| Description |
1 online resource |
| Contents |
Cover -- About the Authors -- Title Page -- Copyright Page -- Acknowledgments -- About this Book -- Contents at a Glance -- Contents -- Foreword -- Preface -- Introduction -- Instructor Website -- Chapter 1 Introduction and Security Trends -- The Computer Security Problem -- Threats to Security -- Attributes of Actors -- Security Trends -- Targets and Attacks -- Approaches to Computer Security -- Ethics -- Additional References -- Chapter 1 Review -- Chapter 2 General Security Concepts -- Basic Security Terminology -- Formal Security Models -- Additional References -- Chapter 2 Review -- Chapter 3 Operational and Organizational Security -- Policies, Procedures, Standards, and Guidelines -- Organizational Policies -- Security Policies -- Human Resources Policies -- Security Awareness and Training -- Standard Operating Procedures -- Third-Party Risk Management -- Interoperability Agreements -- Chapter 3 Review -- Chapter 4 The Role of People in Security -- People-A Security Problem -- Tools -- Attacks -- Poor Security Practices -- People as a Security Tool -- Chapter 4 Review -- Chapter 5 Cryptography -- Cryptography in Practice -- Cryptographic Objectives -- Historical Perspectives -- Hashing Functions -- Symmetric Encryption -- Asymmetric Encryption -- Quantum Cryptography -- Post-Quantum -- Lightweight Cryptography -- Homomorphic Encryption -- For More Information -- Chapter 5 Review -- Chapter 6 Applied Cryptography -- Cryptography Use -- Cipher Suites -- S/MIME -- PGP -- Steganography -- Secure Protocols -- Secure Protocol Use Cases -- Cryptographic Attacks -- Other Standards -- Chapter 6 Review -- Chapter 7 Public Key Infrastructure -- The Basics of Public Key Infrastructures -- Certificate Authorities -- Trust Models -- Digital Certificates -- Certificate Lifecycles -- Certificate Repositories -- Centralized and Decentralized Infrastructures -- Certificate-Based Threats -- ISAKMP -- CMP -- XKMS -- CEP -- Chapter 7 Review -- Chapter 8 Physical Security -- The Security Problem -- Physical Security Safeguards -- Environmental Controls -- Fire Suppression -- Electromagnetic Environment -- Power Protection -- Drones/UAVs -- Chapter 8 Review -- Chapter 9 Network Fundamentals -- Network Architectures -- Network Topology -- Segregation/Segmentation/Isolation -- Security Zones -- Network Protocols -- Internet Protocol -- IPv4 vs. IPv6 -- Packet Delivery -- Inter-Networking -- MPLS -- Software-Defined Networking (SDN) -- Quality of Service (QoS) -- Traffic Engineering -- Route Security -- For More Information -- Chapter 9 Review -- Chapter 10 Infrastructure Security -- Devices -- Virtualization -- Networking -- Security Devices -- Security Device/Technology Placement -- Tunneling/VPN -- Storage Area Networks -- Media -- Removable Media -- Security Concerns for Transmission Media -- Physical Security Concerns -- Chapter 10 Review -- Chapter 11 Authentication and Remote Access -- User, Group, and Role Management -- Account Policies -- Authorization -- Identity -- Authentication Methods -- Biometric Factors -- Biometric Efficacy Rates -- Multifactor Authentication -- Remote Access -- Preventing Data Loss or Theft -- Database Security -- Cloud vs. On-premises Requirements -- Connection Summary -- For More Information -- Chapter 11 Review -- Chapter 12 Wireless Security and Mobile Devices -- Connection Methods and Receivers -- Wireless Protocols -- Wireless Systems Configuration -- Wireless Attacks -- Mobile Device Management Concepts -- Mobile Application Security -- Mobile Devices -- Policies for Enforcement and Monitoring -- Deployment Models -- Chapter 12 Review -- Chapter 13 Intrusion Detection Systems and Network Security -- History of Intrusion Detection Systems -- IDS Overview -- Network-Based IDSs -- Host-Based IDSs -- Intrusion Prevention Systems -- Network Security Monitoring -- Deception and Disruption Technologies -- Analytics -- SIEM -- DLP -- Tools -- Indicators of Compromise -- For More Information -- Chapter 13 Review -- Chapter 14 System Hardening and Baselines -- Overview of Baselines -- Hardware/Firmware Security -- Operating System and Network Operating System Hardening -- Secure Baseline -- Endpoint Protection -- Network Hardening -- Application Hardening -- Data-Based Security Controls -- Environment -- Automation/Scripting -- Alternative Environments -- Industry-Standard Frameworks and Reference Architectures -- Benchmarks/Secure Configuration Guides -- For More Information -- Chapter 14 Review -- Chapter 15 Types of Attacks and Malicious Software -- Avenues of Attack -- Malicious Code -- Attacking Computer Systems and Networks -- Advanced Persistent Threat -- Password Attacks -- Chapter 15 Review -- Chapter 16 Security Tools and Techniques -- Network Reconnaissance and Discovery Tools -- File Manipulation Tools -- Shell and Script Environments -- Packet Capture and Replay Tools -- Forensic Tools -- Tool Suites -- Penetration Testing -- Vulnerability Testing -- Auditing -- Vulnerabilities -- Chapter 16 Review -- Chapter 17 Web Components, E-mail, and Instant Messaging -- Current Web Components and Concerns -- Web Protocols -- Code-Based Vulnerabilities -- Application-Based Weaknesses -- How E-mail Works -- Security of E-mail -- Mail Gateway -- Mail Encryption -- Instant Messaging -- Chapter 17 Review -- Chapter 18 Cloud Computing -- Cloud Computing -- Cloud Types -- Cloud Service Providers -- Cloud Security Controls -- Security as a Service -- Cloud Security Solutions -- Virtualization -- VDI/VDE -- Fog Computing -- Edge Computing -- Thin Client -- Containers -- Microservices/API -- Serverless Architecture -- Chapter 18 Review -- Chapter 19 Secure Software Development -- The Software Engineering Process -- Secure Coding Concepts -- Application Attacks -- Application Hardening -- Code Quality and Testing -- Compiled Code vs. Runtime Code -- Software Diversity -- Secure DevOps -- Elasticity -- Scalability -- Version Control and Change Management -- Provisioning and Deprovisioning -- Integrity Measurement -- For More Information -- Chapter 19 Review -- Chapter 20 Risk Management -- An Overview of Risk Management -- Risk Management Vocabulary -- What Is Risk Management? -- Security Controls -- Business Risks -- Third-party Risks -- Risk Mitigation Strategies -- Risk Management Models -- Risk Assessment -- Qualitatively Assessing Risk -- Quantitatively Assessing Risk -- Qualitative vs. Quantitative Risk Assessment -- Tools -- Risk Management Best Practices -- Additional References -- Chapter 20 Review -- Chapter 21 Business Continuity, Disaster Recovery, and Change Management -- Business Continuity -- Continuity of Operations Planning (COOP) -- Disaster Recovery -- Why Change Management? -- The Key Concept: Separation of Duties -- Elements of Change Management -- Implementing Change Management -- The Purpose of a Change Control Board -- The Capability Maturity Model Integration -- Environment -- Secure Baseline -- Sandboxing -- Integrity Measurement -- Chapter 21 Review -- Chapter 22 Incident Response -- Foundations of Incident Response -- Attack Frameworks -- Threat Intelligence -- Incident Response Process -- Exercises -- Stakeholder Management -- Communication Plan -- Data Sources -- Log Files -- Data Collection Models -- Standards and Best Practices -- For More Information -- Chapter 22 Review -- Chapter 23 Computer Forensics -- Evidence -- Chain of Custody -- Forensic Process -- Message Digest and Hash -- Analysis -- Host Forensics -- Device Forensics -- Network Forensics -- Legal Hold -- Chapter 23 Review -- Chapter 24 Legal Issues and Ethics -- Cybercrime -- Ethics -- Chapter 24 Review -- Chapter 25 Privacy -- Data Handling -- Organizational Consequences of Privacy Breaches -- Data Sensitivity Labeling and Handling -- Data Roles -- Data Destruction and Media Sanitization -- U.S. Privacy Laws -- International Privacy Laws -- Privacy-Enhancing Technologies -- Privacy Policies -- Privacy Impact Assessment -- Web Privacy Issues -- Privacy in Practice -- For More Information -- Chapter 25 Review -- Appendix A CompTIA Security+ Exam Objectives: SY0-601 -- Appendix B About the Online Content -- System Requirements -- Your Total Seminars Training Hub Account -- Single User License Terms and Conditions -- TotalTester Online -- Technical Support -- Glossary -- Index |
| Summary |
Fully updated computer security essentials-mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. This thoroughly revised, full-color textbook covers how to secure hardware, systems, and software. It addresses new threats and cloud environments, and provides additional coverage of governance, risk, compliance, and much more. Written by a team of highly respected security educators, Principles of Computer Security: CompTIA Security+™ and Beyond, Sixth Edition (Exam SY0-601) will help you become a CompTIA-certified computer security expert while also preparing you for a successful career. Find out how to: Ensure operational, organizational, and physical security Use cryptography and public key infrastructures (PKIs) Secure remote access, wireless networks, and virtual private networks (VPNs) Authenticate users and lock down mobile devices Harden network devices, operating systems, and applications Prevent network attacks, such as denial of service, spoofing, hijacking, and password guessing Combat viruses, worms, Trojan horses, and rootkits Manage e-mail, instant messaging, and web security Explore secure software development requirements Implement disaster recovery and business continuity measures Handle computer forensics and incident response Understand legal, ethical, and privacy issues Online content features: Test engine that provides full-length practice exams and customized quizzes by chapter or exam objective Each chapter includes: Learning objectives Real-world examples Try This! and Cross Check exercises Tech Tips, Notes, and Warnings Exam Tips End-of-chapter quizzes and lab projects |
| Notes |
Title from content provider |
|
Available through AccessEngineering |
|
Description based on resource, viewed September 5, 2022 |
| Subject |
Computer security -- Examinations -- Study guides
|
|
Computer networks -- Security measures -- Examinations -- Study guides
|
|
Computer networks -- Security measures -- Examinations
|
|
Computer security -- Examinations
|
| Genre/Form |
Study guides
|
| Form |
Electronic book
|
| Author |
White, Gregory B., author
|
|
Cothren, Chuck, author.
|
|
Davis, Roger (Security expert), author.
|
|
Williams, Dwayne, author.
|
| ISBN |
9781260474329 |
|
1260474321 |
|
