Fully updated computer security essentials-mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. This thoroughly revised, full-color textbook covers how to secure hardware, systems, and software. It addresses new threats and cloud environments, and provides additional coverage of governance, risk, compliance, and much more. Written by a team of highly respected security educators, Principles of…mehr
Fully updated computer security essentials-mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. This thoroughly revised, full-color textbook covers how to secure hardware, systems, and software. It addresses new threats and cloud environments, and provides additional coverage of governance, risk, compliance, and much more. Written by a team of highly respected security educators, Principles of Computer Security: CompTIA Security+(TM) and Beyond, Sixth Edition (Exam SY0-601) will help you become a CompTIA-certified computer security expert while also preparing you for a successful career. Find out how to: * Ensure operational, organizational, and physical security * Use cryptography and public key infrastructures (PKIs) * Secure remote access, wireless networks, and virtual private networks (VPNs) * Authenticate users and lock down mobile devices * Harden network devices, operating systems, and applications * Prevent network attacks, such as denial of service, spoofing, hijacking, and password guessing * Combat viruses, worms, Trojan horses, and rootkits * Manage e-mail, instant messaging, and web security * Explore secure software development requirements * Implement disaster recovery and business continuity measures * Handle computer forensics and incident response * Understand legal, ethical, and privacy issues Online content features: * Test engine that provides full-length practice exams and customized quizzes by chapter or exam objective Each chapter includes: * Learning objectives * Real-world examples * Try This! and Cross Check exercises * Tech Tips, Notes, and Warnings * Exam Tips * End-of-chapter quizzes and lab projects Note: the answers to the end of chapter sections are not printed in the book and are only available to adopting instructors. See your McGraw Hill sales representative for more information.Hinweis: Dieser Artikel kann nur an eine deutsche Lieferadresse ausgeliefert werden.
Wm. Arthur Conklin (Houston, TX), Security+, CISSP, is an Assistant Professor in the Information and Logistics Technology department at the University of Houston. In addition to his PhD, Mr. Conklin has a MBA from UTSA, and two graduate degrees in Electrical Engineering from the Naval Postgraduate School in Monterey, California. Dr. Conklin's interests are information security, systems theory, and secure software design.
Inhaltsangabe
Foreword Preface Introduction Instructor Website Chapter 1 Introduction and Security Trends The Computer Security Problem Threats to Security Attributes of Actors Security Trends Targets and Attacks Approaches to Computer Security Ethics Additional References Chapter 1 Review Chapter 2 General Security Concepts Basic Security Terminology Formal Security Models Additional References Chapter 2 Review Chapter 3 Operational and Organizational Security Policies, Procedures, Standards, and Guidelines Organizational Policies Security Policies Human Resources Policies Security Awareness and Training Standard Operating Procedures Third-Party Risk Management Interoperability Agreements Chapter 3 Review Chapter 4 The Role of People in Security People-A Security Problem Tools Attacks Poor Security Practices People as a Security Tool Chapter 4 Review Chapter 5 Cryptography Cryptography in Practice Cryptographic Objectives Historical Perspectives Hashing Functions Symmetric Encryption Asymmetric Encryption Quantum Cryptography Post-Quantum Lightweight Cryptography Homomorphic Encryption For More Information Chapter 5 Review Chapter 6 Applied Cryptography Cryptography Use Cipher Suites S/MIME PGP Steganography Secure Protocols Secure Protocol Use Cases Cryptographic Attacks Other Standards Chapter 6 Review Chapter 7 Public Key Infrastructure The Basics of Public Key Infrastructures Certificate Authorities Trust Models Digital Certificates Certificate Lifecycles Certificate Repositories Centralized and Decentralized Infrastructures Certificate-Based Threats PKIX and PKCS ISAKMP CMP XKMS CEP Chapter 7 Review Chapter 8 Physical Security The