Books in Security management

Contemporary Security Management

3rd Edition
November 8, 2010
John Fay
English
Hardback
9 7 8 0 1 2 3 8 1 5 4 9 1
eBook
9 7 8 0 1 2 3 8 1 9 5 1 2

Contemporary Security Management, Third Edition teaches security professionals how to operate an efficient security department and how to integrate smoothly with other groups inside and outside their own organizations. Fay demonstrates the specifics of security management: how to organize, plan, develop and manage a security operation. how to identify vulnerabilities. how to determine the protective resources required to offset threats. how to implement all necessary physical and IT security measures. Security professionals share the responsibility for mitigating damage, serving as a resource to an Emergency Tactical Center, assisting the return of business continuity, and liaising with local response agencies such as police and fire departments, emergency medical responders, and emergency warning centers. At the organizational level, the book addresses budgeting, employee performance, counseling, hiring and termination, employee theft and other misconduct, and offers sound advice on building constructive relationships with organizational peers and company management.

Managed Code Rootkits

1st Edition
October 28, 2010
Erez Metula
English
Paperback
9 7 8 1 5 9 7 4 9 5 7 4 5
eBook
9 7 8 1 5 9 7 4 9 5 7 5 2

Managed Code Rootkits is the first book to cover application-level rootkits and other types of malware inside the application VM, which runs a platform-independent programming environment for processes. The book, divided into four parts, points out high-level attacks, which are developed in intermediate language. The initial part of the book offers an overview of managed code rootkits. It explores environment models of managed code and the relationship of managed code to rootkits by studying how they use application VMs. It also discusses attackers of managed code rootkits and various attack scenarios. The second part of the book covers the development of managed code rootkits, starting with the tools used in producing managed code rootkits through their deployment. The next part focuses on countermeasures that can possibly be used against managed code rootkits, including technical solutions, prevention, detection, and response tactics. The book concludes by presenting techniques that are somehow similar to managed code rootkits, which can be used in solving problems.

A Guide to Kernel Exploitation

1st Edition
September 15, 2010
Enrico Perla + 1 more
English
Paperback
9 7 8 1 5 9 7 4 9 4 8 6 1

A Guide to Kernel Exploitation: Attacking the Core discusses the theoretical techniques and approaches needed to develop reliable and effective kernel-level exploits, and applies them to different operating systems, namely, UNIX derivatives, Mac OS X, and Windows. Concepts and tactics are presented categorically so that even when a specifically detailed vulnerability has been patched, the foundational information provided will help hackers in writing a newer, better attack; or help pen testers, auditors, and the like develop a more concrete design and defensive structure.The book is organized into four parts. Part I introduces the kernel and sets out the theoretical basis on which to build the rest of the book. Part II focuses on different operating systems and describes exploits for them that target various bug classes. Part III on remote kernel exploitation analyzes the effects of the remote scenario and presents new techniques to target remote issues. It includes a step-by-step analysis of the development of a reliable, one-shot, remote exploit for a real vulnerabilitya bug affecting the SCTP subsystem found in the Linux kernel. Finally, Part IV wraps up the analysis on kernel exploitation and looks at what the future may hold.

Practical Lock Picking

1st Edition
July 27, 2010
Deviant Ollam
English

Practical Lock Picking: A Physical Penetration Tester’s Training Guide introduces the reader to the basic principles of lock picking. The book combines both easy-to-follow, step-by-step lessons, and tutorials that will help security-conscious people learn how to open most of the locks they may encounter during auditing or assessment work. It covers the fundamentals of pin tumbler and wafer locks; the basics of picking; beginner and advanced training; and quick entry techniques. Whether the student will be hired at some point to penetrate security or simply trying to harden his or her own defenses, this book is essential. This instructional manual focuses on pin tumbler locks, the construction and function of which are illustrated with the aid of several diagrams. Everything from straightforward lock picking to quick-entry techniques like shimming, bumping, and bypassing are explained and shown. Guides and exercises demonstrate the use of basic lock-picking tools in order to manipulate and open these locks. The text also describes the most common "alternative" designs of pin tumbler locks and summarizes the tools and techniques that can be effective against them. It comes with a DVD filled with indispensable lock picking videos and color photos. This book is an ideal reference for penetration testers, security consultants, and IT security professionals as well as hackers.

Metrics and Methods for Security Risk Management

1st Edition
July 8, 2010
Carl Young
English
Paperback
9 7 8 1 8 5 6 1 7 9 7 8 2
eBook
9 7 8 1 8 5 6 1 7 9 7 9 9

Security problems have evolved in the corporate world because of technological changes, such as using the Internet as a means of communication. With this, the creation, transmission, and storage of information may represent security problem. Metrics and Methods for Security Risk Management is of interest, especially since the 9/11 terror attacks, because it addresses the ways to manage risk security in the corporate world. The book aims to provide information about the fundamentals of security risks and the corresponding components, an analytical approach to risk assessments and mitigation, and quantitative methods to assess the risk components. In addition, it also discusses the physical models, principles, and quantitative methods needed to assess the risk components. The by-products of the methodology used include security standards, audits, risk metrics, and program frameworks. Security professionals, as well as scientists and engineers who are working on technical issues related to security problems will find this book relevant and useful.

