دانلود کتاب Foundations of Information Security: A Straightforward Introduction

فهرست مطالب :

Brief Contents Content in Detail Acknowledgments Introduction Who Should Read This Book? About This Book Chapter 1: What Is Information Security? Defining Information Security When Are You Secure? Models for Discussing Security Issues The Confidentiality, Integrity, and Availability Triad The Parkerian Hexad Attacks Types of Attacks Threats, Vulnerabilities, and Risk Risk Management Incident Response Defense in Depth Summary Exercises Chapter 2: Identification and Authentication Identification Who We Claim to Be Identity Verification Falsifying Identification Authentication Factors Multifactor Authentication Mutual Authentication Common Identification and Authentication Methods Passwords Biometrics Hardware Tokens Summary Exercises Chapter 3: Authorization and Access Controls What Are Access Controls? Implementing Access Controls Access Control Lists Capabilities Access Control Models Discretionary Access Control Mandatory Access Control Rule-Based Access Control Role-Based Access Control Attribute-Based Access Control Multilevel Access Control Physical Access Controls Summary Exercises Chapter 4: Auditing and Accountability Accountability Security Benefits of Accountability Nonrepudiation Deterrence Intrusion Detection and Prevention Admissibility of Records Auditing What Do You Audit? Logging Monitoring Auditing with Assessments Summary Exercises Chapter 5: Cryptography The History of Cryptography The Caesar Cipher Cryptographic Machines Kerckhoffs’s Principles Modern Cryptographic Tools Keyword Ciphers and One-Time Pads Symmetric and Asymmetric Cryptography Hash Functions Digital Signatures Certificates Protecting Data at Rest, in Motion, and in Use Protecting Data at Rest Protecting Data in Motion Protecting Data in Use Summary Exercises Chapter 6: Compliance, Laws, and Regulations What Is Compliance? Types of Compliance Consequences of Noncompliance Achieving Compliance with Controls Types of Controls Key vs. Compensating Controls Maintaining Compliance Laws and Information Security Government-Related Regulatory Compliance Industry-Specific Regulatory Compliance Laws Outside of the United States Adopting Frameworks for Compliance International Organization for Standardization National Institute of Standards and Technology Custom Frameworks Compliance amid Technological Changes Compliance in the Cloud Compliance with Blockchain Compliance with Cryptocurrencies Summary Exercises Chapter 7: Operations Security The Operations Security Process Identification of Critical Information Analysis of Threats Analysis of Vulnerabilities Assessment of Risks Application of Countermeasures Laws of Operations Security First Law: Know the Threats Second Law: Know What to Protect Third Law: Protect the Information Operations Security in Our Personal Lives Origins of Operations Security Sun Tzu George Washington Vietnam War Business Interagency OPSEC Support Staff Summary Exercises Chapter 8: Human Element Security Gathering Information for Social Engineering Attacks Human Intelligence Open Source Intelligence Other Kinds of Intelligence Types of Social Engineering Attacks Pretexting Phishing Tailgating Building Security Awareness with Security Training Programs Passwords Social Engineering Training Network Usage Malware Personal Equipment Clean Desk Policies Familiarity with Policy and Regulatory Knowledge Summary Exercises Chapter 9: Physical Security Identifying Physical Threats Physical Security Controls Deterrent Controls Detective Controls Preventive Controls Using Physical Access Controls Protecting People Physical Concerns for People Ensuring Safety Evacuation Administrative Controls Protecting Data Physical Concerns for Data Accessibility of Data Residual Data Protecting Equipment Physical Concerns for Equipment Site Selection Securing Access Environmental Conditions Summary Exercises Chapter 10: Network Security Protecting Networks Designing Secure Networks Using Firewalls Implementing Network Intrusion Detection Systems Protecting Network Traffic Using Virtual Private Networks Protecting Data over Wireless Networks Using Secure Protocols Network Security Tools Wireless Protection Tools Scanners Packet Sniffers Honeypots Firewall Tools Summary Exercises Chapter 11: Operating System Security Operating System Hardening Remove All Unnecessary Software Remove All Unessential Services Alter Default Accounts Apply the Principle of Least Privilege Perform Updates Turn On Logging and Auditing Protecting Against Malware Anti-malware Tools Executable Space Protection Software Firewalls and Host Intrusion Detection Operating System Security Tools Scanners Vulnerability Assessment Tools Exploit Frameworks Summary Exercises Chapter 12: Mobile, Embedded, and Internet of Things Security Mobile Security Protecting Mobile Devices Mobile Security Issues Embedded Security Where Embedded Devices Are Used Embedded Device Security Issues Internet of Things Security What Is an IoT Device? IoT Security Issues Summary Exercises Chapter 13: Application Security Software Development Vulnerabilities Buffer Overflows Race Conditions Input Validation Attacks Authentication Attacks Authorization Attacks Cryptographic Attacks Web Security Client-Side Attacks Server-Side Attacks Database Security Protocol Issues Unauthenticated Access Arbitrary Code Execution Privilege Escalation Application Security Tools Sniffers Web Application Analysis Tools Fuzzers Summary Exercises Chapter 14: Assessing Security Vulnerability Assessment Mapping and Discovery Scanning Technological Challenges for Vulnerability Assessment Penetration Testing The Penetration Testing Process Classifying Penetration Tests Targets of Penetration Tests Bug Bounty Programs Technological Challenges for Penetration Testing Does This Really Mean You’re Secure? Realistic Testing Can You Detect Your Own Attacks? Secure Today Doesn’t Mean Secure Tomorrow Fixing Security Holes Is Expensive Summary Exercises Notes Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14 Index