Skip to main content
Elsevier

Books in Computer security

  • Investigations and the Art of the Interview

    • 4th Edition
    • Inge Sebyan Black + 1 more
    • English
    The Art of Investigative Interviewing, Fourth Edition, builds on the successes of the previous editions providing the reader guidance on conducting investigative interviews, both ethically and professionally. The book can be used by anyone who is involved in investigative interviewing. It is a perfect combination of real, practical, and effective techniques, procedures, and actual cases. The reader learns key elements of investigative interviewing, such as human psychology, proper interview preparation, tactical concepts, controlling the interview environment, and evaluating the evidence obtained from the interview. New to this edition will be coverage of Open Source Intelligence (OSINT) tools, workplace investigations, fraud investigations and the role of audit. Larry Fennelly joins original author Inge Sebyan Black, both well-known and respected in the field, providing everything an interviewer needs to know in order to conduct successful interviews with integrity and within the law. Written for anyone involved in investigative interviewing.

  • Security Controls Evaluation, Testing, and Assessment Handbook

    • 2nd Edition
    • Leighton Johnson
    • English
    Security Controls Evaluation, Testing, and Assessment Handbook, Second Edition, provides a current and well-developed approach to evaluate and test IT security controls to prove they are functioning correctly. This handbook discusses the world of threats and potential breach actions surrounding all industries and systems. Sections cover how to take FISMA, NIST Guidance, and DOD actions, while also providing a detailed, hands-on guide to performing assessment events for information security professionals in US federal agencies. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements and evaluation efforts.

  • Smart Cities Cybersecurity and Privacy

    • 1st Edition
    • Danda B. Rawat + 1 more
    • English
    Smart Cities Cybersecurity and Privacy examines the latest research developments and their outcomes for safe, secure, and trusting smart cities residents. Smart cities improve the quality of life of citizens in their energy and water usage, healthcare, environmental impact, transportation needs, and many other critical city services. Recent advances in hardware and software, have fueled the rapid growth and deployment of ubiquitous connectivity between a city’s physical and cyber components. This connectivity however also opens up many security vulnerabilities that must be mitigated. Smart Cities Cybersecurity and Privacy helps researchers, engineers, and city planners develop adaptive, robust, scalable, and reliable security and privacy smart city applications that can mitigate the negative implications associated with cyber-attacks and potential privacy invasion. It provides insights into networking and security architectures, designs, and models for the secure operation of smart city applications.

  • Seeking the Truth from Mobile Evidence

    Basic Fundamentals, Intermediate and Advanced Overview of Current Mobile Forensic Investigations
    • 1st Edition
    • John Bair
    • English
    Seeking the Truth from Mobile Evidence: Basic Fundamentals, Intermediate and Advanced Overview of Current Mobile Forensic Investigations will assist those who have never collected mobile evidence and augment the work of professionals who are not currently performing advanced destructive techniques. This book is intended for any professional that is interested in pursuing work that involves mobile forensics, and is designed around the outcomes of criminal investigations that involve mobile digital evidence. Author John Bair brings to life the techniques and concepts that can assist those in the private or corporate sector. Mobile devices have always been very dynamic in nature. They have also become an integral part of our lives, and often times, a digital representation of where we are, who we communicate with and what we document around us. Because they constantly change features, allow user enabled security, and or encryption, those employed with extracting user data are often overwhelmed with the process. This book presents a complete guide to mobile device forensics, written in an easy to understand format.

  • Deception in the Digital Age

    Exploiting and Defending Human Targets through Computer-Mediated Communications
    • 1st Edition
    • Cameron H. Malin + 3 more
    • English
    Deception in the Digital Age: Exploiting and Defending Human Targets Through Computer-Mediated Communication guides readers through the fascinating history and principles of deception—and how these techniques and stratagems are now being effectively used by cyber attackers. Users will find an in-depth guide that provides valuable insights into the cognitive, sensory and narrative bases of misdirection, used to shape the targeted audience’s perceptions and beliefs. The text provides a detailed analysis of the psychological, sensory, sociological, and technical precepts that reveal predictors of attacks—and conversely postmortem insight about attackers—presenting a unique resource that empowers readers to observe, understand and protect against cyber deception tactics. Written by information security experts with real-world investigative experience, the text is the most instructional book available on the subject, providing practical guidance to readers with rich literature references, diagrams and examples that enhance the learning process.

  • Cell Phone Location Evidence for Legal Professionals

    Understanding Cell Phone Location Evidence from the Warrant to the Courtroom
    • 1st Edition
    • Larry Daniel
    • English
    Cell Phone Location Evidence for Legal Professionals: Understanding Cell Phone Location Evidence from the Warrant to the Courtroom is a guide, in plain language, for digital forensics professionals, attorneys, law enforcement professionals and students interested in the sources, methods and evidence used to perform forensic data analysis of cell phones, call detail records, real time ping records and geo-location data obtained from cellular carriers and cell phones. Users will gain knowledge on how to identify evidence and how to properly address it for specific cases, including challenges to the methods of analysis and to the qualifications of persons who would testify about this evidence. This book is intended to provide digital forensics professionals, legal professionals and others with an interest in this field the information needed to understand what each type of evidence means, where it comes from, how it is analyzed and presented, and how it is used in various types of civil and criminal litigation. Relevant case law are included, or referred to, as appropriate throughout this book to give the reader an understanding of the legal history of this type of evidence and how it is being addressed by various state and federal courts.

