Computer and information security handbook, second edition

The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more. Chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertiseComprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpointsPresents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions.;Title page -- Table of Contents -- Copyright -- Dedication -- Foreword -- Preface -- Organization of this Book -- Supplemental Materials -- Acknowledgments -- About the Editor -- Contributors -- Part I: Overview of System and Network Security: A Comprehensive Introduction -- Chapter 1. Building a Secure Organization -- 1 Obstacles to Security -- 2 Computers are Powerful and Complex -- 3 Current Trend is to Share, Not Protect -- 4 Security isn't about Hardware and Software -- 5 Ten Steps to Building a Secure Organization -- 6 Preparing for the Building of Security Control Assessments. Title page -- Table of Contents -- Copyright -- Dedication -- Foreword -- Preface -- Organization of this Book -- Supplemental Materials -- Acknowledgments -- About the Editor -- Contributors -- Part I: Overview of System and Network Security: A Comprehensive Introduction -- Chapter 1. Building a Secure Organization -- 1 Obstacles to Security -- 2 Computers are Powerful and Complex -- 3 Current Trend is to Share, Not Protect -- 4 Security isn't about Hardware and Software -- 5 Ten Steps to Building a Secure Organization -- 6 Preparing for the Building of Security Control Assessments. 7 Summary -- Chapter Review Questions/Exercises -- Exercise -- Chapter 2. A Cryptography Primer -- 1 What is Cryptography? What is Encryption? -- 2 Famous Cryptographic Devices -- 3 Ciphers -- 4 Modern Cryptography -- 5 The Computer Age -- 6 How AES Works -- 7 Selecting Cryptography: the Process -- 8 Summary -- Chapter Review Questions/Exercises -- Multiple Choice -- Exercise -- Chapter 3. Detecting System Intrusions -- 1 Introduction -- 2 Monitoring Key Files in the System -- 3 Security Objectives -- 4 0day Attacks -- 5 Good Known State -- 6 Rootkits -- 7 Low Hanging Fruit. 8 Antivirus Software -- 9 Homegrown Intrusion Detection -- 10 Full-Packet Capture Devices -- 11 Out-of-Band Attack Vectors -- 12 Security Awareness Training -- 13 Data Correlation -- 14 SIEM -- 15 Other Weird Stuff on the System -- 16 Detection -- 17 Network-Based Detection of System Intrusions (DSIs) -- 18 Summary -- Chapter Review Questions/Exercises -- Exercise -- References -- Chapter 4. Preventing System Intrusions -- 1 So, What is an Intrusion? -- 2 Sobering Numbers -- 3 Know Your Enemy: Hackers versus Crackers -- 4 Motives -- 5 The Crackers' Tools of the Trade -- 6 Bots. 7 Symptoms of Intrusions -- 8 What Can You Do? -- 9 Security Policies -- 10 Risk Analysis -- 11 Tools of Your Trade -- 12 Controlling User Access -- 13 Intrusion Prevention Capabilities -- 14 Summary -- Chapter Review Questions/Exercises -- Exercise -- Chapter 5. Guarding Against Network Intrusions -- 1 Traditional Reconnaissance and Attacks -- 2 Malicious Software -- 3 Defense in Depth -- 4 Preventive Measures -- 5 Intrusion Monitoring and Detection -- 6 Reactive Measures -- 7 Network-Based Intrusion Protection -- 8 Summary -- Chapter Review Questions/Exercises -- Exercise. Chapter 6. Securing Cloud Computing Systems -- 1 Cloud Computing Essentials: Examining the Cloud Layers -- 2 Software as a Service (SaaS): Managing Risks in the Cloud -- 3 Platform as a Service (PaaS): Securing the Platform -- 4 Infrastructure as a Service (IaaS) -- 5 Leveraging Provider-Specific Security Options -- 6 Achieving Security in a Private Cloud -- 7 Meeting Compliance Requirements -- 8 Preparing for Disaster Recovery -- 9 Summary -- Chapter Review Questions/Exercises -- Exercise -- References -- Chapter 7. Fault Tolerance and Resilience in Cloud Computing Environments -- 1 Introduction. The second edition of this comprehensive handbook of computer and information security serves as a professional reference and practitioner's guide providing the most complete view computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advancements. It explores practical solutions to a wide range of security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into ten parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security; information management; cyber warfare and security; encryption technology; privacy; data storage; physical security; and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more. Chapters contributed by leaders in the field cover theory and practice of computer security technology, allowing the reader to develop a new level of technical expertise. Comprehensive and up-to-date coverage of security issues facilitates learning and allows the reader to remain current and fully informed from multiple viewpoints. Analysis and problem-solving techniques enhance the reader's grasp of the material and ability to implement practical solutions

The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors’ respective areas of expertise.

The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more.

• Chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertise
• Comprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpoints
• Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions

The second edition of this comprehensive handbook of computer and information security provides the most complete view of computer security and privacy available. It offers in-depth coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues. Individual chapters are authored by leading experts in the field and address the immediate and long-term challenges in the authors' respective areas of expertise. The book is organized into 10 parts comprised of 70 contributed chapters by leading experts in the areas of networking and systems security, information management, cyber warfare and security, encryption technology, privacy, data storage, physical security, and a host of advanced security topics. New to this edition are chapters on intrusion detection, securing the cloud, securing web apps, ethical hacking, cyber forensics, physical security, disaster recovery, cyber attack deterrence, and more. Chapters by leaders in the field on theory and practice of computer and information security technology, allowing the reader to develop a new level of technical expertise Comprehensive and up-to-date coverage of security issues allows the reader to remain current and fully informed from multiple viewpoints Presents methods of analysis and problem-solving techniques, enhancing the reader's grasp of the material and ability to implement practical solutions Provides a complete overview of computer security and privacy. This book offers coverage of security theory, technology, and practice as they relate to established technologies as well as recent advances. It explores practical solutions to many security issues.