Seven Deadliest Unified Communications Attacks

1st Edition
April 22, 2010
Dan York
English
Paperback
9 7 8 1 5 9 7 4 9 5 4 7 9
eBook
9 7 8 1 5 9 7 4 9 5 4 8 6

Seven Deadliest Unified Communications Attacks provides a comprehensive coverage of the seven most dangerous hacks and exploits specific to Unified Communications (UC) and lays out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The book describes the intersection of the various communication technologies that make up UC, including Voice over IP (VoIP), instant message (IM), and other collaboration technologies. There are seven chapters that focus on the following: attacks against the UC ecosystem and UC endpoints; eavesdropping and modification attacks; control channel attacks; attacks on Session Initiation Protocol (SIP) trunks and public switched telephone network (PSTN) interconnection; attacks on identity; and attacks against distributed systems. Each chapter begins with an introduction to the threat along with some examples of the problem. This is followed by discussions of the anatomy, dangers, and future outlook of the threat as well as specific strategies on how to defend systems against the threat. The discussions of each threat are also organized around the themes of confidentiality, integrity, and availability. This book will be of interest to information security professionals of all levels as well as recreational hackers.

Seven Deadliest USB Attacks

1st Edition
April 22, 2010
Brian Anderson + 1 more
English
eBook
9 7 8 1 5 9 7 4 9 5 5 4 7

Seven Deadliest USB Attacks provides a comprehensive view of the most serious types of Universal Serial Bus (USB) attacks. While the book focuses on Windows systems, Mac, Linux, and UNIX systems are equally susceptible to similar attacks. If you need to keep up with the latest hacks, attacks, and exploits effecting USB technology, then this book is for you. This book pinpoints the most dangerous hacks and exploits specific to USB, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The attacks outlined in this book are intended for individuals with moderate Microsoft Windows proficiency. The book provides the tools, tricks, and detailed instructions necessary to reconstruct and mitigate these activities while peering into the risks and future aspects surrounding the respective technologies. There are seven chapters that cover the following: USB Hacksaw; the USB Switchblade; viruses and malicious codes; USB-based heap overflow; the evolution of forensics in computer security; pod slurping; and the human element of security, including the risks, rewards, and controversy surrounding social-engineering engagements. This book was written to target a vast audience including students, technical staff, business leaders, or anyone seeking to understand fully the removable-media risk for Windows systems. It will be a valuable resource for information security professionals of all levels, as well as web application developers and recreational hackers.

Seven Deadliest Network Attacks

1st Edition
April 15, 2010
Stacy Prowell + 2 more
English
Paperback
9 7 8 1 5 9 7 4 9 5 4 9 3
eBook
9 7 8 1 5 9 7 4 9 5 5 0 9

Seven Deadliest Network Attacks identifies seven classes of network attacks and discusses how the attack works, including tools to accomplish the attack, the risks of the attack, and how to defend against the attack. This book pinpoints the most dangerous hacks and exploits specific to networks, laying out the anatomy of these attacks including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. The book consists of seven chapters that deal with the following attacks: denial of service; war dialing; penetration testing; protocol tunneling; spanning tree attacks; man-in-the-middle; and password replay. These attacks are not mutually exclusive and were chosen because they help illustrate different aspects of network security. The principles on which they rely are unlikely to vanish any time soon, and they allow for the possibility of gaining something of interest to the attacker, from money to high-value data. This book is intended to provide practical, usable information. However, the world of network security is evolving very rapidly, and the attack that works today may (hopefully) not work tomorrow. It is more important, then, to understand the principles on which the attacks and exploits are based in order to properly plan either a network attack or a network defense. Seven Deadliest Network Attacks will appeal to information security professionals of all levels, network admins, and recreational hackers.

Seven Deadliest Wireless Technologies Attacks

1st Edition
March 13, 2010
Brad Haines
English
Paperback
9 7 8 1 5 9 7 4 9 5 4 1 7
eBook
9 7 8 1 5 9 7 4 9 5 4 2 4

Seven Deadliest Wireless Technologies Attacks provides a comprehensive view of the seven different attacks against popular wireless protocols and systems. This book pinpoints the most dangerous hacks and exploits specific to wireless technologies, laying out the anatomy of these attacks, including how to make your system more secure. You will discover the best ways to defend against these vicious hacks with step-by-step instruction and learn techniques to make your computer and network impenetrable. Each chapter includes an example real attack scenario, an analysis of the attack, and methods for mitigating the attack. Common themes will emerge throughout the book, but each wireless technology has its own unique quirks that make it useful to attackers in different ways, making understanding all of them important to overall security as rarely is just one wireless technology in use at a home or office. The book contains seven chapters that cover the following: infrastructure attacks, client attacks, Bluetooth attacks, RFID attacks; and attacks on analog wireless devices, cell phones, PDAs, and other hybrid devices. A chapter deals with the problem of bad encryption. It demonstrates how something that was supposed to protect communications can end up providing less security than advertised. This book is intended for information security professionals of all levels, as well as wireless device developers and recreational hackers.

The Professional Protection Officer

1st Edition
March 9, 2010
IFPO
Sandi J. Davies
English
Paperback
9 7 8 1 8 5 6 1 7 7 4 6 7

The Professional Protection Officer: Security Strategies, Tactics and Trends, Second Edition, is the definitive reference and instructional text for career oriented security officers in both the private and public sectors. The first edition originated with the birth of the International Foundation for Protection Officers (IFPO) in 1988, which has been using the book as the official text since that time. Each subsequent edition has brought new and enlightened information to the protection professional. The material in this new edition includes all of the subjects essential to training of protection professionals, and has been updated to reflect new strategies, tactics, and trends in this dynamic field.Written by leading security educators, trainers and consultants, this valuable resource has served as the definitive text for both students and professionals worldwide. This new edition adds critical updates and fresh pedagogy, as well as new diagrams, illustrations, and self assessments. The Professional Protection Officer: Security Strategies, Tactics and Trends is tailored to the training and certification needs of today’s protection professionals and proves to be the most exciting and progressive edition yet.

Life Sciences

Physical Sciences & Engineering

Social Sciences & Humanities

Health