9781260474312

Principles of Computer Security: CompTIA Security+ and Beyond, Sixth Edition (Exam SY0-601)

by ; ; ; ;
  • ISBN13:

    9781260474312

  • ISBN10:

    1260474313

  • Edition: 6th
  • Format: Paperback
  • Copyright: 2021-10-29
  • Publisher: McGraw Hill

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Purchase Benefits

  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Buyback Icon We Buy This Book Back!
    In-Store Credit: $32.81
    Check/Direct Deposit: $31.25
    PayPal: $31.25
List Price: $106.92 Save up to $42.77
  • Rent Book $64.15
    Add to Cart Free Shipping Icon Free Shipping

    TERM
    PRICE
    DUE
    USUALLY SHIPS IN 3-4 BUSINESS DAYS
    *This item is part of an exclusive publisher rental program and requires an additional convenience fee. This fee will be reflected in the shopping cart.

Supplemental Materials

What is included with this book?

Table of Contents

Foreword
Preface
Introduction
Instructor Website
Chapter 1 Introduction and Security Trends
   The Computer Security Problem
   Threats to Security
   Attributes of Actors
   Security Trends
   Targets and Attacks
   Approaches to Computer Security
   Ethics
   Additional References
   Chapter 1 Review
Chapter 2 General Security Concepts
   Basic Security Terminology
   Formal Security Models
   Additional References
   Chapter 2 Review
Chapter 3 Operational and Organizational Security
   Policies, Procedures, Standards, and Guidelines
   Organizational Policies
   Security Policies
   Human Resources Policies
   Security Awareness and Training
   Standard Operating Procedures
   Third-Party Risk Management
   Interoperability Agreements
   Chapter 3 Review
Chapter 4 The Role of People in Security
   People—A Security Problem
   Tools
   Attacks
   Poor Security Practices
   People as a Security Tool
   Chapter 4 Review
Chapter 5 Cryptography
   Cryptography in Practice
   Cryptographic Objectives
   Historical Perspectives
   Hashing Functions
   Symmetric Encryption
   Asymmetric Encryption
   Quantum Cryptography
   Post-Quantum
   Lightweight Cryptography
   Homomorphic Encryption
   For More Information
   Chapter 5 Review
Chapter 6 Applied Cryptography
   Cryptography Use
   Cipher Suites
   S/MIME
   PGP
   Steganography
   Secure Protocols
   Secure Protocol Use Cases
   Cryptographic Attacks
   Other Standards
   Chapter 6 Review
Chapter 7 Public Key Infrastructure
   The Basics of Public Key Infrastructures
   Certificate Authorities
   Trust Models
   Digital Certificates
   Certificate Lifecycles
   Certificate Repositories
   Centralized and Decentralized Infrastructures
   Certificate-Based Threats
   PKIX and PKCS
   ISAKMP
   CMP
   XKMS
   CEP
   Chapter 7 Review
Chapter 8 Physical Security
   The Security Problem
   Physical Security Safeguards
   Environmental Controls
   Fire Suppression
   Electromagnetic Environment
   Power Protection
   Drones/UAVs
   Chapter 8 Review
Chapter 9 Network Fundamentals
   Network Architectures
   Network Topology
   Segregation/Segmentation/Isolation
   Security Zones
   Network Protocols
   Internet Protocol
   IPv4 vs. IPv6
   Packet Delivery
   Inter-Networking
   MPLS
   Software-Defined Networking (SDN)
   Quality of Service (QoS)
   Traffic Engineering
   Route Security
   For More Information
   Chapter 9 Review
Chapter 10 Infrastructure Security
   Devices
   Virtualization
   Networking
   Security Devices
   Security Device/Technology Placement
   Tunneling/VPN
   Storage Area Networks
   Media
   Removable Media
   Security Concerns for Transmission Media
   Physical Security Concerns
   Chapter 10 Review
Chapter 11 Authentication and Remote Access
   User, Group, and Role Management
   Account Policies
   Authorization
   Identity
   Authentication Methods
   Biometric Factors
   Biometric Efficacy Rates
   Multifactor Authentication
   Remote Access
   Preventing Data Loss or Theft
   Database Security
   Cloud vs. On-premises Requirements
   Connection Summary
   For More Information
   Chapter 11 Review
Chapter 12 Wireless Security and Mobile Devices
   Connection Methods and Receivers
   Wireless Protocols
   Wireless Systems Configuration
   Wireless Attacks
   Mobile Device Management Concepts
   Mobile Application Security
   Mobile Devices
   Policies for Enforcement and Monitoring
   Deployment Models
   Chapter 12 Review
Chapter 13 Intrusion Detection Systems and Network Security
   History of Intrusion Detection Systems
   IDS Overview
   Network-Based IDSs
   Host-Based IDSs
