Computer and Information Security Handbook (2-Volume Set)

4th Edition - August 28, 2024
Editor: John Vacca
Language: English
Hardback ISBN:
9 7 8 - 0 - 4 4 3 - 1 3 2 2 3 - 0
eBook ISBN:
9 7 8 - 0 - 4 4 3 - 1 3 2 2 4 - 7

Computer and Information Security Handbook, Fourth Edition offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, along with applic… Read more

Computer and Information Security Handbook (2-Volume Set)

Purchase options

ROBOTICS & AUTOMATION

Empowering Progress

Up to 25% off Essentials Robotics and Automation titles

Explore now

Image with Robotics & Automation book covers

Institutional subscription on ScienceDirect

Request a sales quote

Computer and Information Security Handbook, Fourth Edition offers deep coverage of an extremely wide range of issues in computer and cybersecurity theory, along with applications and best practices, offering the latest insights into established and emerging technologies and advancements. With new parts devoted to such current topics as Cyber Security for the Smart City and Smart Homes, Cyber Security of Connected and Automated Vehicles, and Future Cyber Security Trends and Directions, the book now has 104 chapters in 2 Volumes written by leading experts in their fields, as well as 8 updated appendices and an expanded glossary.

Chapters new to this edition include such timely topics as Threat Landscape and Good Practices for Internet Infrastructure, Cyber Attacks Against the Grid Infrastructure, Threat Landscape and Good Practices for the Smart Grid Infrastructure, Energy Infrastructure Cyber Security, Smart Cities Cyber Security Concerns, Community Preparedness Action Groups for Smart City Cyber Security, Smart City Disaster Preparedness and Resilience, Cyber Security in Smart Homes, Threat Landscape and Good Practices for Smart Homes and Converged Media, Future Trends for Cyber Security for Smart Cities and Smart Homes, Cyber Attacks and Defenses on Intelligent Connected Vehicles, Cyber Security Issues in VANETs, Use of AI in Cyber Security, New Cyber Security Vulnerabilities and Trends Facing Aerospace and Defense Systems, and much more.