  • Cybercrime and Business

    Strategies for Global Corporate Security
    • 1st Edition
    • Sanford Moskowitz
    • English
    Cybercrime and Business: Strategies for Global Corporate Security examines the three most prevalent cybercrimes afflicting today’s corporate security professionals: piracy, espionage, and computer hacking. By demonstrating how each of these threats evolved separately and then converged to form an ultra-dangerous composite threat, the book discusses the impact the threats pose and how the very technologies that created the problem can help solve it. Cybercrime and Business then offers viable strategies for how different types of businesses—from large multinationals to small start-ups—can respond to these threats to both minimize their losses and gain a competitive advantage. The book concludes by identifying future technological threats and how the models presented in the book can be applied to handling them.

  • Research Methods for Cyber Security

    • 1st Edition
    • Thomas W. Edgar + 1 more
    • English
    Research Methods for Cyber Security teaches scientific methods for generating impactful knowledge, validating theories, and adding critical rigor to the cyber security field. This book shows how to develop a research plan, beginning by starting research with a question, then offers an introduction to the broad range of useful research methods for cyber security research: observational, mathematical, experimental, and applied. Each research method chapter concludes with recommended outlines and suggested templates for submission to peer reviewed venues. This book concludes with information on cross-cutting issues within cyber security research. Cyber security research contends with numerous unique issues, such as an extremely fast environment evolution, adversarial behavior, and the merging of natural and social science phenomena. Research Methods for Cyber Security addresses these concerns and much more by teaching readers not only the process of science in the context of cyber security research, but providing assistance in execution of research as well.

  • Digital Forensics Trial Graphics

    Teaching the Jury through Effective Use of Visuals
    • 1st Edition
    • John Sammons + 1 more
    • English
    Digital Forensics Trial Graphics: Teaching the Jury Through Effective Use of Visuals helps digital forensic practitioners explain complex technical material to laypeople (i.e., juries, judges, etc.). The book includes professional quality illustrations of technology that help anyone understand the complex concepts behind the science. Users will find invaluable information on theory and best practices along with guidance on how to design and deliver successful explanations.

  • Federal Cloud Computing

    The Definitive Guide for Cloud Service Providers
    • 2nd Edition
    • Matthew Metheny
    • English
    Federal Cloud Computing: The Definitive Guide for Cloud Service Providers, Second Edition offers an in-depth look at topics surrounding federal cloud computing within the federal government, including the Federal Cloud Computing Strategy, Cloud Computing Standards, Security and Privacy, and Security Automation. You will learn the basics of the NIST risk management framework (RMF) with a specific focus on cloud computing environments, all aspects of the Federal Risk and Authorization Management Program (FedRAMP) process, and steps for cost-effectively implementing the Assessment and Authorization (A&A) process, as well as strategies for implementing Continuous Monitoring, enabling the Cloud Service Provider to address the FedRAMP requirement on an ongoing basis. This updated edition will cover the latest changes to FedRAMP program, including clarifying guidance on the paths for Cloud Service Providers to achieve FedRAMP compliance, an expanded discussion of the new FedRAMP Security Control, which is based on the NIST SP 800-53 Revision 4, and maintaining FedRAMP compliance through Continuous Monitoring. Further, a new chapter has been added on the FedRAMP requirements for Vulnerability Scanning and Penetration Testing.

  • Certifiable Software Applications 2

    Support Processes
    • 1st Edition
    • Jean-Louis Boulanger
    • English
    Certifiable Software Applications 2: Support Processes explains the process to achieve a certifiable application. This concerns several major topics, skill management, data preparation, requirement management, software verification, and software validation. In addition, analysis of the impact of the use of COTS and pre-existing software on certifiable software is presented. Finally, the last support process concerns the management of commercial tools, the creation of a specific tools, and therefore the qualification of tools, which is based on their impact on the final software.

  • Advanced Persistent Security

    A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies
    • 1st Edition
    • Ira Winkler + 1 more
    • English
    Advanced Persistent Security covers secure network design and implementation, including authentication, authorization, data and access integrity, network monitoring, and risk assessment. Using such recent high profile cases as Target, Sony, and Home Depot, the book explores information security risks, identifies the common threats organizations face, and presents tactics on how to prioritize the right countermeasures. The book discusses concepts such as malignant versus malicious threats, adversary mentality, motivation, the economics of cybercrime, the criminal infrastructure, dark webs, and the criminals organizations currently face.

