وبلاگ بلیان

Security in Computing, 6th Edition (Final)

معرفی کتاب «Security in Computing, 6th Edition (Final)» نوشتهٔ Charles P. Pfleeger، Shari Lawrence Pfleeger و Lizzie Coles-Kemp، منتشرشده توسط نشر Addison-Wesley Professional در سال 2023. این کتاب در 20 صفحه، فرمت epub، زبان انگلیسی ارائه شده است. «Security in Computing, 6th Edition (Final)» در دستهٔ برنامه‌نویسی قرار دارد.

The New State of the Art in Information Security: From Cloud to Crypto, AI-Driven Security to Post-Quantum Computing. Now extensively updated throughout, Security in Computing, Sixth Edition, is today's one-stop, primary text for everyone teaching, learning, and practicing information cybersecurity. It defines core principles associated with modern security policies, processes, and protection; illustrates them with up-to-date sidebars and examples; and shows how to apply them in practice. Modular and flexibly organized, it supports a wide array of courses, strengthens professionals' knowledge of foundational principles; and imparts a more expansive understanding of modern security. This edition adds or expands coverage of artificial intelligence and machine learning tools; app and browser security; security by design; securing cloud, IoT, and embedded systems; privacy-enhancing technologies; protecting vulnerable individuals and groups; strengthening security culture; cryptocurrencies and blockchain; offensive cyberwarfare; post-quantum computing; and more. It contains many new diagrams, exercises, sidebars, and examples, and is mapped to two leading frameworks: the US NIST National Initiative for Cybersecurity Education (NICE) and the UK Cyber Body of Knowledge (CyBOK). Because programmers make mistakes of many kinds, we can never be sure all programs are without flaws. We know of many practices that can be used during software development to lead to high assurance of correctness. This chapter surveys programs and programming: errors programmers make and vulnerabilities attackers exploit. These failings can have serious consequences, as reported almost daily in the news. However, there are techniques to mitigate these shortcomings. In this section we presented several characteristics of good, secure software. Of course, a programmer can write secure code that has none of these characteristics, and faulty software can exhibit all of them. These qualities are not magic; they cannot turn bad code into good. Rather, they are properties that many examples of good code reflect and practices that good code developers use; the properties are not a cause of good code but are paradigms that tend to go along with it. Following these principles affects the mindset of a designer or developer, encouraging a focus on quality and security; this attention is ultimately good for the resulting product and for its users. Cryptography is a specialized topic that depends on several areas of mathematics and theoretical computer science, including number theory, finite field algebra, computational complexity, and logic. After reading this overview, you would need to develop a significant background to study cryptography in depth. And we caution you strongly against studying a little cryptography and concluding that you can design your own secure cryptosystem. The field of cryptography is littered with failed approaches designed even by experts, so nonexperts are well advised to “leave the driving to the professionals.” Remember from Chapter 2 that cryptanalysis is the act of studying a cryptographic algorithm, its implementation, plaintext, ciphertext, and any other available information to try to break the protection of encryption. A cryptanalyst’s chore is to break an encryption. That is, the cryptanalyst attempts to deduce the original meaning of a ciphertext message. Better yet, the cryptanalyst hopes to determine which decrypting algorithm, and ideally which key, match the encrypting algorithm to be able to break other messages encoded in the same way. Core security concepts: Assets, threats, vulnerabilities, controls, confidentiality, integrity, availability, attackers, and attack types The security practitioner's toolbox: Identification, authentication, access control, and encryption Areas of practice: Securing programs, userinternet interaction, operating systems, networks, data, databases, and cloud computing Cross-cutting disciplines: Privacy, management, law, and ethics Using cryptography: Solve real problems, and explore its formal and mathematical underpinnings Emerging topics and risks: AI and adaptive cybersecurity, blockchains and cryptocurrencies, computer-assisted offensive warfare, and quantum computing Cover Page About This eBook Halftitle Page Title Page Copyright Page Pearson’s Commitment to Diversity, Equity, and Inclusion Contents Foreword Citations Preface Why Read This Book? Uses and Users of this Book Organization of This Book How to Read This Book What Is New in This Edition Acknowledgments About the Authors 1. Introduction 1.1 What Is Computer Security? 