Principles of computer security : CompTIA Security+ and beyond
Record details
- ISBN: 9781260474312
- ISBN: 1260474313
- ISBN: 1260474321
- ISBN: 9781260474329
-
Physical Description:
1 online resource
remote - Edition: Sixth edition.
- Publisher: New York : McGraw-Hill, 2021.
Content descriptions
General Note: | Title from content provider. Available through AccessEngineering. |
Formatted Contents Note: | Cover -- About the Authors -- Title Page -- Copyright Page -- Acknowledgments -- About this Book -- Contents at a Glance -- Contents -- Foreword -- Preface -- Introduction -- Instructor Website -- Chapter 1 Introduction and Security Trends -- The Computer Security Problem -- Threats to Security -- Attributes of Actors -- Security Trends -- Targets and Attacks -- Approaches to Computer Security -- Ethics -- Additional References -- Chapter 1 Review -- Chapter 2 General Security Concepts -- Basic Security Terminology -- Formal Security Models -- Additional References -- Chapter 2 Review -- Chapter 3 Operational and Organizational Security -- Policies, Procedures, Standards, and Guidelines -- Organizational Policies -- Security Policies -- Human Resources Policies -- Security Awareness and Training -- Standard Operating Procedures -- Third-Party Risk Management -- Interoperability Agreements -- Chapter 3 Review -- Chapter 4 The Role of People in Security -- People-A Security Problem -- Tools -- Attacks -- Poor Security Practices -- People as a Security Tool -- Chapter 4 Review -- Chapter 5 Cryptography -- Cryptography in Practice -- Cryptographic Objectives -- Historical Perspectives -- Hashing Functions -- Symmetric Encryption -- Asymmetric Encryption -- Quantum Cryptography -- Post-Quantum -- Lightweight Cryptography -- Homomorphic Encryption -- For More Information -- Chapter 5 Review -- Chapter 6 Applied Cryptography -- Cryptography Use -- Cipher Suites -- S/MIME -- PGP -- Steganography -- Secure Protocols -- Secure Protocol Use Cases -- Cryptographic Attacks -- Other Standards -- Chapter 6 Review -- Chapter 7 Public Key Infrastructure -- The Basics of Public Key Infrastructures -- Certificate Authorities -- Trust Models -- Digital Certificates -- Certificate Lifecycles -- Certificate Repositories -- Centralized and Decentralized Infrastructures -- Certificate-Based Threats -- ISAKMP -- CMP -- XKMS -- CEP -- Chapter 7 Review -- Chapter 8 Physical Security -- The Security Problem -- Physical Security Safeguards -- Environmental Controls -- Fire Suppression -- Electromagnetic Environment -- Power Protection -- Drones/UAVs -- Chapter 8 Review -- Chapter 9 Network Fundamentals -- Network Architectures -- Network Topology -- Segregation/Segmentation/Isolation -- Security Zones -- Network Protocols -- Internet Protocol -- IPv4 vs. IPv6 -- Packet Delivery -- Inter-Networking -- MPLS -- Software-Defined Networking (SDN) -- Quality of Service (QoS) -- Traffic Engineering -- Route Security -- For More Information -- Chapter 9 Review -- Chapter 10 Infrastructure Security -- Devices -- Virtualization -- Networking -- Security Devices -- Security Device/Technology Placement -- Tunneling/VPN -- Storage Area Networks -- Media -- Removable Media -- Security Concerns for Transmission Media -- Physical Security Concerns -- Chapter 10 Review -- Chapter 11 Authentication and Remote Access -- User, Group, and Role Management -- Account Policies -- Authorization -- Identity -- Authentication Methods -- Biometric Factors -- Biometric Efficacy Rates -- Multifactor Authentication -- Remote Access -- Preventing Data Loss or Theft -- Database Security -- Cloud vs. On-premises Requirements -- Connection Summary -- For More Information -- Chapter 11 Review -- Chapter 12 Wireless Security and Mobile Devices -- Connection Methods and Receivers -- Wireless Protocols -- Wireless Systems Configuration -- Wireless Attacks -- Mobile Device Management Concepts -- Mobile Application Security -- Mobile Devices -- Policies for Enforcement and Monitoring -- Deployment Models -- Chapter 12 Review -- Chapter 13 Intrusion Detection Systems and Network Security -- History of Intrusion Detection Systems -- IDS Overview -- Network-Based IDSs -- Host-Based IDSs -- Intrusion Prevention Systems -- Network Security Monitoring -- Deception and Disruption Technologies -- Analytics -- SIEM -- DLP -- Tools -- Indicators of Compromise -- For More Information -- Chapter 13 Review -- Chapter 14 System Hardening and Baselines -- Overview