  • Contemporary Digital Forensic Investigations of Cloud and Mobile Applications

    • 1st Edition
    • Kim-Kwang Raymond Choo + 1 more
    • English
    Contemporary Digital Forensic Investigations of Cloud and Mobile Applications comprehensively discusses the implications of cloud (storage) services and mobile applications on digital forensic investigations. The book provides both digital forensic practitioners and researchers with an up-to-date and advanced knowledge of collecting and preserving electronic evidence from different types of cloud services, such as digital remnants of cloud applications accessed through mobile devices. This is the first book that covers the investigation of a wide range of cloud services. Dr. Kim-Kwang Raymond Choo and Dr. Ali Dehghantanha are leading researchers in cloud and mobile security and forensics, having organized research, led research, and been published widely in the field. Users will gain a deep overview of seminal research in the field while also identifying prospective future research topics and open challenges.

  • Building a Practical Information Security Program

    • 1st Edition
    • Jason Andress + 1 more
    • English
    Building a Practical Information Security Program provides users with a strategic view on how to build an information security program that aligns with business objectives. The information provided enables both executive management and IT managers not only to validate existing security programs, but also to build new business-driven security programs. In addition, the subject matter supports aspiring security engineers to forge a career path to successfully manage a security program, thereby adding value and reducing risk to the business. Readers learn how to translate technical challenges into business requirements, understand when to "go big or go home," explore in-depth defense strategies, and review tactics on when to absorb risks. This book explains how to properly plan and implement an infosec program based on business strategy and results.

  • Handbook of System Safety and Security

    Cyber Risk and Risk Management, Cyber Security, Threat Analysis, Functional Safety, Software Systems, and Cyber Physical Systems
    • 1st Edition
    • Edward Griffor
    • English
    Handbook of System Safety and Security: Cyber Risk and Risk Management, Cyber Security, Adversary Modeling, Threat Analysis, Business of Safety, Functional Safety, Software Systems, and Cyber Physical Systems presents an update on the world's increasing adoption of computer-enabled products and the essential services they provide to our daily lives. The tailoring of these products and services to our personal preferences is expected and made possible by intelligence that is enabled by communication between them. Ensuring that the systems of these connected products operate safely, without creating hazards to us and those around us, is the focus of this book, which presents the central topics of current research and practice in systems safety and security as it relates to applications within transportation, energy, and the medical sciences. Each chapter is authored by one of the leading contributors to the current research and development on the topic. The perspective of this book is unique, as it takes the two topics, systems safety and systems security, as inextricably intertwined. Each is driven by concern about the hazards associated with a system’s performance.

  • Integrating Python with Leading Computer Forensics Platforms

    • 1st Edition
    • Chet Hosmer
    • English
    Integrating Python with Leading Computer Forensic Platforms takes a definitive look at how and why the integration of Python advances the field of digital forensics. In addition, the book includes practical, never seen Python examples that can be immediately put to use. Noted author Chet Hosmer demonstrates how to extend four key Forensic Platforms using Python, including EnCase by Guidance Software, MPE+ by AccessData, The Open Source Autopsy/SleuthKit by Brian Carrier and WetStone Technologies, and Live Acquisition and Triage Tool US-LATT. This book is for practitioners, forensic investigators, educators, students, private investigators, or anyone advancing digital forensics for investigating cybercrime. Additionally, the open source availability of the examples allows for sharing and growth within the industry. This book is the first to provide details on how to directly integrate Python into key forensic platforms.

  • Penetration Tester's Open Source Toolkit

    • 4th Edition
    • Jeremy Faircloth
    • English
    Continuing a tradition of excellent training on open source tools, Penetration Tester’s Open Source Toolkit, Fourth Edition is a great reference to the open source tools available today and teaches you how to use them by demonstrating them in real-world examples. This book expands upon existing documentation so that a professional can get the most accurate and in-depth test results possible. Real-life scenarios are a major focus so that the reader knows which tool to use and how to use it for a variety of situations. This updated edition covers the latest technologies and attack vectors, including industry specific case studies and complete laboratory setup. Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented work as well or better than commercial tools and can be modified by the user for each situation if needed. Many tools, even ones that cost thousands of dollars, do not come with any type of instruction on how and in which situations the penetration tester can best use them. Penetration Tester's Open Source Toolkil, Fourth Edition bridges this gap providing the critical information that you need.

  • Mobile Security and Privacy

    Advances, Challenges and Future Research Directions
    • 1st Edition
    • Man Ho Au + 1 more
    • English
    Mobile Security and Privacy: Advances, Challenges and Future Research Directions provides the first truly holistic view of leading edge mobile security research from Dr. Man Ho Au and Dr. Raymond Choo—leading researchers in mobile security. Mobile devices and apps have become part of everyday life in both developed and developing countries. As with most evolving technologies, mobile devices and mobile apps can be used for criminal exploitation. Along with the increased use of mobile devices and apps to access and store sensitive, personally identifiable information (PII) has come an increasing need for the community to have a better understanding of the associated security and privacy risks. Drawing upon the expertise of world-renowned researchers and experts, this volume comprehensively discusses a range of mobile security and privacy topics from research, applied, and international perspectives, while aligning technical security implementations with the most recent developments in government, legal, and international environments. The book does not focus on vendor-specific solutions, instead providing a complete presentation of forward-looking research in all areas of mobile security. The book will enable practitioners to learn about upcoming trends, scientists to share new directions in research, and government and industry decision-makers to prepare for major strategic decisions regarding implementation of mobile technology security and privacy. In addition to the state-of-the-art research advances, this book also discusses prospective future research topics and open challenges.