   Intrusion Prevention Systems
   Network Security Monitoring
   Deception and Disruption Technologies
   Analytics
   SIEM
   DLP
   Tools
   Indicators of Compromise
   For More Information
   Chapter 13 Review
Chapter 14 System Hardening and Baselines
   Overview of Baselines
   Hardware/Firmware Security
   Operating System and Network Operating System Hardening
   Secure Baseline
   Endpoint Protection
   Network Hardening
   Application Hardening
   Data-Based Security Controls
   Environment
   Automation/Scripting
   Alternative Environments
   Industry-Standard Frameworks and Reference Architectures
   Benchmarks/Secure Configuration Guides
   For More Information
   Chapter 14 Review
Chapter 15 Types of Attacks and Malicious Software
   Avenues of Attack
   Malicious Code
   Malware
   Attacking Computer Systems and Networks
   Advanced Persistent Threat
   Password Attacks
   Chapter 15 Review
Chapter 16 Security Tools and Techniques
   Network Reconnaissance and Discovery Tools
   File Manipulation Tools
   Shell and Script Environments
   Packet Capture and Replay Tools
   Forensic Tools
   Tool Suites
   Penetration Testing
   Vulnerability Testing
   Auditing
   Vulnerabilities
   Chapter 16 Review
Chapter 17 Web Components, E-mail, and Instant Messaging
   Current Web Components and Concerns
   Web Protocols
   Code-Based Vulnerabilities
   Application-Based Weaknesses
   How E-mail Works
   Security of E-mail
   Mail Gateway
   Mail Encryption
   Instant Messaging
   Chapter 17 Review
Chapter 18 Cloud Computing
   Cloud Computing
   Cloud Types
   Cloud Service Providers
   Cloud Security Controls
   Security as a Service
   Cloud Security Solutions
   Virtualization
   VDI/VDE
   Fog Computing
   Edge Computing
   Thin Client
   Containers
   Microservices/API
   Serverless Architecture
   Chapter 18 Review
Chapter 19 Secure Software Development
   The Software Engineering Process
   Secure Coding Concepts
   Application Attacks
   Application Hardening
   Code Quality and Testing
   Compiled Code vs. Runtime Code
   Software Diversity
   Secure DevOps
   Elasticity
   Scalability
   Version Control and Change Management
   Provisioning and Deprovisioning
   Integrity Measurement
   For More Information
   Chapter 19 Review
Chapter 20 Risk Management
   An Overview of Risk Management
   Risk Management Vocabulary
   What Is Risk Management?
   Security Controls
   Business Risks
   Third-party Risks
   Risk Mitigation Strategies
   Risk Management Models
   Risk Assessment
   Qualitatively Assessing Risk
   Quantitatively Assessing Risk
   Qualitative vs. Quantitative Risk Assessment
   Tools
   Risk Management Best Practices
   Additional References
   Chapter 20 Review
Chapter 21 Business Continuity, Disaster Recovery, and Change Management
   Business Continuity
   Continuity of Operations Planning (COOP)
   Disaster Recovery
   Why Change Management?
   The Key Concept: Separation of Duties
   Elements of Change Management
   Implementing Change Management
   The Purpose of a Change Control Board
   The Capability Maturity Model Integration
   Environment
   Secure Baseline
   Sandboxing
   Integrity Measurement
   Chapter 21 Review
Chapter 22 Incident Response
   Foundations of Incident Response
   Attack Frameworks
   Threat Intelligence
   Incident Response Process
   Exercises
   Stakeholder Management
   Communication Plan
   Data Sources
   Log Files
   Data Collection Models
   Standards and Best Practices
   For More Information
   Chapter 22 Review
Chapter 23 Computer Forensics
   Evidence
   Chain of Custody
   Forensic Process
   Message Digest and Hash
   Analysis
   Host Forensics
   Device Forensics
   Network Forensics
   Legal Hold
   Chapter 23 Review
Chapter 24 Legal Issues and Ethics
   Cybercrime
   Ethics
   Chapter 24 Review
Chapter 25 Privacy
   Data Handling
   Organizational Consequences of Privacy Breaches
   Data Sensitivity Labeling and Handling
   Data Roles
   Data Destruction and Media Sanitization
   U.S. Privacy Laws
   International Privacy Laws
   Privacy-Enhancing Technologies
   Privacy Policies
   Privacy Impact Assessment
   Web Privacy Issues
   Privacy in Practice
   For More Information
   Chapter 25 Review
Appendix A CompTIA Security+ Exam Objectives: SY0-601
Appendix B About the Online Content
   System Requirements
   Your Total Seminars Training Hub Account
   Single User License Terms and Conditions
   TotalTester Online
   Technical Support
Glossary
Index

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program