Principles of computer security : CompTIA Security+ and beyond, (exam SY0-501) /
Fully updated computer security essentials-mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. T...
Clasificación: | Libro Electrónico |
---|---|
Autores principales: | , , , , |
Formato: | Electrónico eBook |
Idioma: | Indeterminado |
Publicado: |
New York :
McGraw-Hill,
2021.
|
Edición: | Sixth edition. |
Temas: | |
Acceso en línea: | Texto completo (Requiere registro previo con correo institucional) |
Tabla de Contenidos:
- Cover
- About the Authors
- Title Page
- Copyright Page
- Acknowledgments
- About this Book
- Contents at a Glance
- Contents
- Foreword
- Preface
- Introduction
- Instructor Website
- Chapter 1 Introduction and Security Trends
- The Computer Security Problem
- Threats to Security
- Attributes of Actors
- Security Trends
- Targets and Attacks
- Approaches to Computer Security
- Ethics
- Additional References
- Chapter 1 Review
- Chapter 2 General Security Concepts
- Basic Security Terminology
- Formal Security Models
- Additional References
- Chapter 2 Review
- Chapter 3 Operational and Organizational Security
- Policies, Procedures, Standards, and Guidelines
- Organizational Policies
- Security Policies
- Human Resources Policies
- Security Awareness and Training
- Standard Operating Procedures
- Third-Party Risk Management
- Interoperability Agreements
- Chapter 3 Review
- Chapter 4 The Role of People in Security
- People-A Security Problem
- Tools
- Attacks
- Poor Security Practices
- People as a Security Tool
- Chapter 4 Review
- Chapter 5 Cryptography
- Cryptography in Practice
- Cryptographic Objectives
- Historical Perspectives
- Hashing Functions
- Symmetric Encryption
- Asymmetric Encryption
- Quantum Cryptography
- Post-Quantum
- Lightweight Cryptography
- Homomorphic Encryption
- For More Information
- Chapter 5 Review
- Chapter 6 Applied Cryptography
- Cryptography Use
- Cipher Suites
- S/MIME
- PGP
- Steganography
- Secure Protocols
- Secure Protocol Use Cases
- Cryptographic Attacks
- Other Standards
- Chapter 6 Review
- Chapter 7 Public Key Infrastructure
- The Basics of Public Key Infrastructures
- Certificate Authorities
- Trust Models
- Digital Certificates
- Certificate Lifecycles
- Certificate Repositories
- Centralized and Decentralized Infrastructures
- Certificate-Based Threats
- ISAKMP
- CMP
- XKMS
- CEP
- Chapter 7 Review
- Chapter 8 Physical Security
- The Security Problem
- Physical Security Safeguards
- Environmental Controls
- Fire Suppression
- Electromagnetic Environment
- Power Protection
- Drones/UAVs
- Chapter 8 Review
- Chapter 9 Network Fundamentals
- Network Architectures
- Network Topology
- Segregation/Segmentation/Isolation
- Security Zones
- Network Protocols
- Internet Protocol
- IPv4 vs. IPv6
- Packet Delivery
- Inter-Networking
- MPLS
- Software-Defined Networking (SDN)
- Quality of Service (QoS)
- Traffic Engineering
- Route Security
- For More Information
- Chapter 9 Review
- Chapter 10 Infrastructure Security
- Devices
- Virtualization
- Networking
- Security Devices
- Security Device/Technology Placement
- Tunneling/VPN
- Storage Area Networks
- Media
- Removable Media
- Security Concerns for Transmission Media
- Physical Security Concerns
- Chapter 10 Review
- Chapter 11 Authentication and Remote Access
- User, Group, and Role Management
- Account Policies
- Authorization
- Identity
- Authentication Methods
- Biometric Factors
- Biometric Efficacy Rates
- Multifactor Authentication
- Remote Access
- Preventing Data Loss or Theft
- Database Security
- Cloud vs. On-premises Requirements
- Connection Summary
- For More Information
- Chapter 11 Review
- Chapter 12 Wireless Security and Mobile Devices
- Connection Methods and Receivers
- Wireless Protocols
- Wireless Systems Configuration
- Wireless Attacks
- Mobile Device Management Concepts
- Mobile Application Security
- Mobile Devices
- Policies for Enforcement and Monitoring
- Deployment Models
- Chapter 12 Review
- Chapter 13 Intrusion Detection Systems and Network Security
- History of Intrusion Detection Systems
- IDS Overview
- Network-Based IDSs
- Host-Based IDSs
- Intrusion Prevention Systems
- Network Security Monitoring
- Deception and Disruption Technologies
- Analytics