Security Problem Physical Security Safeguards Environmental Controls Fire Suppression Electromagnetic Environment Power Protection Drones/UAVs Chapter 8 Review Chapter 9 Network Fundamentals Network Architectures Network Topology Segregation/Segmentation/Isolation Security Zones Network Protocols Internet Protocol IPv4 vs. IPv6 Packet Delivery Inter-Networking MPLS Software-Defined Networking (SDN) Quality of Service (QoS) Traffic Engineering Route Security For More Information Chapter 9 Review Chapter 10 Infrastructure Security Devices Virtualization Networking Security Devices Security Device/Technology Placement Tunneling/VPN Storage Area Networks Media Removable Media Security Concerns for Transmission Media Physical Security Concerns Chapter 10 Review Chapter 11 Authentication and Remote Access User, Group, and Role Management Account Policies Authorization Identity Authentication Methods Biometric Factors Biometric Efficacy Rates Multifactor Authentication Remote Access Preventing Data Loss or Theft Database Security Cloud vs. On-premises Requirements Connection Summary For More Information Chapter 11 Review Chapter 12 Wireless Security and Mobile Devices Connection Methods and Receivers Wireless Protocols Wireless Systems Configuration Wireless Attacks Mobile Device Management Concepts Mobile Application Security Mobile Devices Policies for Enforcement and Monitoring Deployment Models Chapter 12 Review Chapter 13 Intrusion Detection Systems and Network Security History of Intrusion Detection Systems IDS Overview Network-Based IDSs Host-Based IDSs Intrusion Prevention Systems Network Security Monitoring Deception and Disruption Technologies Analytics SIEM DLP Tools Indicators of Compromise For More Information Chapter 13 Review Chapter 14 System Hardening and Baselines Overview of Baselines Hardware/Firmware Security Operating System and Network Operating System Hardening Secure Baseline Endpoint Protection Network Hardening Application Hardening Data-Based Security Controls Environment Automation/Scripting Alternative Environments Industry-Standard Frameworks and Reference Architectures Benchmarks/Secure Configuration Guides For More Information Chapter 14 Review Chapter 15 Types of Attacks and Malicious Software Avenues of Attack Malicious Code Malware Attacking Computer Systems and Networks Advanced Persistent Threat Password Attacks Chapter 15 Review Chapter 16 Security Tools and Techniques Network Reconnaissance and Discovery Tools File Manipulation Tools Shell and Script Environments Packet Capture and Replay Tools Forensic Tools Tool Suites Penetration Testing Vulnerability Testing Auditing Vulnerabilities Chapter 16 Review Chapter 17 Web Components, E-mail, and Instant Messaging Current Web Components and Concerns Web Protocols Code-Based Vulnerabilities Application-Based Weaknesses How E-mail Works Security of E-mail Mail Gateway Mail Encryption Instant Messaging Chapter 17 Review Chapter 18 Cloud Computing Cloud Computing Cloud Types Cloud Service Providers Cloud Security Controls Security as a Service Cloud Security Solutions Virtualization VDI/VDE Fog Computing Edge Computing Thin Client Containers Microservices/API Serverless Architecture Chapter 18 Review Chapter 19 Secure Software Development The Software Engineering Process Secure Coding Concepts Application Attacks Application Hardening Code Quality and Testing Compiled Code vs. Runtime Code Software Diversity Secure DevOps Elasticity Scalability Version Control and Change Management Provisioning and Deprovisioning Integrity Measurement For More Information Chapter 19 Review Chapter 20 Risk Management An Overview of Risk Management Risk Management Vocabulary What Is Risk Management? Security Controls Business Risks Third-party Risks Risk Mitigation Strategies Risk Management Models Risk Assessment Qualitatively Assessing Risk Quantitatively Assessing Risk Qualitative vs. Quantitative Risk Assessment Tools Risk Management Best Practices Additional References Chapter 20 Review Chapter 21 Business Continuity, Disaster Recovery, and Change Management Business Continuity Continuity of Operations Planning (COOP) Disaster Recovery Why Change Management? The Key Concept: Separation of Duties Elements of Change Management Implementing Change Management The Purpose of a Change Control Board The Capability Maturity Model Integration Environment Secure Baseline Sandboxing Integrity Measurement