Books in Information systems general

Applied Cyber Security and the Smart Grid

1st Edition
February 26, 2013
Eric D. Knapp + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 9 9 8 9
eBook
9 7 8 0 1 2 4 0 4 6 3 8 2

Many people think of the Smart Grid as a power distribution group built on advanced smart metering—but that’s just one aspect of a much larger and more complex system. The "Smart Grid" requires new technologies throughout energy generation, transmission and distribution, and even the homes and businesses being served by the grid. This also represents new information paths between these new systems and services, all of which represents risk, requiring a more thorough approach to where and how cyber security controls are implemented. This insight provides a detailed architecture of the entire Smart Grid, with recommended cyber security measures for everything from the supply chain to the consumer.

Logging and Log Management

1st Edition
November 29, 2012
Kevin Schmidt + 2 more
English
Paperback
9 7 8 1 5 9 7 4 9 6 3 5 3
eBook
9 7 8 1 5 9 7 4 9 6 3 6 0

Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management introduces information technology professionals to the basic concepts of logging and log management. It provides tools and techniques to analyze log data and detect malicious activity. The book consists of 22 chapters that cover the basics of log data; log data sources; log storage technologies; a case study on how syslog-ng is deployed in a real environment for log collection; covert logging; planning and preparing for the analysis log data; simple analysis techniques; and tools and techniques for reviewing logs for potential problems. The book also discusses statistical analysis; log data mining; visualizing log data; logging laws and logging mistakes; open source and commercial toolsets for log data collection and analysis; log management procedures; and attacks against logging systems. In addition, the book addresses logging for programmers; logging and compliance with regulations and policies; planning for log analysis system deployment; cloud logging; and the future of log standards, logging, and log analysis. This book was written for anyone interested in learning more about logging and log management. These include systems administrators, junior security engineers, application developers, and managers.

FISMA and the Risk Management Framework

1st Edition
November 27, 2012
Daniel R. Philpott + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 6 4 1 4
eBook
9 7 8 1 5 9 7 4 9 6 4 2 1

FISMA and the Risk Management Framework: The New Practice of Federal Cyber Security deals with the Federal Information Security Management Act (FISMA), a law that provides the framework for securing information systems and managing risk associated with information resources in federal government agencies. Comprised of 17 chapters, the book explains the FISMA legislation and its provisions, strengths and limitations, as well as the expectations and obligations of federal agencies subject to FISMA. It also discusses the processes and activities necessary to implement effective information security management following the passage of FISMA, and it describes the National Institute of Standards and Technology's Risk Management Framework. The book looks at how information assurance, risk management, and information systems security is practiced in federal government agencies; the three primary documents that make up the security authorization package: system security plan, security assessment report, and plan of action and milestones; and federal information security-management requirements and initiatives not explicitly covered by FISMA. This book will be helpful to security officers, risk managers, system owners, IT managers, contractors, consultants, service providers, and others involved in securing, managing, or overseeing federal information systems, as well as the mission functions and business processes supported by those systems.

Client-Side Attacks and Defense

1st Edition
September 28, 2012
Sean-Philip Oriyano + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 5 9 0 5
eBook
9 7 8 1 5 9 7 4 9 5 9 1 2

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors.

Collaborative Enterprise Architecture

1st Edition
August 29, 2012
Stefan Bente + 2 more
English
Paperback
9 7 8 0 1 2 4 1 5 9 3 4 1
eBook
9 7 8 0 1 2 4 1 5 9 8 9 1

Ever-changing business needs have prompted large companies to rethink their enterprise IT. Today, businesses must allow interaction with their customers, partners, and employees at more touch points and at a depth never thought previously. At the same time, rapid advances in information technologies, like business digitization, cloud computing, and Web 2.0, demand fundamental changes in the enterprises’ management practices. These changes have a drastic effect not only on IT and business, but also on policies, processes, and people. Many companies therefore embark on enterprise-wide transformation initiatives. The role of Enterprise Architecture (EA) is to architect and supervise this transformational journey.Unfortunatel... today’s EA is often a ponderous and detached exercise, with most of the EA initiatives failing to create visible impact. The enterprises need an EA that is agile and responsive to business dynamics. Collaborative Enterprise Architecture provides the innovative solutions today’s enterprises require, informed by real-world experiences and experts’ insights. This book, in its first part, provides a systematic compendium of the current best practices in EA, analyzes current ways of doing EA, and identifies its constraints and shortcomings. In the second part, it leaves the beaten tracks of EA by introducing Lean, Agile, and Enterprise 2.0 concepts to the traditional EA methods. This blended approach to EA focuses on practical aspects, with recommendations derived from real-world experiences. A truly thought provoking and pragmatic guide to manage EA, Collaborative Enterprise Architecture effectively merges the long-term oriented top-down approach with pragmatic bottom-up thinking, and that way offers real solutions to businesses undergoing enterprise-wide change.