Cover image
Title page
Table of Contents
Copyright
Dedication
Contributors to Volume I
Contributors to Volume II
About the editor
Foreword
Preface
Acknowledgments
Contents to Volume I
Part I. Overview of System and Network Security: A Comprehensive Introduction
Chapter 1. Information Security in the Modern Enterprise
1. Introduction
2. Challenges Facing Information Security
3. Assessment and Planning
4. Policies and Procedures
5. Training
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 2. Building a Secure Organization
1. Introduction: Navigating the Labrynthe World of Cybersecurity and Its Multifaceted Imperatives
2. ISO/IEC 27002:2022 and the Broader Landscape of Standards
3. Integrating Standards Within a Risk-Based Data Protection Framework
4. Cultivating a Cybersecurity Culture: The Bedrock of a Robust Risk-Based Approach
5. Conclusion: A Convergence of Standards, Culture, and Trust—The Way Forward in Cybersecurity and Data Protection
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 3. A Cryptography Primer
1. What Is Cryptography? What Is Encryption?
2. Famous Cryptographic Devices
3. Ciphers
4. Modern Cryptography
5. The Computer Age
6. How Advanced Encryption Standard Works
7. Selecting Cryptography: the Process
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 4. Verifying User and Host Identity
1. Introduction: Verifying the User
2. Identity Access Management: Authentication and Authorization
3. Synthetic or Real User Logging
4. Verifying a User in Cloud Environments
5. Verifying Hosts
6. Verifying Host Domain Name System and Internet Protocol Information
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 5. Detecting System Intrusions
1. Introduction
2. Developing Threat Models
3. Securing Communications
4. Network Security Monitoring and Intrusion Detection Systems
5. Installing Security Onion to a Bare-Metal Server
6. Putting It All Together
7. Securing Your Installation
8. Managing an Intrusion Detection System in a Network Security Monitoring Framework
9. Setting the Stage
10. Alerts and Events
11. Sguil: Tuning Graphics Processing Unit Rules, Alerts, and Responses
12. Developing Process
13. Understanding, Exploring, and Managing Alerts
14. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 6. Intrusion Detection in Contemporary Environments
1. Introduction
2. Mobile Operating Systems
3. Mobile Device Malware Risks
4. Cloud Computing Models
5. Cloud Computing Attack Risks
6. Source of Attacks on Mobile Devices
7. Source or Origin of Intrusions in Cloud Computing
8. Classes of Mobile Malware
9. Types of Cloud Computing Attacks
10. Malware Techniques in Android
11. Cloud Computing Intrusions Techniques
12. Examples of Smartphone Malware
13. Examples of Cloud Attacks
14. Types of Intrusion Detection Systems for Mobile Devices
15. Types of Intrusion Detection Systems for Cloud Computing
16. Intrusion Detection System Performance Metrics
17. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 7. Preventing System Intrusions
1. So, What Is an Intrusion?
2. Sobering Numbers
3. Know Your Enemy: Hackers Versus Crackers
4. Motives
5. The Crackers' Tools of the Trade
6. Bots
7. Symptoms of Intrusions
8. What Can You Do?
9. Security Policies
10. Risk Analysis
11. Tools of Your Trade
12. Controlling User Access
13. Intrusion Prevention Capabilities
14. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 8. Guarding Against Network Intrusions
1. Introduction
2. Traditional Reconnaissance and Attacks
3. Malicious Software
4. Defense in Depth
5. Preventive Measures
6. Intrusion Monitoring and Detection
7. Reactive Measures
8. Network-Based Intrusion Protection
9. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 9. Fault Tolerance and Resilience in Cloud Computing Environments
1. Introduction
2. Cloud Computing Fault Model
3. Basic Concepts of Fault Tolerance
4. Different Levels of Fault Tolerance in Cloud Computing
5. Fault Tolerance Against Crash Failures in Cloud Computing
6. Fault Tolerance Against Byzantine Failures in Cloud Computing
7. Fault Tolerance as a Service in Cloud Computing
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 10. Securing Web Applications, Services, and Servers
1. Setting the Stage
2. Basic Security for HTTP Applications and Services
3. Basic Security for SOAP Services
4. Identity Management and Web Services
5. Authorization Patterns
6. Security Considerations
7. Challenges
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 11. UNIX and Linux Security
1. Introduction
2. UNIX and Security
3. Basic UNIX Security Overview
4. Achieving UNIX Security
5. Protecting User Accounts and Strengthening Authentication
6. Limiting Superuser Privileges
7. Securing Local and Network File Systems
8. Network Configuration
9. Improving the Security of Linux and UNIX Systems
10. Additional Resources
11. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 12. Eliminating the Security Weakness of Linux and UNIX Operating Systems
1. Introduction
2. Establishing Secure Configurations
3. Managing System Updates
4. Hardening Access Controls for Linux/UNIX
5. Firewalls and Intrusion Prevention
6. Malware Prevention
7. Ongoing Vigilance
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 13. Internet Security
1. Internet Protocol Architecture
2. An Internet Threat Model
3. Defending Against Attacks on the Internet
4. Internet Security Checklist
5. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 14. The Botnet Problem