- SIEM
- DLP
- Tools
- Indicators of Compromise
- For More Information
- Chapter 13 Review
- Chapter 14 System Hardening and Baselines
- Overview of Baselines
- Hardware/Firmware Security
- Operating System and Network Operating System Hardening
- Secure Baseline
- Endpoint Protection
- Network Hardening
- Application Hardening
- Data-Based Security Controls
- Environment
- Automation/Scripting
- Alternative Environments
- Industry-Standard Frameworks and Reference Architectures
- Benchmarks/Secure Configuration Guides
- For More Information
- Chapter 14 Review
- Chapter 15 Types of Attacks and Malicious Software
- Avenues of Attack
- Malicious Code
- Attacking Computer Systems and Networks
- Advanced Persistent Threat
- Password Attacks
- Chapter 15 Review
- Chapter 16 Security Tools and Techniques
- Network Reconnaissance and Discovery Tools
- File Manipulation Tools
- Shell and Script Environments
- Packet Capture and Replay Tools
- Forensic Tools
- Tool Suites
- Penetration Testing
- Vulnerability Testing
- Auditing
- Vulnerabilities
- Chapter 16 Review
- Chapter 17 Web Components, E-mail, and Instant Messaging
- Current Web Components and Concerns
- Web Protocols
- Code-Based Vulnerabilities
- Application-Based Weaknesses
- How E-mail Works
- Security of E-mail
- Mail Gateway
- Mail Encryption
- Instant Messaging
- Chapter 17 Review
- Chapter 18 Cloud Computing
- Cloud Computing
- Cloud Types
- Cloud Service Providers
- Cloud Security Controls
- Security as a Service
- Cloud Security Solutions
- Virtualization
- VDI/VDE
- Fog Computing
- Edge Computing
- Thin Client
- Containers
- Microservices/API
- Serverless Architecture
- Chapter 18 Review
- Chapter 19 Secure Software Development
- The Software Engineering Process
- Secure Coding Concepts
- Application Attacks
- Application Hardening
- Code Quality and Testing
- Compiled Code vs. Runtime Code
- Software Diversity
- Secure DevOps
- Elasticity
- Scalability
- Version Control and Change Management
- Provisioning and Deprovisioning
- Integrity Measurement
- For More Information
- Chapter 19 Review
- Chapter 20 Risk Management
- An Overview of Risk Management
- Risk Management Vocabulary
- What Is Risk Management?
- Security Controls
- Business Risks
- Third-party Risks
- Risk Mitigation Strategies
- Risk Management Models
- Risk Assessment
- Qualitatively Assessing Risk
- Quantitatively Assessing Risk
- Qualitative vs. Quantitative Risk Assessment
- Tools
- Risk Management Best Practices
- Additional References
- Chapter 20 Review
- Chapter 21 Business Continuity, Disaster Recovery, and Change Management
- Business Continuity
- Continuity of Operations Planning (COOP)
- Disaster Recovery
- Why Change Management?
- The Key Concept: Separation of Duties
- Elements of Change Management
- Implementing Change Management
- The Purpose of a Change Control Board
- The Capability Maturity Model Integration
- Environment
- Secure Baseline
- Sandboxing
- Integrity Measurement
- Chapter 21 Review
- Chapter 22 Incident Response
- Foundations of Incident Response
- Attack Frameworks
- Threat Intelligence
- Incident Response Process
- Exercises
- Stakeholder Management
- Communication Plan
- Data Sources
- Log Files
- Data Collection Models
- Standards and Best Practices
- For More Information
- Chapter 22 Review
- Chapter 23 Computer Forensics
- Evidence
- Chain of Custody
- Forensic Process
- Message Digest and Hash
- Analysis
- Host Forensics
- Device Forensics
- Network Forensics
- Legal Hold
- Chapter 23 Review
- Chapter 24 Legal Issues and Ethics
- Cybercrime
- Ethics
- Chapter 24 Review
- Chapter 25 Privacy
- Data Handling
- Organizational Consequences of Privacy Breaches
- Data Sensitivity Labeling and Handling
- Data Roles
- Data Destruction and Media Sanitization
- U.S. Privacy Laws
- International Privacy Laws
- Privacy-Enhancing Technologies
- Privacy Policies
- Privacy Impact Assessment
- Web Privacy Issues
- Privacy in Practice
- For More Information
- Chapter 25 Review
- Appendix A CompTIA Security+ Exam Objectives: SY0-601
- Appendix B About the Online Content
- System Requirements
- Your Total Seminars Training Hub Account
- Single User License Terms and Conditions
- TotalTester Online
- Technical Support
- Glossary
- Index.