Foundations of information security : a straightforward introduction / by Jason Andress.

Format:

Book

Author/Creator:

Andress, Jason, author.

Language:

English

Subjects (All):

Computer security.

Computer networks--Security measures.

Computer networks.

Physical Description:

1 online resource (xxi, 222 pages) : illustrations

Edition:

1st edition

Place of Publication:

San Francisco, California : No Starch Press, [2019]

System Details:

text file

Summary:

In this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing. Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications. You’ll also learn the basics of topics like: •Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process •The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates •The laws and regulations that protect systems and data •Anti-malware tools, firewalls, and intrusion detection systems •Vulnerabilities such as buffer overflows and race conditions A valuable resource for beginning security professionals, network systems administrators, or anyone new to the field, Foundations of Information Security is a great place to start your journey into the dynamic and rewarding field of information security.

Contents:

Intro

Title Page

Copyright Page

Dedication

About the Author

About the Technical Reviewer

BRIEF CONTENTS

CONTENTS IN DETAIL

ACKNOWLEDGMENTS

INTRODUCTION

Who Should Read This Book?

About This Book

1 WHAT IS INFORMATION SECURITY?

Defining Information Security

When Are You Secure?

Models for Discussing Security Issues

Attacks

Defense in Depth

Summary

Exercises

2 IDENTIFICATION AND AUTHENTICATION

Identification

Authentication

Common Identification and Authentication Methods

3 AUTHORIZATION AND ACCESS CONTROLS

What Are Access Controls?

Implementing Access Controls

Access Control Models

Physical Access Controls

4 AUDITING AND ACCOUNTABILITY

Accountability

Security Benefits of Accountability

Auditing

5 CRYPTOGRAPHY

The History of Cryptography

Modern Cryptographic Tools

Protecting Data at Rest, in Motion, and in Use

6 COMPLIANCE, LAWS, AND REGULATIONS

What Is Compliance?

Achieving Compliance with Controls

Maintaining Compliance

Laws and Information Security

Adopting Frameworks for Compliance

Compliance amid Technological Changes

7 OPERATIONS SECURITY

The Operations Security Process

Laws of Operations Security

Operations Security in Our Personal Lives

Origins of Operations Security

8 HUMAN ELEMENT SECURITY

Gathering Information for Social Engineering Attacks

Types of Social Engineering Attacks

Building Security Awareness with Security Training Programs

9 PHYSICAL SECURITY

Identifying Physical Threats

Physical Security Controls

Protecting People

Protecting Data

Protecting Equipment

Exercises.

10 NETWORK SECURITY

Protecting Networks

Protecting Network Traffic

Network Security Tools

11 OPERATING SYSTEM SECURITY

Operating System Hardening

Protecting Against Malware

Operating System Security Tools

12 MOBILE, EMBEDDED, AND INTERNET OF THINGS SECURITY

Mobile Security

Embedded Security

Internet of Things Security

13 APPLICATION SECURITY

Software Development Vulnerabilities

Web Security

Database Security

Application Security Tools

14 ASSESSING SECURITY

Vulnerability Assessment

Penetration Testing

Does This Really Mean You're Secure?

NOTES

INDEX.

Notes:

Includes bibliographical references and index.

Description based on print version record.

ISBN:

9781098122546

1098122542

9781718500051

171850005X

OCLC:

1125343415