The New State of the Art in Information Security: Now Covers Cloud Computing, the Internet of Things, and Cyberwarfare

Students and IT and security professionals have long relied on Security in Computing as the definitive guide to computer security attacks and countermeasures. Now, the authors have thoroughly updated this classic to reflect today’s newest technologies, attacks, standards, and trends.

Security in Computing, Fifth Edition, offers complete, timely coverage of all aspects of computer security, including users, software, devices, operating systems, networks, and data. Reflecting rapidly evolving attacks, countermeasures, and computing environments, this new edition introduces best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more. More than two hundred end-of-chapter exercises help the student to solidify lessons learned in each chapter.

Combining breadth, depth, and exceptional clarity, this comprehensive guide builds carefully from simple to complex topics, so you always understand all you need to know before you move forward.

You’ll start by mastering the field’s basic terms, principles, and concepts. Next, you’ll apply these basics in diverse situations and environments, learning to ”think like an attacker” and identify exploitable weaknesses. Then you will switch to defense, selecting the best available solutions and countermeasures. Finally, you’ll go beyond technology to understand crucial management issues in protecting infrastructure and data.

New coverage includes

A full chapter on securing cloud environments and managing their unique risks
Extensive new coverage of security issues associated with user—web interaction
New risks and techniques for safeguarding the Internet of Things
A new primer on threats to privacy and how to guard it
An assessment of computers and cyberwarfare–recent attacks and emerging risks
Security flaws and risks associated with electronic voting systems

Charles Pfleeger is an internationally known expert on computer and communications security. He was originally a professor at the University of Tennessee, leaving there to join computer security research and consulting companies Trusted Information Systems and Arca Systems (later Exodus Communications and Cable and Wireless). With Trusted Information Systems he was Director of European Operations and Senior Consultant. With Cable and Wireless he was Director of Research and a member of the staff of the Chief Security Officer. He was chair of the IEEE Computer Society Technical Committee on Security and Privacy.

Shari Lawrence Pfleeger is widely known as a software engineering and computer security researcher, most recently as a Senior Computer Scientist with the Rand Corporation and as Research Director of the Institute for Information Infrastructure Protection. She is currently Editor in Chief of IEEE Security & Privacy magazine.

Jonathan Margulies is the CTO of Qmulos, a cybersecurity consulting firm. After receiving his Masters Degree in Computer Science from Cornell University, Mr. Margulies spent nine years at Sandia National Labs, researching and developing solutions to protect national security and critical infrastructure systems from advanced persistent threats. He then went on to NIST's National Cybersecurity Center of Excellence, where he worked with a variety of critical infrastructure companies to create industry-standard security architectures. In his free time, Mr. Margulies edits the “Building Security In” section of IEEE Security & Privacy magazine.

Foreword
Preface

Acknowledgments

About the Authors

Chapter: 1 Introduction

1.1 What Is Computer Security?

1.2 Threats

1.3 Harm

1.4 Vulnerabilities

1.5 Controls

1.6 Conclusion

1.7 Exercises

Chapter 2: Toolbox: Authentication, Access Control, and Cryptography

2.1 Authentication

2.2 Access Control

2.3 Cryptography

2.4 Conclusion

2.5 Exercises

Chapter 3: Programs and Programming

3.1 Unintentional (Nonmalicious) Programming Oversights

3.2 Malicious Code—Malware

3.3 Countermeasures

3.4 Conclusion

3.5 Exercises

Chapter 4: The Web—User Side

4.1 Browser Attacks

4.2 Web Attacks Targeting Users

4.3 Obtaining User or Web Site Data

4.4 Email Attacks

4.5 Conclusion

4.6 Exercises

Chapter 5: Operating Systems

5.1 Security in Operating Systems

5.2 Security in the Design of Operating Systems

5.3 Rootkit

5.4 Conclusion

5.5 Exercises

Chapter 6: Networks

6.1 Network Concepts

6.2 Threats to Network Communications

6.3 Wireless Network Security

6.4 Denial of Service

6.5 Distributed Denial-of-Service

6.7 Firewalls

6.8 Intrusion Detection and Prevention Systems

6.9 Network Management

6.10 Conclusion

6.10 Exercises

Chapter 7: Databases

7.1 Introduction to Databases

7.2 Security Requirements of Databases

7.3 Reliability and Integrity

7.4 Database Disclosure

7.5 Data Mining and Big Data

7.6 Conclusion

7.7 Exercises

Chapter 8: Cloud Computing

8.1 Cloud Computing Concepts

8.2 Moving to the Cloud4

8.3 Cloud Security Tools and Techniques

8.4 Cloud Identity Management

8.5 Securing IaaS

8.6 Summary

8.7 Exercises

Chapter 9: Privacy

9.1 Privacy Concepts

9.2 Privacy Principles and Policies

9.3 Authentication and Privacy

9.4 Data Mining

9.5 Privacy on the Web

9.6 Email Security

9.7 Privacy Impacts of Emerging Technologies

9.8 Where the Field Is Headed

9.9 Summary

9.10 Exercises

Chapter 10: Management and Incidents

10.1 Security Planning

10.2 Business Continuity Planning

10.3 Handling Incidents

10.4 Risk Analysis

10.5 Dealing with Disaster

10.6 Conclusion

10.7 Exercises

Chapter 11: Legal Issues and Ethics

11.1 Protecting Programs and Data

11.2 Information and the Law

11.3 Rights of Employees and Employers

11.4 Redress for Software Failures

11.5 Computer Crime

11.6 Ethical Issues in Computer Security

11.7 Analyzing Incidents using Ethics

11.8 Conclusion

11.9 Exercises

Chapter 12: Details of Cryptography

12.1 Cryptology

12.2 Symmetric Encryption Algorithms

12.3 Asymmetric Encryption using RSA

12.4 Message Digests

12.5 Digital Signatures

12.6 Quantum Cryptography

12.6 Conclusion

Chapter 13: Emerging Topics

13.1 The Internet of Things

13.2 Economics

13.3 Electronic Voting

13.4 Cyberwarfare

13.5 Conclusion

Bibliography

Index

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rent More, Save More! Use code: ECRENTAL

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

Security in Computing

Summary

Author Biography

Table of Contents

Supplemental Materials

Rewards Program