  • Eleventh Hour CISSP®

    Study Guide
    • 3rd Edition
    • Joshua Feldman + 2 more
    • English
    Eleventh Hour CISSP: Study Guide, Third Edition provides readers with a study guide on the most current version of the Certified Information Systems Security Professional exam. This book is streamlined to include only core certification information, and is presented for ease of last-minute studying. Main objectives of the exam are covered concisely with key concepts highlighted. The CISSP certification is the most prestigious, globally-recognized, vendor neutral exam for information security professionals. Over 100,000 professionals are certified worldwide, with many more joining their ranks. This new third edition is aligned to cover all of the material in the most current version of the exam’s Common Body of Knowledge. All domains are covered as completely and concisely as possible, giving users the best possible chance of acing the exam.

  • Coding for Penetration Testers

    Building Better Tools
    • 2nd Edition
    • Jason Andress + 1 more
    • English
    Coding for Penetration Testers: Building Better Tools, Second Edition provides readers with an understanding of the scripting languages that are commonly used when developing tools for penetration testing, also guiding users through specific examples of custom tool development and the situations where such tools might be used. While developing a better understanding of each language, the book presents real-world scenarios and tool development that can be incorporated into a tester's toolkit. This completely updated edition focuses on an expanded discussion on the use of Powershell, and includes practical updates to all tools and coverage.

  • Certifiable Software Applications 1

    Main Processes
    • 1st Edition
    • Jean-Louis Boulanger
    • English
    Certifiable Software Applications 1: Main Processes is dedicated to the establishment of quality assurance and safety assurance. It establishes the context for achieving a certifiable software application. In it, the author covers recent developments such as the module, component and product line approach. Applicable standards are presented and security principles are described and discussed. Finally, the requirements for mastering quality and configuration are explained. In this book the reader will find the fundamental practices from the field and an introduction to the concept of software application.

  • Information Security Science

    Measuring the Vulnerability to Data Compromises
    • 1st Edition
    • Carl Young
    • English
    Information Security Science: Measuring the Vulnerability to Data Compromises provides the scientific background and analytic techniques to understand and measure the risk associated with information security threats. This is not a traditional IT security book since it includes methods of information compromise that are not typically addressed in textbooks or journals. In particular, it explores the physical nature of information security risk, and in so doing exposes subtle, yet revealing, connections between information security, physical security, information technology, and information theory. This book is also a practical risk management guide, as it explains the fundamental scientific principles that are directly relevant to information security, specifies a structured methodology to evaluate a host of threats and attack vectors, identifies unique metrics that point to root causes of technology risk, and enables estimates of the effectiveness of risk mitigation. This book is the definitive reference for scientists and engineers with no background in security, and is ideal for security analysts and practitioners who lack scientific training. Importantly, it provides security professionals with the tools to prioritize information security controls and thereby develop cost-effective risk management strategies.

  • Cyber Guerilla

    • 1st Edition
    • Jelle Van Haaster + 2 more
    • English
    Much as Che Guevara’s book Guerilla Warfare helped define and delineate a new type of warfare in the wake of the Cuban revolution in 1961, Cyber Guerilla will help define the new types of threats and fighters now appearing in the digital landscape. Cyber Guerilla provides valuable insight for infosec professionals and consultants, as well as government, military, and corporate IT strategists who must defend against myriad threats from non-state actors. The authors take readers inside the operations and tactics of cyber guerillas, who are changing the dynamics of cyber warfare and information security through their unconventional strategies and threats. This book draws lessons from the authors’ own experiences but also from illustrative hacker groups such as Anonymous, LulzSec and Rebellious Rose.

  • Executing Windows Command Line Investigations

    While Ensuring Evidentiary Integrity
    • 1st Edition
    • Chet Hosmer + 2 more
    • English
    The book Executing Windows Command Line Investigations targets the needs of cyber security practitioners who focus on digital forensics and incident response. These are the individuals who are ultimately responsible for executing critical tasks such as incident response; forensic analysis and triage; damage assessments; espionage or other criminal investigations; malware analysis; and responding to human resource violations. The authors lead readers through the importance of Windows CLI, as well as optimal configuration and usage. Readers will then learn the importance of maintaining evidentiary integrity, evidence volatility, and gain appropriate insight into methodologies that limit the potential of inadvertently destroying or otherwise altering evidence. Next, readers will be given an overview on how to use the proprietary software that accompanies the book as a download from the companion website. This software, called Proactive Incident Response Command Shell (PIRCS), developed by Harris Corporation provides an interface similar to that of a Windows CLI that automates evidentiary chain of custody and reduces human error and documentation gaps during incident response.

  • DNS Security

    Defending the Domain Name System
    • 1st Edition
    • Allan Liska + 1 more
    • English
    DNS Security: Defending the Domain Name System provides tactics on how to protect a Domain Name System (DNS) framework by exploring common DNS vulnerabilities, studying different attack vectors, and providing necessary information for securing DNS infrastructure. The book is a timely reference as DNS is an integral part of the Internet that is involved in almost every attack against a network. The book focuses entirely on the security aspects of DNS, covering common attacks against DNS servers and the protocol itself, as well as ways to use DNS to turn the tables on the attackers and stop an incident before it even starts.

