Cargando…

Principles of computer security : CompTIA Security+ and beyond, (exam SY0-501) /

Fully updated computer security essentials-mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. T...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autores principales: Conklin, Wm. Arthur (William Arthur) (Autor), White, Gregory B. (Autor), Cothren, Chuck (Autor), Davis, Roger (Security expert) (Autor), Williams, Dwayne (Autor)
Formato: Electrónico eBook
Idioma:Indeterminado
Publicado: New York : McGraw-Hill, 2021.
Edición:Sixth edition.
Temas:
Acceso en línea:Texto completo (Requiere registro previo con correo institucional)
Tabla de Contenidos:
  • Cover
  • About the Authors
  • Title Page
  • Copyright Page
  • Acknowledgments
  • About this Book
  • Contents at a Glance
  • Contents
  • Foreword
  • Preface
  • Introduction
  • Instructor Website
  • Chapter 1 Introduction and Security Trends
  • The Computer Security Problem
  • Threats to Security
  • Attributes of Actors
  • Security Trends
  • Targets and Attacks
  • Approaches to Computer Security
  • Ethics
  • Additional References
  • Chapter 1 Review
  • Chapter 2 General Security Concepts
  • Basic Security Terminology
  • Formal Security Models
  • Additional References
  • Chapter 2 Review
  • Chapter 3 Operational and Organizational Security
  • Policies, Procedures, Standards, and Guidelines
  • Organizational Policies
  • Security Policies
  • Human Resources Policies
  • Security Awareness and Training
  • Standard Operating Procedures
  • Third-Party Risk Management
  • Interoperability Agreements
  • Chapter 3 Review
  • Chapter 4 The Role of People in Security
  • People-A Security Problem
  • Tools
  • Attacks
  • Poor Security Practices
  • People as a Security Tool
  • Chapter 4 Review
  • Chapter 5 Cryptography
  • Cryptography in Practice
  • Cryptographic Objectives
  • Historical Perspectives
  • Hashing Functions
  • Symmetric Encryption
  • Asymmetric Encryption
  • Quantum Cryptography
  • Post-Quantum
  • Lightweight Cryptography
  • Homomorphic Encryption
  • For More Information
  • Chapter 5 Review
  • Chapter 6 Applied Cryptography
  • Cryptography Use
  • Cipher Suites
  • S/MIME
  • PGP
  • Steganography
  • Secure Protocols
  • Secure Protocol Use Cases
  • Cryptographic Attacks
  • Other Standards
  • Chapter 6 Review
  • Chapter 7 Public Key Infrastructure
  • The Basics of Public Key Infrastructures
  • Certificate Authorities
  • Trust Models
  • Digital Certificates
  • Certificate Lifecycles
  • Certificate Repositories
  • Centralized and Decentralized Infrastructures
  • Certificate-Based Threats
  • ISAKMP
  • CMP
  • XKMS
  • CEP
  • Chapter 7 Review
  • Chapter 8 Physical Security
  • The Security Problem
  • Physical Security Safeguards
  • Environmental Controls
  • Fire Suppression
  • Electromagnetic Environment
  • Power Protection
  • Drones/UAVs
  • Chapter 8 Review
  • Chapter 9 Network Fundamentals
  • Network Architectures
  • Network Topology
  • Segregation/Segmentation/Isolation
  • Security Zones
  • Network Protocols
  • Internet Protocol
  • IPv4 vs. IPv6
  • Packet Delivery
  • Inter-Networking
  • MPLS
  • Software-Defined Networking (SDN)
  • Quality of Service (QoS)
  • Traffic Engineering
  • Route Security
  • For More Information
  • Chapter 9 Review
  • Chapter 10 Infrastructure Security
  • Devices
  • Virtualization
  • Networking
  • Security Devices
  • Security Device/Technology Placement
  • Tunneling/VPN
  • Storage Area Networks
  • Media
  • Removable Media
  • Security Concerns for Transmission Media
  • Physical Security Concerns
  • Chapter 10 Review
  • Chapter 11 Authentication and Remote Access
  • User, Group, and Role Management
  • Account Policies
  • Authorization
  • Identity
  • Authentication Methods
  • Biometric Factors
  • Biometric Efficacy Rates
  • Multifactor Authentication
  • Remote Access
  • Preventing Data Loss or Theft
  • Database Security
  • Cloud vs. On-premises Requirements
  • Connection Summary
  • For More Information
  • Chapter 11 Review
  • Chapter 12 Wireless Security and Mobile Devices
  • Connection Methods and Receivers
  • Wireless Protocols
  • Wireless Systems Configuration
  • Wireless Attacks
  • Mobile Device Management Concepts
  • Mobile Application Security
  • Mobile Devices
  • Policies for Enforcement and Monitoring
  • Deployment Models
  • Chapter 12 Review
  • Chapter 13 Intrusion Detection Systems and Network Security
  • History of Intrusion Detection Systems
  • IDS Overview
  • Network-Based IDSs
  • Host-Based IDSs
  • Intrusion Prevention Systems
  • Network Security Monitoring