CISSP Study Guide

2nd Edition
August 29, 2012
Eric Conrad + 2 more
English

The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. The newest edition of this acclaimed study guide is aligned to cover all of the material included in the newest version of the exam’s Common Body of Knowledge. The ten domains are covered completely and as concisely as possible with an eye to acing the exam. Each of the ten domains has its own chapter that includes specially designed pedagogy to aid the test-taker in passing the exam, including: Clearly stated exam objectives; Unique terms/Definitions; Exam Warnings; Learning by Example; Hands-On Exercises; Chapter ending questions. Furthermore, special features include: Two practice exams; Tiered chapter ending questions that allow for a gradual learning curve; and a self-test appendix

The Basics of Hacking and Penetration Testing

1st Edition
July 21, 2011
Patrick Engebretson
English

The Basics of Hacking and Penetration Testing serves as an introduction to the steps required to complete a penetration test or perform an ethical hack from beginning to end. This book makes ethical hacking and penetration testing easy – no prior hacking experience is required. It shows how to properly utilize and interpret the results of the modern-day hacking tools required to complete a penetration test. With a simple and clean explanation of how to effectively utilize these tools – as well as the introduction to a four-step methodology for conducting a penetration test or hack – the book provides students with the know-how required to jump start their careers and gain a better understanding of offensive security. The book is organized into 7 chapters that cover hacking tools such as Backtrack Linux, Google reconnaissance, MetaGooFil, dig, Nmap, Nessus, Metasploit, Fast Track Autopwn, Netcat, and Hacker Defender rootkit. Each chapter contains hands-on examples and exercises that are designed to teach learners how to interpret results and utilize those results in later phases. PowerPoint slides are available for use in class. This book is an ideal reference for security consultants, beginning InfoSec professionals, and students.

Penetration Tester's Open Source Toolkit

3rd Edition
July 18, 2011
Jeremy Faircloth
English
eBook
9 7 8 1 5 9 7 4 9 6 2 8 5

Penetration Tester’s Open Source Toolkit, Third Edition, discusses the open source tools available to penetration testers, the ways to use them, and the situations in which they apply. Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the student for each situation. This edition offers instruction on how and in which situations the penetration tester can best use them. Real-life scenarios support and expand upon explanations throughout. It also presents core technologies for each type of testing and the best tools for the job. The book consists of 10 chapters that covers a wide range of topics such as reconnaissance; scanning and enumeration; client-side attacks and human weaknesses; hacking database services; Web server and Web application testing; enterprise application testing; wireless penetrating testing; and building penetration test labs. The chapters also include case studies where the tools that are discussed are applied. New to this edition: enterprise application testing, client-side attacks and updates on Metasploit and Backtrack. This book is for people who are interested in penetration testing or professionals engaged in penetration testing. Those working in the areas of database, network, system, or application administration, as well as architects, can gain insights into how penetration testers perform testing in their specific areas of expertise and learn what to expect from a penetration test. This book can also serve as a reference for security or audit professionals.

The Basics of Information Security

1st Edition
June 10, 2011
Jason Andress
English
eBook
9 7 8 1 5 9 7 4 9 6 5 4 4

The Basics of Information Security provides fundamental knowledge of information security in both theoretical and practical aspects. This book is packed with key concepts of information security, such as confidentiality, integrity, and availability, as well as tips and additional resources for further advanced study. It also includes practical applications in the areas of operations, physical, network, operating system, and application security. Complete with exercises at the end of each chapter, this book is well-suited for classroom or instructional use. The book consists of 10 chapters covering such topics as identification and authentication; authorization and access control; auditing and accountability; cryptography; operations security; physical security; network security; operating system security; and application security. Useful implementations for each concept are demonstrated using real world examples. PowerPoint lecture slides are available for use in the classroom. This book is an ideal reference for security consultants, IT managers, students, and those new to the InfoSec field.

Cybercrime and Espionage

1st Edition
January 7, 2011
Will Gragido + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 6 1 3 1
eBook
9 7 8 1 5 9 7 4 9 6 1 4 8

Cybercrime and Espionage provides a comprehensive analysis of the sophisticated patterns and subversive multi-vector threats (SMTs) associated with modern cybercrime, cyber terrorism, cyber warfare and cyber espionage. Whether the goal is to acquire and subsequently sell intellectual property from one organization to a competitor or the international black markets, to compromise financial data and systems, or undermine the security posture of a nation state by another nation state or sub-national entity, SMTs are real and growing at an alarming pace. This book contains a wealth of knowledge related to the realities seen in the execution of advanced attacks, their success from the perspective of exploitation and their presence within all industry. It will educate readers on the realities of advanced, next generation threats, which take form in a variety ways. This book consists of 12 chapters covering a variety of topics such as the maturity of communications systems and the emergence of advanced web technology; how regulatory compliance has worsened the state of information security; the convergence of physical and logical security; asymmetric forms of gathering information; seven commonalities of SMTs; examples of compromise and presence of SMTs; next generation techniques and tools for avoidance and obfuscation; and next generation techniques and tools for detection, identification and analysis. This book will appeal to information and physical security professionals as well as those in the intelligence community and federal and municipal law enforcement, auditors, forensic analysts, and CIO/CSO/CISO.

Life Sciences

Physical Sciences & Engineering

Social Sciences & Humanities

Health