- Network and its Components -- Network Protocols -- OSI (Open Systems Interconnection) Reference Model -- TCP/IP Model -- Network Vulnerabilities and Threats -- Vulnerabilities -- Security Policy Weaknesses -- Technology Weaknesses -- Configuration Weaknesses -- Threats -- Attacks -- Reconnaissance -- Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) -- Other Attacks on Networks -- How to counter the Network Attacks -- Chapter Summary -- Chapter 10: Firewalls -- Introduction -- How Do You Protect a Network? -- Firewall -- Basic Functions of Firewall -- Packet Filtering -- How a packet filtering firewall works -- TCP Layer -- An Example of Packet Filtering Rules -- Advantages and Disadvantages of Packet filtering.

Stateful Packet Filtering.

Description based on publisher supplied metadata and other sources.

Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2022. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries.

There are no comments on this title.

yorum yazmak için.

Ziyaretçi Sayısı

Destekleyen Koha