  • Data Breach Preparation and Response

    Breaches are Certain, Impact is Not
    • 1st Edition
    • Kevvie Fowler
    • English
    Data Breach Preparation and Response: Breaches are Certain, Impact is Not is the first book to provide 360 degree visibility and guidance on how to proactively prepare for and manage a data breach and limit impact. Data breaches are inevitable incidents that can disrupt business operations and carry severe reputational and financial impact, making them one of the largest risks facing organizations today. The effects of a breach can be felt across multiple departments within an organization, who will each play a role in effectively managing the breach. Kevvie Fowler has assembled a team of leading forensics, security, privacy, legal, public relations and cyber insurance experts to create the definitive breach management reference for the whole organization.

  • Cybersecurity and Applied Mathematics

    • 1st Edition
    • Leigh Metcalf + 1 more
    • English
    Cybersecurity and Applied Mathematics explores the mathematical concepts necessary for effective cybersecurity research and practice, taking an applied approach for practitioners and students entering the field. This book covers methods of statistical exploratory data analysis and visualization as a type of model for driving decisions, also discussing key topics, such as graph theory, topological complexes, and persistent homology. Defending the Internet is a complex effort, but applying the right techniques from mathematics can make this task more manageable. This book is essential reading for creating useful and replicable methods for analyzing data.

  • Threat Forecasting

    Leveraging Big Data for Predictive Analysis
    • 1st Edition
    • John Pirc + 3 more
    • English
    Drawing upon years of practical experience and using numerous examples and illustrative case studies, Threat Forecasting: Leveraging Big Data for Predictive Analysis discusses important topics, including the danger of using historic data as the basis for predicting future breaches, how to use security intelligence as a tool to develop threat forecasting techniques, and how to use threat data visualization techniques and threat simulation tools. Readers will gain valuable security insights into unstructured big data, along with tactics on how to use the data to their advantage to reduce risk.

  • OS X Incident Response

    Scripting and Analysis
    • 1st Edition
    • Jaron Bradley
    • English
    OS X Incident Response: Scripting and Analysis is written for analysts who are looking to expand their understanding of a lesser-known operating system. By mastering the forensic artifacts of OS X, analysts will set themselves apart by acquiring an up-and-coming skillset. Digital forensics is a critical art and science. While forensics is commonly thought of as a function of a legal investigation, the same tactics and techniques used for those investigations are also important in a response to an incident. Digital evidence is not only critical in the course of investigating many crimes but businesses are recognizing the importance of having skilled forensic investigators on staff in the case of policy violations. Perhaps more importantly, though, businesses are seeing enormous impact from malware outbreaks as well as data breaches. The skills of a forensic investigator are critical to determine the source of the attack as well as the impact. While there is a lot of focus on Windows because it is the predominant desktop operating system, there are currently very few resources available for forensic investigators on how to investigate attacks, gather evidence and respond to incidents involving OS X. The number of Macs on enterprise networks is rapidly increasing, especially with the growing prevalence of BYOD, including iPads and iPhones. Author Jaron Bradley covers a wide variety of topics, including both the collection and analysis of the forensic pieces found on the OS. Instead of using expensive commercial tools that clone the hard drive, you will learn how to write your own Python and bash-based response scripts. These scripts and methodologies can be used to collect and analyze volatile data immediately. For online source codes, please visit: https://github.com/j...

  • Protecting Patient Information

    A Decision-Maker's Guide to Risk, Prevention, and Damage Control
    • 1st Edition
    • Paul Cerrato
    • English
    Protecting Patient Information: A Decision-Maker's Guide to Risk, Prevention, and Damage Control provides the concrete steps needed to tighten the information security of any healthcare IT system and reduce the risk of exposing patient health information (PHI) to the public. The book offers a systematic, 3-pronged approach for addressing the IT security deficits present in healthcare organizations of all sizes. Healthcare decision-makers are shown how to conduct an in-depth analysis of their organization’s information risk level. After this assessment is complete, the book offers specific measures for lowering the risk of a data breach, taking into account federal and state regulations governing the use of patient data. Finally, the book outlines the steps necessary when an organization experiences a data breach, even when it has taken all the right precautions.

  • Network Performance and Security

    Testing and Analyzing Using Open Source and Low-Cost Tools
    • 1st Edition
    • Chris Chapman
    • English
    Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools gives mid-level IT engineers the practical tips and tricks they need to use the best open source or low cost tools available to harden their IT infrastructure. The book details how to use the tools and how to interpret them. Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools begins with an overview of best practices for testing security and performance across devices and the network. It then shows how to document assets—such as servers, switches, hypervisor hosts, routers, and firewalls—using publicly available tools for network inventory. The book explores security zoning the network, with an emphasis on isolated entry points for various classes of access. It shows how to use open source tools to test network configurations for malware attacks, DDoS, botnet, rootkit and worm attacks, and concludes with tactics on how to prepare and execute a mediation schedule of the who, what, where, when, and how, when an attack hits. Network security is a requirement for any modern IT infrastructure. Using Network Performance Security: Testing and Analyzing Using Open Source and Low-Cost Tools makes the network stronger by using a layered approach of practical advice and good testing practices.