1.2 Threats 1.3 Harm 1.4 Vulnerabilities 1.5 Controls 1.6 Conclusion 1.7 What’s Next? 1.8 Exercises 2. Toolbox: Authentication, Access Control, and Cryptography 2.1 Authentication 2.2 Access Control 2.3 Cryptography 2.4 Conclusion 2.5 Exercises 3. Programs and Programming 3.1 Unintentional (Nonmalicious) Programming Oversights 3.2 Malicious Code—Malware 3.3 Countermeasures 3.4 Conclusion 3.5 Exercises 4. The Internet—User Side 4.1 Browser Attacks 4.2 Attacks Targeting Users 4.3 Obtaining User or Website Data 4.4 Mobile Apps 4.5 Email and Message Attacks 4.6 Conclusion 4.7 Exercises 5. Operating Systems 5.1 Security in Operating Systems 5.2 Security in the Design of Operating Systems 5.3 Rootkits 5.4 Conclusion 5.5 Exercises 6. Networks 6.1 Network Concepts Part I—War on Networks: Network Security Attacks 6.2 Threats to Network Communications 6.3 Wireless Network Security 6.4 Denial of Service 6.5 Distributed Denial of Service Part II—Strategic Defenses: Security Countermeasures 6.6 Cryptography in Network Security 6.7 Firewalls 6.8 Intrusion Detection and Prevention Systems 6.9 Network Management 6.10 Conclusion 6.11 Exercises 7. Data and Databases 7.1 Introduction to Databases 7.2 Security Requirements of Databases 7.3 Reliability and Integrity 7.4 Database Disclosure 7.5 Data Mining and Big Data 7.6 Conclusion 7.7 Exercises 8. New Territory 8.1 Introduction 8.2 Cloud Architectures and Their Security 8.3 IoT and Embedded Devices 8.4 Cloud, IoT, and Embedded Devices—The Smart Home 8.5 Smart Cities, IoT, Embedded Devices, and Cloud 8.6 Cloud, IoT, and Critical Services 8.7 Conclusion 8.8 Exercises 9. Privacy 9.1 Privacy Concepts 9.2 Privacy Principles and Policies 9.3 Authentication and Privacy 9.4 Data Mining 9.5 Privacy on the Internet 9.6 Email and Message Security 9.7 Privacy Impacts of Newer Technologies 9.8 Conclusion 9.9 Exercises 10. Management and Incidents 10.1 Security Planning 10.2 Business Continuity Planning 10.3 Handling Incidents 10.4 Risk Analysis 10.5 Physical Threats to Systems 10.6 New Frontiers in Security Management 10.7 Conclusion 10.8 Exercises 11. Legal Issues and Ethics 11.1 Protecting Programs and Data 11.2 Information and the Law 11.3 Rights of Employees and Employers 11.4 Redress for Software Failures 11.5 Computer Crime 11.6 Ethical Issues in Computer Security 11.7 An Ethical Dive into Artificial Intelligence 11.8 Incident Analyses with Ethics 11.9 Conclusion 11.10 Exercises 12. Details of Cryptography 12.1 Cryptology 12.2 Symmetric Encryption Algorithms 12.3 Asymmetric Encryption 12.4 Message Digests 12.5 Digital Signatures 12.6 Quantum Key Distribution 12.7 Conclusion 13. Emerging Topics 13.1 AI and Cybersecurity 13.2 Blockchains and Cryptocurrencies 13.3 Offensive Cyber and Cyberwarfare 13.4 Quantum Computing and Computer Security 13.5 Conclusion Bibliography Index Code Snippets The Art of Computer and Information Security: From Apps and Networks to Cloud and Crypto Security in Computing, Sixth Edition, is today's essential text for anyone teaching, learning, and practicing cybersecurity. It defines core principles underlying modern security policies, processes, and protection; illustrates them with up-to-date examples; and shows how to apply them in practice. Modular and flexibly organized, this book supports a wide array of courses, strengthens professionals' knowledge of foundational principles, and imparts a more expansive understanding of modern security. This extensively updated edition adds or expands coverage of artificial intelligence and machine learning tools; app and browser security; security by design; securing cloud, IoT, and embedded systems; privacy-enhancing technologies; protecting vulnerable individuals and groups; strengthening security culture; cryptocurrencies and blockchain; cyberwarfare; post-quantum computing; and more. It contains many new diagrams, exercises, sidebars, and examples, and is suitable for use with two leading frameworks: the US NIST National Initiative for Cybersecurity Education (NICE) and the UK Cyber Security Body of Knowledge (CyBOK). Core security concepts: Assets, threats, vulnerabilities, controls, confidentiality, integrity, availability, attackers, and attack types The security practitioner's toolbox: Identification and authentication, access control, and cryptography Areas of practice: Securing programs, user–internet interaction, operating systems, networks, data, databases, and cloud computing Cross-cutting disciplines: Privacy, management, law, and ethics Using cryptography: Formal and mathematical underpinnings, and applications of cryptography Emerging topics and risks: AI and adaptive cybersecurity, blockchains and cryptocurrencies, cyberwarfare, and quantum computing Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.
دانلود کتاب Security in Computing, 6th Edition (Final)