1. Introduction
2. Internet of Things
3. Software
4. Botnets
5. Botnet Attacks
6. The Problem With Botnets
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 15. Intranet Security
1. Smartphones and Tablets in the Intranet
2. Security Considerations
3. Plugging the Gaps: Network Access Control and Access Control
4. Measuring Risk: Audits
5. Guardian at the Gate: Authentication and Encryption
6. Wireless Network Security
7. Shielding the Wire: Network Protection
8. Weakest Link in Security: User Training
9. Documenting the Network: Change Management
10. Rehearse the Inevitable: Disaster Recovery
11. Controlling Hazards: Physical and Environmental Protection
12. Know Your Users: Personnel Security
13. Protecting Data Flow: Information and System Integrity
14. Security Assessments
15. Risk Assessments
16. Intranet Security Implementation Process Checklist
17. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 16. Local Area Network Security
1. Identify Network Threats
2. Establish Network Access Controls
3. Risk Assessment
4. Listing Network Resources
5. Threats
6. Security Policies
7. The Incident-Handling Process
8. Secure Design Through Network Access Controls
9. Intrusion Detection System Defined
10. Network Intrusion Detection System: Scope and Limitations
11. A Practical Illustration of Network Intrusion Detection System
12. Firewalls
13. Dynamic Network Address Translation Configuration
14. The Perimeter
15. Access List Details
16. Types of Firewalls
17. Packet Filtering: Internet Protocol Filtering Routers
18. Application-Layer Firewalls: Proxy Servers
19. Stateful Inspection Firewalls
20. Network Intrusion Detection System Complements Firewalls
21. Monitor and Analyze System Activities
22. Signature Analysis
23. Statistical Analysis
24. Signature Algorithms
25. Local Area Network Security Countermeasures Implementation Checklist
26. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 17. Wireless Network Security
1. Cellular Networks
2. Wireless Ad Hoc Networks
3. Security Protocols
4. Wired Equivalent Privacy
5. Secure Routing
6. Authenticated Routing for Ad Hoc Networks
7. Secure Link State Routing Protocol
8. Key Establishment
9. Ingemarsson, Tang, and Wong
10. Management Countermeasures
11. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 18. Wireless Sensor Network Security: The Internet of Things
1. Introduction to Wireless Sensor Networks
2. Threats to Privacy
3. Cryptographic Security in Wireless Sensor Networks
4. Secure Routing in Wireless Sensor Networks
5. Routing Protocols in Wireless Sensor Networks
6. Wireless Sensor Networks and Internet of Things
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 19. Security for the Internet of Things
1. Introduction
2. Security Challenges in the Internet of Things
3. Authentication and Access Control
4. Attribute-Based Access Control
5. Data Integrity and Confidentiality
6. Secure Communication Protocols
7. Secure Software Development Practices
8. IoT Security Standards and Frameworks
9. Emerging Trends and Future Directions
10. Conclusion
11. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 20. Cellular Network Security
1. Introduction
2. Overview of Cellular Networks
3. The State of the Art of Cellular Network Security
4. Cellular Network Attack Taxonomy
5. Cellular Network Vulnerability Analysis
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 21. Radio Frequency Identification Security
1. Radio Frequency Identification Introduction
2. Radio Frequency Identification Challenges
3. Radio Frequency Identification Protections
4. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 22. Optical Network Security
1. Optical Networks
2. Securing Optical Networks
3. Identifying Vulnerabilities
4. Corrective Actions
5. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 23. Optical Wireless Security
1. Optical Wireless Systems Overview
2. Deployment Architectures
3. High Bandwidth
4. Low Cost
5. Implementation
6. Surface Area
7. Summary
Chapter Review Questions/Exercises
Exercise
Part II. Managing Information Security
Chapter 24. Information Security Essentials for IT Managers: Protecting Mission-Critical Systems
1. Introduction
2. Living in an Hybrid World
3. It Takes a Village
4. Identifying Your Assets
5. Protecting Your Assets
6. Cyber Hygiene
7. Risk Management
8. NIST Cybersecurity Framework
9. MITRE CVE and CWE
10. Security by Design
11. Incident Response
12. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 25. Security Management Systems
1. Introduction
2. Security Management Systems Standards
3. Training Requirements
4. Principles of Information Security
5. Roles and Responsibilities of Personnel
6. Security Policies
7. Security Controls
8. Network Access
9. Risk Assessment
10. Incident Response
11. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 26. Policy-Driven System Management
1. Introduction
2. Security and Policy-Based Management
3. Classification and Languages
4. Controls for Enforcing Security Policies in Distributed Systems
5. Products and Technologies
6. Research Projects
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 27. Information Technology Security Management
1. Introduction
2. Alignment With Business Strategy
3. Cybersecurity Management Frameworks
4. People, Process, Technology
5. Organizational Structure and Alignment
6. Security Management Execution
7. Risk-Oriented Security Management