  • Windows Registry Forensics

    Advanced Digital Forensic Analysis of the Windows Registry
    • 2nd Edition
    • Harlan Carvey
    • English
    Windows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry, Second Edition, provides the most in-depth guide to forensic investigations involving Windows Registry. This book is one-of-a-kind, giving the background of the Registry to help users develop an understanding of the structure of registry hive files, as well as information stored within keys and values that can have a significant impact on forensic investigations. Tools and techniques for post mortem analysis are discussed at length to take users beyond the current use of viewers and into real analysis of data contained in the Registry. This second edition continues a ground-up approach to understanding so that the treasure trove of the Registry can be mined on a regular and continuing basis.

  • Implementing Digital Forensic Readiness

    From Reactive to Proactive Process
    • 1st Edition
    • Jason Sachowski
    • English
    Implementing Digital Forensic Readiness: From Reactive to Proactive Process shows information security and digital forensic professionals how to increase operational efficiencies by implementing a pro-active approach to digital forensics throughout their organization. It demonstrates how digital forensics aligns strategically within an organization’s business operations and information security’s program. This book illustrates how the proper collection, preservation, and presentation of digital evidence is essential for reducing potential business impact as a result of digital crimes, disputes, and incidents. It also explains how every stage in the digital evidence lifecycle impacts the integrity of data, and how to properly manage digital evidence throughout the entire investigation. Using a digital forensic readiness approach and preparedness as a business goal, the administrative, technical, and physical elements included throughout this book will enhance the relevance and credibility of digital evidence. Learn how to document the available systems and logs as potential digital evidence sources, how gap analysis can be used where digital evidence is not sufficient, and the importance of monitoring data sources in a timely manner. This book offers standard operating procedures to document how an evidence-based presentation should be made, featuring legal resources for reviewing digital evidence.

  • The Information Systems Security Officer's Guide

    Establishing and Managing a Cyber Security Program
    • 3rd Edition
    • Gerald L. Kovacich
    • English
    The Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program, Third Edition, provides users with information on how to combat the ever-changing myriad of threats security professionals face. This entirely updated edition presents practical advice on establishing, managing, and evaluating a successful information protection program in a corporation or government agency, covering everything from effective communication to career guidance for the information security officer. The book outlines how to implement a new plan or evaluate an existing one, and is especially targeted to those who are new to the topic. It is the definitive resource for learning the key characteristics of an effective information systems security officer (ISSO), and paints a comprehensive portrait of an ISSO's duties, their challenges, and working environments, from handling new technologies and threats, to performing information security duties in a national security environment.

  • Deploying Secure Containers for Training and Development

    • 1st Edition
    • Henry Dalziel + 1 more
    • English
    In the book we will be talking about Deploying Secure Containers for Training and Development. The book covers the technology behind Linux-based containers and what they can be used for. Details on how to use containers in training and development are also provided.

  • Automated Security Analysis of Android and iOS Applications with Mobile Security Framework

    • 1st Edition
    • Henry Dalziel + 1 more
    • English
    Risky Behaviours in the Top 400 iOS and Android Apps is a concise overview of the security threats posed by the top apps in iOS and Android apps. These apps are ubiquitous on a phones and other mobile devices, and are vulnerable to a wide range digital systems attacks, This brief volume provides security professionals and network systems administrators a much-needed dive into the most current threats, detection techniques, and defences for these attacks.

  • Cyber Security Awareness for CEOs and Management

    • 1st Edition
    • Henry Dalziel + 1 more
    • English
    Cyber Security for CEOs and Managment is a concise overview of the security threats posed to organizations and networks by the ubiquity of USB Flash Drives used as storage devices. The book will provide an overview of the cyber threat to you, your business, your livelihood, and discuss what you need to do, especially as CEOs and Management, to lower risk, reduce or eliminate liability, and protect reputation all related to information security, data protection and data breaches. The purpose of this book is to discuss the risk and threats to company information, customer information, as well as the company itself; how to lower the risk of a breach, reduce the associated liability, react quickly, protect customer information and the company’s reputation, as well as discuss your ethical, fiduciary and legal obligations.

  • Cyber Security Awareness for Lawyers

    • 1st Edition
    • Henry Dalziel + 1 more
    • English
    Cyber Security Awareness for Lawyers is a concise overview of the cyber security threats posed to companies and organizations. The book will provide an overview of the cyber threat to you, your business, your livelihood, and discuss what you need to do--especially as Lawyers--to lower risk, reduce or eliminate liability, and protect reputation all related to information security, data protection and data breaches. The purpose of this book is to discuss the risk and threats to company information, customer information, as well as the company itself; how to lower the risk of a breach, reduce the associated liability, react quickly, protect customer information and the company’s reputation, as well as discuss your ethical, fiduciary and legal obligations.