of Baselines -- Hardware/Firmware Security -- Operating System and Network Operating System Hardening -- Secure Baseline -- Endpoint Protection -- Network Hardening -- Application Hardening -- Data-Based Security Controls -- Environment -- Automation/Scripting -- Alternative Environments -- Industry-Standard Frameworks and Reference Architectures -- Benchmarks/Secure Configuration Guides -- For More Information -- Chapter 14 Review -- Chapter 15 Types of Attacks and Malicious Software -- Avenues of Attack -- Malicious Code -- Attacking Computer Systems and Networks -- Advanced Persistent Threat -- Password Attacks -- Chapter 15 Review -- Chapter 16 Security Tools and Techniques -- Network Reconnaissance and Discovery Tools -- File Manipulation Tools -- Shell and Script Environments -- Packet Capture and Replay Tools -- Forensic Tools -- Tool Suites -- Penetration Testing -- Vulnerability Testing -- Auditing -- Vulnerabilities -- Chapter 16 Review -- Chapter 17 Web Components, E-mail, and Instant Messaging -- Current Web Components and Concerns -- Web Protocols -- Code-Based Vulnerabilities -- Application-Based Weaknesses -- How E-mail Works -- Security of E-mail -- Mail Gateway -- Mail Encryption -- Instant Messaging -- Chapter 17 Review -- Chapter 18 Cloud Computing -- Cloud Computing -- Cloud Types -- Cloud Service Providers -- Cloud Security Controls -- Security as a Service -- Cloud Security Solutions -- Virtualization -- VDI/VDE -- Fog Computing -- Edge Computing -- Thin Client -- Containers -- Microservices/API -- Serverless Architecture -- Chapter 18 Review -- Chapter 19 Secure Software Development -- The Software Engineering Process -- Secure Coding Concepts -- Application Attacks -- Application Hardening -- Code Quality and Testing -- Compiled Code vs. Runtime Code -- Software Diversity -- Secure DevOps -- Elasticity -- Scalability -- Version Control and Change Management -- Provisioning and Deprovisioning -- Integrity Measurement -- For More Information -- Chapter 19 Review -- Chapter 20 Risk Management -- An Overview of Risk Management -- Risk Management Vocabulary -- What Is Risk Management? -- Security Controls -- Business Risks -- Third-party Risks -- Risk Mitigation Strategies -- Risk Management Models -- Risk Assessment -- Qualitatively Assessing Risk -- Quantitatively Assessing Risk -- Qualitative vs. Quantitative Risk Assessment -- Tools -- Risk Management Best Practices -- Additional References -- Chapter 20 Review -- Chapter 21 Business Continuity, Disaster Recovery, and Change Management -- Business Continuity -- Continuity of Operations Planning (COOP) -- Disaster Recovery -- Why Change Management? -- The Key Concept: Separation of Duties -- Elements of Change Management -- Implementing Change Management -- The Purpose of a Change Control Board -- The Capability Maturity Model Integration -- Environment -- Secure Baseline -- Sandboxing -- Integrity Measurement -- Chapter 21 Review -- Chapter 22 Incident Response -- Foundations of Incident Response -- Attack Frameworks -- Threat Intelligence -- Incident Response Process -- Exercises -- Stakeholder Management -- Communication Plan -- Data Sources -- Log Files -- Data Collection Models -- Standards and Best Practices -- For More Information -- Chapter 22 Review -- Chapter 23 Computer Forensics -- Evidence -- Chain of Custody -- Forensic Process -- Message Digest and Hash -- Analysis -- Host Forensics -- Device Forensics -- Network Forensics -- Legal Hold -- Chapter 23 Review -- Chapter 24 Legal Issues and Ethics -- Cybercrime -- Ethics -- Chapter 24 Review -- Chapter 25 Privacy -- Data Handling -- Organizational Consequences of Privacy Breaches -- Data Sensitivity Labeling and Handling -- Data Roles -- Data Destruction and Media Sanitization -- U.S. Privacy Laws -- International Privacy Laws -- Privacy-Enhancing Technologies -- Privacy Policies -- Privacy Impact Assessment -- Web Privacy Issues -- Privacy in Practice -- For More Information -- Chapter 25 Review -- Appendix A CompTIA Security+ Exam Objectives: SY0-601 -- Appendix B About the Online Content -- System Requirements -- Your Total Seminars Training Hub Account -- Single User License Terms and Conditions -- TotalTester Online -- Technical Support -- Glossary -- Index. |
Source of Description Note: | Description based on resource, viewed September 5, 2022. |
Search for related items by subject
Genre: | Electronic books. Electronic books. Study guides. |