Chapter 21 Review Chapter 22 Incident Response Foundations of Incident Response Attack Frameworks Threat Intelligence Incident Response Process Exercises Stakeholder Management Communication Plan Data Sources Log Files Data Collection Models Standards and Best Practices For More Information Chapter 22 Review Chapter 23 Computer Forensics Evidence Chain of Custody Forensic Process Message Digest and Hash Analysis Host Forensics Device Forensics Network Forensics Legal Hold Chapter 23 Review Chapter 24 Legal Issues and Ethics Cybercrime Ethics Chapter 24 Review Chapter 25 Privacy Data Handling Organizational Consequences of Privacy Breaches Data Sensitivity Labeling and Handling Data Roles Data Destruction and Media Sanitization U.S. Privacy Laws International Privacy Laws Privacy-Enhancing Technologies Privacy Policies Privacy Impact Assessment Web Privacy Issues Privacy in Practice For More Information Chapter 25 Review Appendix A CompTIA Security+ Exam Objectives: SY0-601 Appendix B About the Online Content System Requirements Your Total Seminars Training Hub Account Single User License Terms and Conditions TotalTester Online Technical Support Glossary Index
Foreword Preface Introduction Instructor Website Chapter 1 Introduction and Security Trends The Computer Security Problem Threats to Security Attributes of Actors Security Trends Targets and Attacks Approaches to Computer Security Ethics Additional References Chapter 1 Review Chapter 2 General Security Concepts Basic Security Terminology Formal Security Models Additional References Chapter 2 Review Chapter 3 Operational and Organizational Security Policies, Procedures, Standards, and Guidelines Organizational Policies Security Policies Human Resources Policies Security Awareness and Training Standard Operating Procedures Third-Party Risk Management Interoperability Agreements Chapter 3 Review Chapter 4 The Role of People in Security People-A Security Problem Tools Attacks Poor Security Practices People as a Security Tool Chapter 4 Review Chapter 5 Cryptography Cryptography in Practice Cryptographic Objectives Historical Perspectives Hashing Functions Symmetric Encryption Asymmetric Encryption Quantum Cryptography Post-Quantum Lightweight Cryptography Homomorphic Encryption For More Information Chapter 5 Review Chapter 6 Applied Cryptography Cryptography Use Cipher Suites S/MIME PGP Steganography Secure Protocols Secure Protocol Use Cases Cryptographic Attacks Other Standards Chapter 6 Review Chapter 7 Public Key Infrastructure The Basics of Public Key Infrastructures Certificate Authorities Trust Models Digital Certificates Certificate Lifecycles Certificate Repositories Centralized and Decentralized Infrastructures Certificate-Based Threats PKIX and PKCS ISAKMP CMP XKMS CEP Chapter 7 Review Chapter 8 Physical Security The Security Problem Physical Security Safeguards Environmental Controls Fire Suppression Electromagnetic Environment Power Protection Drones/UAVs Chapter 8 Review Chapter 9 Network Fundamentals Network Architectures Network Topology Segregation/Segmentation/Isolation Security Zones Network Protocols Internet Protocol IPv4 vs. IPv6 Packet Delivery Inter-Networking MPLS Software-Defined Networking (SDN) Quality of Service (QoS) Traffic Engineering Route Security For More Information Chapter 9 Review Chapter 10 Infrastructure Security Devices Virtualization Networking Security Devices Security Device/Technology Placement Tunneling/VPN Storage Area Networks Media Removable Media Security Concerns for Transmission Media Physical Security Concerns Chapter 10 Review Chapter 11 Authentication and Remote Access User, Group, and Role Management Account Policies Authorization Identity Authentication Methods Biometric Factors Biometric Efficacy Rates Multifactor Authentication Remote Access Preventing Data Loss or Theft Database Security Cloud vs. On-premises Requirements Connection Summary For More Information Chapter 11 Review Chapter 12 Wireless Security and Mobile Devices Connection Methods and Receivers Wireless Protocols Wireless Systems Configuration Wireless Attacks Mobile Device Management Concepts Mobile Application Security Mobile Devices Policies for Enforcement and Monitoring Deployment Models Chapter 12 Review Chapter 13 Intrusion Detection Systems and Network Security History of Intrusion Detection Systems IDS Overview Network-Based IDSs Host-Based IDSs Intrusion Prevention