  • Cyber Security Awareness for Corporate Directors and Board Members

    • 1st Edition
    • Henry Dalziel + 1 more
    • English
    Cyber Security Awareness for Corporate Directors and Board Members is a concise overview of the cyber threat to you, your business, your livelihood, and what you need to do--especially as board members and directors of boards-- to lower the risk, reduce or eliminate liability, and protect reputation. The book details the severity of the treat to companies, and what to do as corporate directors and board members to build a defense against potential breaches.

  • Digital Forensics

    Threatscape and Best Practices
    • 1st Edition
    • John Sammons
    • English
    Digital Forensics: Threatscape and Best Practices surveys the problems and challenges confronting digital forensic professionals today, including massive data sets and everchanging technology. This book provides a coherent overview of the threatscape in a broad range of topics, providing practitioners and students alike with a comprehensive, coherent overview of the threat landscape and what can be done to manage and prepare for it. Digital Forensics: Threatscape and Best Practices delivers you with incisive analysis and best practices from a panel of expert authors, led by John Sammons, bestselling author of The Basics of Digital Forensics.

  • Security Controls Evaluation, Testing, and Assessment Handbook

    • 1st Edition
    • Leighton Johnson
    • English
    Security Controls Evaluation, Testing, and Assessment Handbook provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This handbook shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this book will provide a useful handbook for how to evaluate the effectiveness of the security controls that are in place. Security Controls Evaluation, Testing, and Assessment Handbook shows you what your security controls are doing and how they are standing up to various inside and outside threats. This handbook provides guidance and techniques for evaluating and testing various computer security controls in IT systems. Author Leighton Johnson shows you how to take FISMA, NIST Guidance, and DOD actions and provide a detailed, hands-on guide to performing assessment events for information security professionals who work with US federal agencies. As of March 2014, all agencies are following the same guidelines under the NIST-based Risk Management Framework. This handbook uses the DOD Knowledge Service and the NIST Families assessment guides as the basis for needs assessment, requirements, and evaluation efforts for all of the security controls. Each of the controls can and should be evaluated in its own unique way, through testing, examination, and key personnel interviews. Each of these methods is discussed.

  • Breaking into Information Security

    Crafting a Custom Career Path to Get the Job You Really Want
    • 1st Edition
    • Josh More + 2 more
    • English
    Whether you want to break into information security, move from one job to another, or transition into management, Breaking into Information Security will help. No other book surveys all the different jobs available in the industry, frankly discusses the positives and negatives of each, and what you need to learn to get into and out of each role. Unlike books that focus on a specific skill set or on how to gain a certification or get a job, this book encompasses the "big picture," including why certifications, if any, are worthwhile for you. In a profession where new career paths aren’t always clear, Breaking into Information Security will teach you how to identify where you are in your career today, understand where you wish to go, and provide proven methods to get there. From entry-level jobs to the extremely specific skills needed to be an InfoSec consultant, this book covers it all, including in-job skill building, working within the community, and building your skills after hours. If you are seeking to advance in the highly competitive field of information security, this book will give you the edge you need to break in.

  • Automating Open Source Intelligence

    Algorithms for OSINT
    • 1st Edition
    • Robert Layton + 1 more
    • English
    Algorithms for Automating Open Source Intelligence (OSINT) presents information on the gathering of information and extraction of actionable intelligence from openly available sources, including news broadcasts, public repositories, and more recently, social media. As OSINT has applications in crime fighting, state-based intelligence, and social research, this book provides recent advances in text mining, web crawling, and other algorithms that have led to advances in methods that can largely automate this process. The book is beneficial to both practitioners and academic researchers, with discussions of the latest advances in applications, a coherent set of methods and processes for automating OSINT, and interdisciplinary perspectives on the key problems identified within each discipline. Drawing upon years of practical experience and using numerous examples, editors Robert Layton, Paul Watters, and a distinguished list of contributors discuss Evidence Accumulation Strategies for OSINT, Named Entity Resolution in Social Media, Analyzing Social Media Campaigns for Group Size Estimation, Surveys and qualitative techniques in OSINT, and Geospatial reasoning of open data.

  • Practical Deployment of Cisco Identity Services Engine (ISE)

    Real-World Examples of AAA Deployments
    • 1st Edition
    • Andy Richter + 1 more
    • English
    With the proliferation of mobile devices and bring-your-own-devic... (BYOD) within enterprise networks, the boundaries of where the network begins and ends have been blurred. Cisco Identity Services Engine (ISE) is the leading security policy management platform that unifies and automates access control to proactively enforce role-based access to enterprise networks. In Practical Deployment of Cisco Identity Services Engine (ISE), Andy Richter and Jeremy Wood share their expertise from dozens of real-world implementations of ISE and the methods they have used for optimizing ISE in a wide range of environments. ISE can be difficult, requiring a team of security and network professionals, with the knowledge of many different specialties. Practical Deployment of Cisco Identity Services Engine (ISE) shows you how to deploy ISE with the necessary integration across multiple different technologies required to make ISE work like a system. Andy Richter and Jeremy Wood explain end-to-end how to make the system work in the real world, giving you the benefit of their ISE expertise, as well as all the required ancillary technologies and configurations to make ISE work.