  • Deception and Disruption Technologies
  • Analytics
  • SIEM
  • DLP
  • Tools
  • Indicators of Compromise
  • For More Information
  • Chapter 13 Review
  • Chapter 14 System Hardening and Baselines
  • Overview of Baselines
  • Hardware/Firmware Security
  • Operating System and Network Operating System Hardening
  • Secure Baseline
  • Endpoint Protection
  • Network Hardening
  • Application Hardening
  • Data-Based Security Controls
  • Environment
  • Automation/Scripting
  • Alternative Environments
  • Industry-Standard Frameworks and Reference Architectures
  • Benchmarks/Secure Configuration Guides
  • For More Information
  • Chapter 14 Review
  • Chapter 15 Types of Attacks and Malicious Software
  • Avenues of Attack
  • Malicious Code
  • Attacking Computer Systems and Networks
  • Advanced Persistent Threat
  • Password Attacks
  • Chapter 15 Review
  • Chapter 16 Security Tools and Techniques
  • Network Reconnaissance and Discovery Tools
  • File Manipulation Tools
  • Shell and Script Environments
  • Packet Capture and Replay Tools
  • Forensic Tools
  • Tool Suites
  • Penetration Testing
  • Vulnerability Testing
  • Auditing
  • Vulnerabilities
  • Chapter 16 Review
  • Chapter 17 Web Components, E-mail, and Instant Messaging
  • Current Web Components and Concerns
  • Web Protocols
  • Code-Based Vulnerabilities
  • Application-Based Weaknesses
  • How E-mail Works
  • Security of E-mail
  • Mail Gateway
  • Mail Encryption
  • Instant Messaging
  • Chapter 17 Review
  • Chapter 18 Cloud Computing
  • Cloud Computing
  • Cloud Types
  • Cloud Service Providers
  • Cloud Security Controls
  • Security as a Service
  • Cloud Security Solutions
  • Virtualization
  • VDI/VDE
  • Fog Computing
  • Edge Computing
  • Thin Client
  • Containers
  • Microservices/API
  • Serverless Architecture
  • Chapter 18 Review
  • Chapter 19 Secure Software Development
  • The Software Engineering Process
  • Secure Coding Concepts
  • Application Attacks
  • Application Hardening
  • Code Quality and Testing
  • Compiled Code vs. Runtime Code
  • Software Diversity
  • Secure DevOps
  • Elasticity
  • Scalability
  • Version Control and Change Management
  • Provisioning and Deprovisioning
  • Integrity Measurement
  • For More Information
  • Chapter 19 Review
  • Chapter 20 Risk Management
  • An Overview of Risk Management
  • Risk Management Vocabulary
  • What Is Risk Management?
  • Security Controls
  • Business Risks
  • Third-party Risks
  • Risk Mitigation Strategies
  • Risk Management Models
  • Risk Assessment
  • Qualitatively Assessing Risk
  • Quantitatively Assessing Risk
  • Qualitative vs. Quantitative Risk Assessment
  • Tools
  • Risk Management Best Practices
  • Additional References
  • Chapter 20 Review
  • Chapter 21 Business Continuity, Disaster Recovery, and Change Management
  • Business Continuity
  • Continuity of Operations Planning (COOP)
  • Disaster Recovery
  • Why Change Management?
  • The Key Concept: Separation of Duties
  • Elements of Change Management
  • Implementing Change Management
  • The Purpose of a Change Control Board
  • The Capability Maturity Model Integration
  • Environment
  • Secure Baseline
  • Sandboxing
  • Integrity Measurement
  • Chapter 21 Review
  • Chapter 22 Incident Response
  • Foundations of Incident Response
  • Attack Frameworks
  • Threat Intelligence
  • Incident Response Process
  • Exercises
  • Stakeholder Management
  • Communication Plan
  • Data Sources
  • Log Files
  • Data Collection Models
  • Standards and Best Practices
  • For More Information
  • Chapter 22 Review
  • Chapter 23 Computer Forensics
  • Evidence
  • Chain of Custody
  • Forensic Process
  • Message Digest and Hash
  • Analysis
  • Host Forensics
  • Device Forensics
  • Network Forensics
  • Legal Hold
  • Chapter 23 Review
  • Chapter 24 Legal Issues and Ethics
  • Cybercrime
  • Ethics
  • Chapter 24 Review
  • Chapter 25 Privacy
  • Data Handling
  • Organizational Consequences of Privacy Breaches
  • Data Sensitivity Labeling and Handling
  • Data Roles
  • Data Destruction and Media Sanitization
  • U.S. Privacy Laws
  • International Privacy Laws
  • Privacy-Enhancing Technologies
  • Privacy Policies
  • Privacy Impact Assessment
  • Web Privacy Issues
  • Privacy in Practice
  • For More Information
  • Chapter 25 Review
  • Appendix A CompTIA Security+ Exam Objectives: SY0-601
  • Appendix B About the Online Content
  • System Requirements
  • Your Total Seminars Training Hub Account
  • Single User License Terms and Conditions
  • TotalTester Online
  • Technical Support
  • Glossary
  • Index.