Systems Network Security Monitoring Deception and Disruption Technologies Analytics SIEM DLP Tools Indicators of Compromise For More Information Chapter 13 Review Chapter 14 System Hardening and Baselines Overview of Baselines Hardware/Firmware Security Operating System and Network Operating System Hardening Secure Baseline Endpoint Protection Network Hardening Application Hardening Data-Based Security Controls Environment Automation/Scripting Alternative Environments Industry-Standard Frameworks and Reference Architectures Benchmarks/Secure Configuration Guides For More Information Chapter 14 Review Chapter 15 Types of Attacks and Malicious Software Avenues of Attack Malicious Code Malware Attacking Computer Systems and Networks Advanced Persistent Threat Password Attacks Chapter 15 Review Chapter 16 Security Tools and Techniques Network Reconnaissance and Discovery Tools File Manipulation Tools Shell and Script Environments Packet Capture and Replay Tools Forensic Tools Tool Suites Penetration Testing Vulnerability Testing Auditing Vulnerabilities Chapter 16 Review Chapter 17 Web Components, E-mail, and Instant Messaging Current Web Components and Concerns Web Protocols Code-Based Vulnerabilities Application-Based Weaknesses How E-mail Works Security of E-mail Mail Gateway Mail Encryption Instant Messaging Chapter 17 Review Chapter 18 Cloud Computing Cloud Computing Cloud Types Cloud Service Providers Cloud Security Controls Security as a Service Cloud Security Solutions Virtualization VDI/VDE Fog Computing Edge Computing Thin Client Containers Microservices/API Serverless Architecture Chapter 18 Review Chapter 19 Secure Software Development The Software Engineering Process Secure Coding Concepts Application Attacks Application Hardening Code Quality and Testing Compiled Code vs. Runtime Code Software Diversity Secure DevOps Elasticity Scalability Version Control and Change Management Provisioning and Deprovisioning Integrity Measurement For More Information Chapter 19 Review Chapter 20 Risk Management An Overview of Risk Management Risk Management Vocabulary What Is Risk Management? Security Controls Business Risks Third-party Risks Risk Mitigation Strategies Risk Management Models Risk Assessment Qualitatively Assessing Risk Quantitatively Assessing Risk Qualitative vs. Quantitative Risk Assessment Tools Risk Management Best Practices Additional References Chapter 20 Review Chapter 21 Business Continuity, Disaster Recovery, and Change Management Business Continuity Continuity of Operations Planning (COOP) Disaster Recovery Why Change Management? The Key Concept: Separation of Duties Elements of Change Management Implementing Change Management The Purpose of a Change Control Board The Capability Maturity Model Integration Environment Secure Baseline Sandboxing Integrity Measurement Chapter 21 Review Chapter 22 Incident Response Foundations of Incident Response Attack Frameworks Threat Intelligence Incident Response Process Exercises Stakeholder Management Communication Plan Data Sources Log Files Data Collection Models Standards and Best Practices For More Information Chapter 22 Review Chapter 23 Computer Forensics Evidence Chain of Custody Forensic Process Message Digest and Hash Analysis Host Forensics Device Forensics Network Forensics Legal Hold Chapter 23 Review Chapter 24 Legal Issues and Ethics Cybercrime Ethics Chapter 24 Review Chapter 25 Privacy Data Handling Organizational Consequences of Privacy Breaches Data Sensitivity Labeling and Handling Data Roles Data Destruction and Media Sanitization U.S. Privacy Laws International Privacy Laws Privacy-Enhancing Technologies Privacy Policies Privacy Impact Assessment Web Privacy Issues Privacy in Practice For More Information Chapter 25 Review Appendix A CompTIA Security+ Exam Objectives: SY0-601 Appendix B About the Online Content System Requirements Your Total Seminars Training Hub Account Single User License Terms and Conditions TotalTester Online Technical Support Glossary Index
Es gelten unsere Allgemeinen Geschäftsbedingungen: www.buecher.de/agb
Impressum
www.buecher.de ist ein Internetauftritt der buecher.de internetstores GmbH
Geschäftsführung: Monica Sawhney | Roland Kölbl | Günter Hilger
Sitz der Gesellschaft: Batheyer Straße 115 - 117, 58099 Hagen
Postanschrift: Bürgermeister-Wegele-Str. 12, 86167 Augsburg
Amtsgericht Hagen HRB 13257
Steuernummer: 321/5800/1497
USt-IdNr: DE450055826