  • Traffic Anomaly Detection

    • 1st Edition
    • Antonio Cuadra-Sánchez + 1 more
    • English
    Traffic Anomaly Detection presents an overview of traffic anomaly detection analysis, allowing you to monitor security aspects of multimedia services. The author's approach is based on the analysis of time aggregation adjacent periods of the traffic. As traffic varies throughout the day, it is essential to consider the concrete traffic period in which the anomaly occurs. This book presents the algorithms proposed specifically for this analysis and an empirical comparative analysis of those methods and settle a new information theory based technique, named "typical day analysis".

  • Becoming a Global Chief Security Executive Officer

    A How to Guide for Next Generation Security Leaders
    • 1st Edition
    • Roland Cloutier
    • English
    Becoming a Global Chief Security Executive Officer provides tangible, proven, and practical approaches to optimizing the security leader’s ability to lead both today’s, and tomorrow’s, multidisciplined security, risk, and privacy function. The need for well-trained and effective executives who focus on business security, risk, and privacy has exponentially increased as the critical underpinnings of today’s businesses rely more and more on their ability to ensure the effective operation and availability of business processes and technology. Cyberattacks, e-crime, intellectual property theft, and operating globally requires sustainable security programs and operations led by executives who cannot only adapt to today’s requirements, but also focus on the future. The book provides foundational and practical methods for creating teams, organizations, services, and operations for today’s—and tomorrow’s—physical and information converged security program, also teaching the principles for alignment to the business, risk management and mitigation strategies, and how to create momentum in business operations protection.

  • You: For Sale

    Protecting Your Personal Data and Privacy Online
    • 1st Edition
    • Stuart Sumner
    • English
    Everything we do online, and increasingly in the real world, is tracked, logged, analyzed, and often packaged and sold on to the highest bidder. Every time you visit a website, use a credit card, drive on the freeway, or go past a CCTV camera, you are logged and tracked. Every day billions of people choose to share their details on social media, which are then sold to advertisers. The Edward Snowden revelations that governments - including those of the US and UK – have been snooping on their citizens, have rocked the world. But nobody seems to realize that this has already been happening for years, with firms such as Google capturing everything you type into a browser and selling it to the highest bidder. Apps take information about where you go, and your contact book details, harvest them and sell them on – and people just click the EULA without caring. No one is revealing the dirty secret that is the tech firms harvesting customers’ personal data and selling it for vast profits – and people are totally unaware of the dangers. You: For Sale is for anyone who is concerned about what corporate and government invasion of privacy means now and down the road. The book sets the scene by spelling out exactly what most users of the Internet and smart phones are exposing themselves to via commonly used sites and apps such as facebook and Google, and then tells you what you can do to protect yourself. The book also covers legal and government issues as well as future trends. With interviews of leading security experts, black market data traders, law enforcement and privacy groups, You: For Sale will help you view your personal data in a new light, and understand both its value, and its danger.

  • Securing Social Media in the Enterprise

    • 1st Edition
    • Henry Dalziel
    • English
    Securing Social Media in the Enterprise is a concise overview of the security threats posed by the use of social media sites and apps in enterprise network environments. Social media sites and apps are now a ubiquitous presence within enterprise systems and networks, and are vulnerable to a wide range of digital systems attacks. This brief volume provides security professionals and network systems administrators a much-needed dive into the most current threats, detection techniques, and defenses for these attacks, and provides a roadmap for best practices to secure and manage social media within the enterprise.

  • Smart Grid Security

    Innovative Solutions for a Modernized Grid
    • 1st Edition
    • Florian Skopik + 1 more
    • English
    The Smart Grid security ecosystem is complex and multi-disciplinary, and relatively under-researched compared to the traditional information and network security disciplines. While the Smart Grid has provided increased efficiencies in monitoring power usage, directing power supplies to serve peak power needs and improving efficiency of power delivery, the Smart Grid has also opened the way for information security breaches and other types of security breaches. Potential threats range from meter manipulation to directed, high-impact attacks on critical infrastructure that could bring down regional or national power grids. It is essential that security measures are put in place to ensure that the Smart Grid does not succumb to these threats and to safeguard this critical infrastructure at all times. Dr. Florian Skopik is one of the leading researchers in Smart Grid security, having organized and led research consortia and panel discussions in this field. Smart Grid Security will provide the first truly holistic view of leading edge Smart Grid security research. This book does not focus on vendor-specific solutions, instead providing a complete presentation of forward-looking research in all areas of Smart Grid security. The book will enable practitioners to learn about upcoming trends, scientists to share new directions in research, and government and industry decision-makers to prepare for major strategic decisions regarding implementation of Smart Grid technology.

  • Infosec Management Fundamentals

    • 1st Edition
    • Henry Dalziel
    • English
    Infosec Management Fundamentals is a concise overview of the Information Security management concepts and techniques, providing a foundational template for both experienced professionals and those new to the industry. This brief volume will also appeal to business executives and managers outside of infosec who want to understand the fundamental concepts of Information Security and how it impacts their business decisions and daily activities.