Analyzing Computer Security: A Threat / Vulnerability / Countermeasure Approach

“In this book, the authors adopt a refreshingly new approach to explaining the intricacies of the security and privacy challenge that is particularly well suited to today’s cybersecurity challenges. Their use of the threat–vulnerability–countermeasure paradigm combined with extensive real-world examples throughout results in a very effective learning methodology.”

—Charles C. Palmer, IBM Research

The Modern Introduction to Computer Security: Understand Threats, Identify Their Causes, and Implement Effective Countermeasures

Analyzing Computer Security is a fresh, modern, and relevant introduction to computer security. Organized around today’s key attacks, vulnerabilities, and countermeasures, it helps you think critically and creatively about computer security—so you can prevent serious problems and mitigate the effects of those that still occur.

In this new book, renowned security and software engineering experts Charles P. Pfleeger and Shari Lawrence Pfleeger—authors of the classic Security in Computing—teach security the way modern security professionals approach it: by identifying the people or things that may cause harm, uncovering weaknesses that can be exploited, and choosing and applying the right protections. With this approach, not only will you study cases of attacks that have occurred, but you will also learn to apply this methodology to new situations.

The book covers “hot button” issues, such as authentication failures, network interception, and denial of service. You also gain new insight into broader themes, including risk analysis, usability, trust, privacy, ethics, and forensics. One step at a time, the book systematically helps you develop the problem-solving skills needed to protect any information infrastructure.

Coverage includes

• Understanding threats, vulnerabilities, and countermeasures

• Knowing when security is useful, and when it’s useless “security theater”

• Implementing effective identification and authentication systems

• Using modern cryptography and overcoming weaknesses in cryptographic systems

• Protecting against malicious code: viruses, Trojans, worms, rootkits, keyloggers, and more

• Understanding, preventing, and mitigating DOS and DDOS attacks

• Architecting more secure wired and wireless networks

• Building more secure application software and operating systems through more solid designs and layered protection

• Protecting identities and enforcing privacy

• Addressing computer threats in critical areas such as cloud computing, e-voting, cyberwarfare, and social media