8. Developing a Security Strategy
9. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 28. The Enemy (The Intruder's Genesis)
1. Introduction
2. Active Reconnaissance
3. Enumeration
4. Penetration and Gain Access
5. Maintain Access
6. Defend Network Against Unauthorized Access
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 29. Social Engineering Deceptions and Defenses
1. Introduction
2. Counter-Social Engineering
3. Vulnerabilities
4. Using a Layered Defense Approach
5. Attack Scenarios
6. Suspect Everyone: Network Vector
7. Policy and Training
8. Physical Access
9. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 30. Hacking in an Ethical Way
1. Introduction
2. Ethical—Who Decides?
3. Can it be Ethical if it is Illegal?
4. Vulnerability Disclosure Policy
5. Hacker Tools
6. Responsible Disclosure
7. Targets of Hacking
8. How to Prevent Hacking
9. Top Hacks
10. Defcon (defcon.org)
11. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 31. What Is Vulnerability Assessment?
1. Introduction
2. Reportin
3. The “It Will Not Happen to Us” Factor
4. Why Vulnerability Assessment?
5. Penetration Testing Versus Vulnerability Assessment
6. Vulnerability Assessment Goal
7. Mapping the Network
8. Selecting the Right Scanners
9. Central Scans Versus Local Scans
10. Defense in Depth Strategy
11. Vulnerability Assessment Tools
12. Security Auditor's Research Assistant
13. Security Administrator's Integrated Network Tool
14. Microsoft Baseline Security Analyzer
15. Scanner Performance
16. Scan Verification
17. Scanning Cornerstones
18. Network Scanning Countermeasures
19. Vulnerability Disclosure Date
20. Proactive Security Versus Reactive Security
21. Vulnerability Causes
22. Do It Yourself Vulnerability Assessment
23. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 32. Introduction to Vulnerabilities Below the Operating System
1. Introduction
2. Firmware: A Hidden Attack Vector
3. Conclusion
4. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 33. Security Metrics: An Introduction and Literature Review
1. Introduction
2. Why Security Metrics?
3. The Nature of Security Metrics
4. Getting Started With Security Metrics
5. Metrics in Action: Toward an Intelligent Security Dashboard
6. Security Metrics in the Literature
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 34. Security Education, Training, and Awareness
1. Security Education, Training, and Awareness (SETA) Programs
2. Users, Behavior, and Roles
3. Security Education, Training, and Awareness (SETA) Program Design
4. Security Education, Training, and Awareness (SETA) Program Development
5. Implementation and Delivery
6. Technologies and Platforms
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 35. Risk Management
1. Introduction
2. The Concept of Risk
3. Expressing and Measuring Risk
4. The Risk Management Methodology
5. Integrating Risk Management Into the System Development Life Cycle
6. Risk Management Methods
7. Risk Management Standards
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 36. Insider Threats
1. Introduction
2. Defining Insider Threat
3. Motivations of the Insider Threat Actors
4. Examples of Insider Treats
5. Impacts
6. Analysis
7. Manage and Mitigate the Insider Threat
8. Conclusion
9. Summary
Chapter Review Questions/Exercises
Exercise
Part III. Disaster Recovery Security
Chapter 37. Disaster Recovery
1. Introduction
2. Measuring Risk and Avoiding Disaster
3. The Business Impact Assessment
4. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 38. Disaster Recovery Plans for Small and Medium Business (SMB)
1. Introduction
2. Identifying the Need for a Disaster Recovery Plan
3. Recovery
4. Threat Analysis
5. Methodology
6. Train and Test the Plan
7. Communication
8. Recovery
9. Conclusion
10. Summary
Chapter Review Questions/Exercises
Exercise
Part IV. Security Standards And Policies
Chapter 39. Security Certification and Standards Implementation
1. Introduction: The Security Compliance Puzzle
2. The Age of Digital Regulations
3. Security Regulations and Laws: Technology Challenges
4. Implementation: The Compliance Foundation
5. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 40. Security Policies and Plans Development
1. Introduction: Policies and Planning: Security Framework Foundation
2. CIA: Not the Central Intelligence Agency
3. Security Policy Structure
4. Security Policy: Sign Off Approval
5. Summary
Chapter Review Questions/Exercises
Exercise
Part V. Cyber, Network, and Systems Forensics Security and Assurance
Chapter 41. Cyber Forensics
1. What Is Cyber Forensics?
2. Analysis of Data
3. Cyber Forensics in the Court System
4. Understanding Internet History
5. Temporary Restraining Orders and Labor Disputes
6. First Principles
7. Hacking a Windows XP Password
8. Network Analysis
9. Cyber Forensics Applied
10. Tracking, Inventory, Location of Files, Paperwork, Backups, and So on
11. Testifying as an Expert
12. Beginning to End in Court
13. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 42. Cyber Forensics and Incidence Response
1. Introduction to Cyber Forensics
2. Handling Preliminary Investigations
3. Controlling an Investigation
4. Conducting Disc-Based Analysis
5. Investigating Information-Hiding Techniques
6. Scrutinizing Email
7. Validating Email Header Information
8. Tracing Internet Access
9. Searching Memory in Real Time
10. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 43. Securing e-Discovery
1. Information Management
2. Legal and Regulatory Obligation
3. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 44. Network Forensics
1. Introduction
2. Network Forensic Analysis
3. Email Investigations
4. Validating Process
5. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 45. Microsoft Office and Metadata Forensics: A Deeper Dive
1. Introduction
2. In a Perfect World
3. Microsoft Excel
4. Exams!
5. Items Outside of Office Metadata
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 46. Hard Drive Imaging
1. Introduction
2. Hard Disc Drives
3. Solid State Drives
4. Hardware Tools
5. Software Tools
6. Techniques
7. Summary
Chapter Review Questions/Exercises
Exercise
Part VI. Encryption Technology
Chapter 47. Data Encryption
1. Need for Cryptography
2. Mathematical Prelude to Cryptography
3. Classical Cryptography
4. Modern Symmetric Ciphers
5. Algebraic Structure
6. The Internal Functions of Rijndael in Advanced Encryption Standard Implementation
7. Use of Modern Block Ciphers
8. Public-Key Cryptography
9. Cryptanalysis of Rivest–Shamir–Adleman
10. Diffie–Hellman Algorithm
11. Elliptic Curve Cryptosystems
12. Message Integrity and Authentication
13. Triple Data Encryption Algorithm Block Cipher
14. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 48. Satellite Encryption
1. Introduction
2. The Need for Satellite Encryption
3. Implementing Satellite Encryption
4. Pirate Decryption of Satellite Transmissions
5. Satellite Encryption Policy
6. Satellite Encryption Service (SES)
7. The Future of Satellite Encryption
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 49. Public Key Infrastructure
1. Cryptographic Background
2. Overview of Public Key Infrastructure
3. The X.509 Model
4. X.509 Implementation Architectures
5. X.509 Certificate Validation
6. X.509 Certificate Revocation
7. Server-Based Certificate Validity Protocol
8. X.509 Bridge Certification Systems
9. X.509 Certificate Format
10. Public Key Infrastructure Policy Description
11. Public Key Infrastructure Standards Organizations
12. Pretty Good Privacy Certificate Formats
13. Pretty Good Privacy Public Key Infrastructure Implementations
14. World Wide Web Consortium
15. Is Public Key Infrastructure Secure?
16. Alternative Public Key Infrastructure Architectures
17. Modified X.509 Architectures
18. Alternative Key Management Models
19. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 50. Password-Based Authenticated Key Establishment Protocols
1. Introduction to Key Exchange
2. Password-Authenticated Key Exchange
3. Concrete Protocols
4. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 51. Context-Aware Multifactor Authentication Survey
1. Introduction
2. Classic Approach to Multifactor Authentication
3. Modern Approaches to Multifactor Authentication
4. Comparative Summary
5. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 52. Instant-Messaging Security
1. Why Should I Care About Instant Messaging?
2. What Is Instant Messaging?
3. The Evolution of Networking Technologies
4. Game Theory and Instant Messaging
5. The Nature of the Threat
6. Common Instant Messaging Applications
7. Defensive Strategies
8. Instant-Messaging Security Maturity and Solutions
9. Processes
10. Summary
Chapter Review Questions/Exercises
Exercise
Contents to Volume II
Part VII. Privacy and Access Management
Chapter 53. Online Privacy
1. Introduction
2. The Quest for Online Privacy
3. Market and Industry
4. On Regulatory Frameworks
5. Privacy and Technologies
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 54. Privacy-Enhancing Technologies
1. Introduction
2. Privacy-Enhancing Techniques
3. Data Obfuscation
4. Encrypted Data Processing
5. Federated and Distributed Analytics
6. Data Accountability Tools
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 55. Personal Privacy Policies
1. Introduction
2. Information to be Provided to Data Subjects
3. Concise, Transparent, Intelligible, and Easily Accessible Information
4. DATA Protection Icons
5. Conclusion
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 56. Detection of Conflicts in Security Policies
1. Introduction
2. Conflicts in Security Policies
3. Conflicts in Executable Security Policies
4. Conflicts in Network Security Policies
5. Query-Based Conflict Detection
6. Semantic Web Technology for Conflict Detection
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 57. Supporting User Privacy Preferences in Digital Interactions
1. Introduction
2. Basic Concepts and Desiderata
3. Cost-Sensitive Trust Negotiation
4. Point-Based Trust Management
5. Logical-Based Minimal Credential Disclosure
6. Privacy Preferences in Credential-Based Interactions
7. Fine-Grained Disclosure of Sensitive Access Policies
8. Open Issues
9. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 58. Privacy and Security in Environmental Monitoring Systems: Issues and Solutions
1. Introduction
2. System Architectures
3. Environmental Data
4. Security and Privacy Issues in Environmental Monitoring
5. Countermeasures
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 59. Virtual Private Networks
1. Introduction
2. History
3. Who is in Charge?
4. Virtual Private Network Types
5. Authentication Methods
6. Symmetric Encryption
7. Asymmetric Cryptography
8. Edge Devices
9. Passwords
10. Security Tips for VPN Systems
11. Mobile Virtual Private Networks
12. Virtual Private Network Deployments
13. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 60. Identity Theft
1. Introduction
2. Definition and Types of Identity Theft
3. Historical Background and Evolution of Identity Theft in the Digital Age
4. Technical Details of Identity Theft Techniques, Prevention, and Protection
5. Summary
Chapter Review Questions/Exercises
Chapter 61. VoIP Security
1. Introduction
2. Overview of Threats
3. Security in Voice Over Internet Protocol
4. Future Trends
5. Summary
Chapter Review Questions/Exercises
Exercise
Part VIII. Storage Security
Chapter 62. SAN Security
1. Organizational Structure
2. Access Control Lists and Policies
3. Physical Access
4. Change Management
5. Password Policies
6. Defense-in-Depth
7. Vendor Security Review
8. Data Classification
9. Security Management
10. Auditing
11. Security Maintenance
12. Host Access: Partitioning
13. Data Protection: Replicas
14. Encryption in Storage
15. Application of Encryption
16. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 63. Storage Area Networking Security Devices
1. Introduction
2. Storage Area Network Device Security
3. Introduction to SANs
4. Conclusion
5. Summary
Chapter Review Questions/Exercises
Exercise
Part IX. Cloud Security
Chapter 64. Securing Cloud Computing Systems
1. Introduction
2. General Cloud Security Domains
3. Illustration of Cloud Security Standards: CSA Cloud Controls Matrix
4. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 65. Cloud Security
1. Introduction
2. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 66. Cloud Security Trends
1. Introduction
2. Encryption
3. Self-Regulatory Frameworks
4. EUCS—Cloud Services Scheme
5. Summary
6. Create New Questions
Chapter Review Questions/Exercises
Exercise
Chapter 67. Private Cloud Security
1. Introduction: Private Cloud System Management
2. From Physical to Network Security Base Focus
3. Benefits of Private Cloud Security Infrastructures
4. Private Cloud Security Standards and Best Practices
5. “As-a-Service” Universe: Service Models
6. Private Cloud Service Model: Layer Considerations
7. Privacy or Public: The Cloud Security Challenges
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 68. Virtual Private Cloud Security
1. Introduction: Virtual Networking in a Private Cloud
2. Security Console: Centralized Control Dashboard Management
3. Security Designs: Virtual Private Cloud Setups
4. Security Object Group Allocations: Functional Control Management Practices
5. Virtual Private Cloud Performance Versus Security
6. Summary
Chapter Review Questions/Exercises
Exercise
Part X. Virtual Security
Chapter 69. Protecting Virtual Infrastructure
1. Virtualization in Computing
2. Virtual Data Center Security
3. Hypervisor Security
4. Enterprise Segmentation
5. Active Containerized Security
6. Virtual Absorption of Volume Attacks
7. Open Source Versus Proprietary Security Capabilities
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 70. Software-Defined Networking and Network Function Virtualization Security
1. Introduction to Software-Defined Networking
2. Software-Defined Networking and Network Function Virtualization Overview
3. Software-Defined Networking and Network Function Virtualization for Internet Service Providers
4. Software-Defined Networking Controller Security
5. Improved Patching With Software-Defined Networking
6. Dynamic Security Service Chaining in Software-Defined Networking
7. Future Virtualized Management Security Support in Software-Defined Networking
8. Summary
Chapter Review Questions/Exercises
Exercise
Part XI. Cyber Physical Security
Chapter 71. Physical Security
1. Overview
2. Physical Security Threats
3. Physical Security Prevention and Mitigation Measures
4. Recovery From Physical Security Breaches
5. Threat Assessment, Planning, and Plan Implementation
6. Example: A Corporate Physical Security Policy
7. Integration of Physical and Logical Security
8. Physical Security Checklist
9. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 72. Biometrics
1. Introduction
2. Type of Biometrics in Use Today
3. Privacy and Security of Biometrics
4. Legal and Ethical Considerations
5. The Future of Biometrics
6. Summary
Chapter Review Questions/Exercises
Exercise
Optional Team Case Project
Part XII. Practical Security
Chapter 73. Online Identity and User Management Services
1. Introduction
2. Evolution of Identity Management Requirements
3. The Requirements Fulfilled by Identity Management Technologies
4. Identity Management 1.0
5. Social Login and User Management
6. Identity 2.0 for Mobile Users
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 74. Intrusion Prevention and Detection Systems
1. What Is an “Intrusion” Anyway?
2. Physical Theft
3. Abuse of Privileges (the Insider Threat)
4. Unauthorized Access by Outsider
5. Malicious Software Infection
6. Role of the “Zero-Day”
7. The Rogue's Gallery: Attackers and Motives
8. A Brief Introduction to Transmission Control Protocol/Internet Protocol
9. Transmission Control Protocol/Internet Protocol Data Architecture and Data Encapsulation
10. Survey of Intrusion Detection and Prevention Technologies
11. Antimalicious Software
12. Network-Based Intrusion Detection Systems
13. Network-Based Intrusion Prevention Systems
14. Host-Based Intrusion Prevention Systems
15. Security Information Management Systems
16. Network Session Analysis
17. Digital Forensics
18. System Integrity Validation
19. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 75. Transmission Control Protocol/Internet Protocol Packet Analysis
1. The Internet Model
2. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 76. Firewalls
1. Introduction
2. Network Firewalls
3. Firewall Security Policies
4. A Simple Mathematical Model for Policies, Rules, and Packets
5. First-Match Firewall Policy Anomalies
6. Policy Optimization
7. Firewall Types
8. Host and Network Firewalls
9. Software and Hardware Firewall Implementations
10. Choosing the Correct Firewall
11. Firewall Placement and Network Topology
12. Firewall Installation and Configuration
13. Supporting Outgoing Services Through Firewall Configuration
14. Secure External Services Provisioning
15. Network Firewalls for Voice and Video Applications
16. Firewalls and Important Administrative Service Protocols
17. Internal IP Services Protection
18. Firewall Remote Access Configuration
19. Load Balancing and Firewall Arrays
20. Highly Available Firewalls
21. Firewall Management
22. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 77. Penetration Testing
1. What Is Penetration Testing?
2. Why Would You Do It?
3. How Do You Do It?
5. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 78. System Security
1. Foundations of Security
2. Basic Countermeasures
3. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 79. Access Controls
1. Infrastructure Weaknesses: Discretionary Access Control (DAC), Mandatory Access Control (MAC), and Role-Based Access Control (RBAC)
2. Strengthening the Infrastructure: Authentication Systems
3. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 80. Endpoint Security
1. Introduction: Endpoint Security Defined
2. Endpoint Solution: Options
3. Standard Requirements: Security Decisions
4. Endpoint Architecture: Functional Challenges
5. Endpoint Intrusion Security: Management Systems
6. Intrusion Prevention System (IPS) Network Logging Tools: Seek and Target (the Offender)
7. Endpoint Unification: Network Access Control (NAC) Design Approach (From the Ground-Up)
8. Software-as-a-Service (SaaS) Endpoint Security
9. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 81. Assessments and Audits
1. Assessing Vulnerabilities and Risk: Penetration Testing and Vulnerability Assessments
2. Risk Management: Quantitative Risk Measurements
3. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 82. Fundamentals of Cryptography
1. Assuring Privacy With Encryption
2. Summary
Chapter Review Questions/Exercises
Exercise
Part XIII. Critical Infrastructure Security
Chapter 83. Securing the Infrastructure
1. Communication Security Goals
2. Attacks and Countermeasures
3. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 84. Cyberattacks Against the Grid Infrastructure
1. Introduction
2. Why is There a Threat to the Power Grid
3. How Power Grids Can be Hacked
4. How Hackers Can Shut Down the Power Grid
5. What Would Happen if the us Power Grid Went Down
6. Why the Power Grid is so Vulnerable to Cyber Attacks
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 85. Energy Infrastructure Cyber Security
1. Introduction
2. Energy Sector Cyber Security Program as it Relates to the Electric Power Grid and Pipelines Subsectors
3. Summary of Risks to Computer-Based Control Systems Used in Energy Sector Subsectors and Recent Cyber Attacks
4. Review of Legislative Authorities and Policy Guidance Directing US Department of Energy Cybersecurity Programs and Activities and it’s Relationship With National Laboratories and Other Federal Agencies With Cybersecurity Roles
5. Concluding Discussion of Key Policy Issues for Congress
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 86. Homeland Security and Cybersecurity
1. Introduction
2. Defining Homeland Security
3. 9/11 Commission Report and the “New Terrorism”
4. The Organization of Homeland Security and Cybersecurity
5. Typology of Cyberthreats and Homeland Security
6. Homeland Security Organization and Key Agencies in Cybersecurity
7. Legislation Influencing Homeland Security and Cybersecurity
8. The Future of Homeland Security
9. Summary and Conclusion
Chapter Review Questions/Exercises
Exercise
Chapter 87. Cyber Warfare
1. Introduction
2. The Primary Components of Cyber Warfare
3. Intelligence Gathering in Cyber Warfare
4. Technical Aspects of Cyber Warfare
5. Strategic Aspects of Cyber Warfare
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 88. Cyber Attack Process
1. Introduction
2. What is a Cyber Attack
3. The Cyber Attack Process
4. Attack Difficulty and Complexity
5. Attack Vectors
6. Beginning the Cyber Attack Process
7. Cyber Attack Impacts
8. Defending Against Cyber Attacks
9. Summary
Chapter Review Questions/Exercises
Exercise
Part XIV. Cyber Security for the Smart City And Smart Homes
Chapter 89. Smart Cities: Cybersecurity Concerns
1. Introduction
2. Understanding Smart Cities
3. Cybersecurity Challenges
4. Types of Cyberthreats
5. Current Cybersecurity Measures
6. Future Considerations
7. Open Problems
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 90. Disaster Management Cycle, Smart Technologies, Urban Form, Traditional Developments, and Sprawl
1. Introduction
2. Disaster Management and the Disaster Management Cycle
3. Smart Technology and Disasters
4. Human Behavior and Disaster Management
5. Disaster Management Cycle and Urban Form
6. Conclusions
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 91. Cyber Security in Smart Homes
1. Introduction
2. Organization
3. Background
4. Security Challenges of Smart Homes
5. Threats on Smart Home Layers
6. Security Solutions and Best Practices
7. Conclusion
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 92. Future Trends for Cyber Security for Smart Cities and Homes
1. Introduction
2. “Smart City” Dispersion and Centralization Attributes: Stakeholders, Implications
3. “Smart Cities”—A Modern Day “Panopticon” Writ Large
4. Complex Systems Analysis—A Tool for “Smart City” Development
5. The Basics of Smart City Infrastructure, Buildings, and “OPEN Spaces”
6. Public–Private Partnerships
7. Societal Resilience Enhancement
8. The Rudiments of “the Technology Side” to “Smart Cities”
9. “Smart-City” Perimeters and Borders
10. Smart City Policing
11. The City-Scape Security Typology—a First Pass
12. City-Scape Matrices
13. Final Reflections
14. Summary
Chapter Review Questions/Exercises
Exercise
Part XV. Cyber Security Of Connected And Automated Vehicles
Chapter 93. An Overview of Cyber Attacks and Defenses on Intelligent Connected Vehicles
1. Introduction
2. Background
3. Challenges
4. AV Forensics
5. Communications
6. Over-the-Air Updates
7. Open Problems
8. Summary
Chapter Review Questions/Exercises
Exercise
Part XVI. Advanced Security
Chapter 94. Security Through Diversity
1. Ubiquity
2. Example Attacks Against Uniformity
3. Attacking Ubiquity With Antivirus Tools
4. The Threat of Worms
5. Automated Network Defense
6. Diversity and the Browser
7. Sandboxing and Virtualization
8. Domain Name Server Example of Diversity Through Security
9. Recovery From Disaster Is Survival
10. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 95. Online e-Reputation Management Services
1. Introduction
2. Reputation in the Online ERA
3. Online Reputation Management Architectures
4. Privacy Issues in Online Reputation Management
5. Conclusion
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 96. Content Filtering
1. Defining the Problem
2. Why Content Filtering Is Important
3. Content Categorization Technologies
4. Perimeter Hardware and Software Solutions
5. Categories
6. Legal Issues
7. Circumventing Content Filtering
8. Additional Items to Consider: Overblocking and Underblocking
9. Related Products
10. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 97. Data Loss Protection
1. Precursors of DLP
2. What Is Data Loss Protection (DLP)?
3. Where to Begin?
4. Data Is Like Water
5. You Don't Know What You Don't Know
6. How Do Data Loss Protection (DLP) Applications Work?
7. Eat Your Vegetables
8. IT's a Family Affair, Not Just IT Security's Problem
9. Vendors, Vendors Everywhere! Who Do You Believe?
10. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 98. Satellite Cyber Attack Search and Destroy
1. Introduction
2. Historical Perspective and Changing Threat Landscape
3. Threats to Satellite Security
4. International Cooperation and Challenges
5. Limited Security Inclusion
6. Future Perspectives and Challenges
7. Hacks and Attacks
8. Satellites in Orbit
9. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 99. Verifiable Voting Systems
1. Introduction
2. Security Requirements
3. Verifiable Voting Schemes
4. Building Blocks
5. Survey of Noteworthy Schemes
6. Threats to Verifiable Voting Systems
7. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 100. Advanced Data Encryption
1. Mathematical Concepts Reviewed
2. The RIVEST, SHAMIR, AND ADELMAN Cryptosystem
3. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 101. Use of Artificial Intelligence (AI) in Cybersecurity
1. Introduction
2. AI Fundamentals
3. Impact of AI on Cybersecurity
4. Dark Side of AI
5. AI-Powered Cybersecurity Adoption and its Future
6. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 102. AI Abuse: Investigating the Threat Landscape
1. Introduction
2. Background
3. Attack Models
4. Case Studies
5. Summary
Chapter Review Questions/Exercises
Exercise
Part XVII. Future Cyber Security Trends And Directions
Chapter 103. Future Trends for Cyber Attacks in the Healthcare Industry
1. Introduction
2. Internet of Medical Things
3. Rural and Small-Sized Hospitals are at a Greater Risk of Suffering a Cyber Attacked
4. What Cyber Threats or Attacks is the Healthcare Most at Risk Off?
5. Autocratic Regimes and the Healthcare Industry
6. The Threat Landscape of the Future: Digital Healthcare and Integrated Healthcare
7. Mitigating Healthcare Data Breaches in the Healthcare Industry
8. Summary
Chapter Review Questions/Exercises
Exercise
Chapter 104. Future Trends in Maritime Cybersecurity
1. Introduction
2. Factors of Change in the Maritime Industry
3. Cybersecurity Solutions and Approaches
4. Future Directions and Trends
5. Summary
Chapter Review Questions/Exercises
Exercise
Part XVIII. Appendices
Appendix A. List of Top Information and Network Security Implementation and Deployment Companies
Appendix B. List of Security Products
Appendix C. List of Security Standards
Appendix D. List of Miscellaneous Security Resources
Appendix E. Frequently Asked Questions
Appendix F. Case Studies
Appendix G. Answers to Review Questions/Exercises, Hands-on Projects, Case Projects, and Optional Team Case Project by Chapter
Appendix H. Glossary
Index
Index

Life Sciences

Physical Sciences & Engineering

Social Sciences & Humanities

Health

Computer and Information Security Handbook (2-Volume Set)

Purchase options

Empowering Progress

Institutional subscription on ScienceDirect

John Vacca