O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Foundations of Information Security

Book Description

In this high-level survey of the information security field, best-selling author Jason Andress covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.

Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security, network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.

You’ll also learn the basics of topics like:

•Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process
•The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates
•The laws and regulations that protect systems and data
•Anti-malware tools, firewalls, and intrusion detection systems
•Vulnerabilities such as buffer overflows and race conditions

A valuable resource for beginning security professionals, network systems administrators, or anyone new to the field, Foundations of Information Security is a great place to start your journey into the dynamic and rewarding field of information security.

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Dedication
  5. About the Author
  6. About the Technical Reviewer
  7. CONTENTS IN DETAIL
  8. ACKNOWLEDGMENTS
  9. INTRODUCTION
    1. Who Should Read This Book?
    2. About This Book
  10. 1 WHAT IS INFORMATION SECURITY?
    1. Defining Information Security
    2. When Are You Secure?
    3. Models for Discussing Security Issues
    4. Attacks
    5. Defense in Depth
    6. Summary
    7. Exercises
  11. 2 IDENTIFICATION AND AUTHENTICATION
    1. Identification
    2. Authentication
    3. Common Identification and Authentication Methods
    4. Summary
    5. Exercises
  12. 3 AUTHORIZATION AND ACCESS CONTROLS
    1. What Are Access Controls?
    2. Implementing Access Controls
    3. Access Control Models
    4. Physical Access Controls
    5. Summary
    6. Exercises
  13. 4 AUDITING AND ACCOUNTABILITY
    1. Accountability
    2. Security Benefits of Accountability
    3. Auditing
    4. Summary
    5. Exercises
  14. 5 CRYPTOGRAPHY
    1. The History of Cryptography
    2. Modern Cryptographic Tools
    3. Protecting Data at Rest, in Motion, and in Use
    4. Summary
    5. Exercises
  15. 6 COMPLIANCE, LAWS, AND REGULATIONS
    1. What Is Compliance?
    2. Achieving Compliance with Controls
    3. Maintaining Compliance
    4. Laws and Information Security
    5. Adopting Frameworks for Compliance
    6. Compliance amid Technological Changes
    7. Summary
    8. Exercises
  16. 7 OPERATIONS SECURITY
    1. The Operations Security Process
    2. Laws of Operations Security
    3. Operations Security in Our Personal Lives
    4. Origins of Operations Security
    5. Summary
    6. Exercises
  17. 8 HUMAN ELEMENT SECURITY
    1. Gathering Information for Social Engineering Attacks
    2. Types of Social Engineering Attacks
    3. Building Security Awareness with Security Training Programs
    4. Summary
    5. Exercises
  18. 9 PHYSICAL SECURITY
    1. Identifying Physical Threats
    2. Physical Security Controls
    3. Protecting People
    4. Protecting Data
    5. Protecting Equipment
    6. Summary
    7. Exercises
  19. 10 NETWORK SECURITY
    1. Protecting Networks
    2. Protecting Network Traffic
    3. Network Security Tools
    4. Summary
    5. Exercises
  20. 11 OPERATING SYSTEM SECURITY
    1. Operating System Hardening
    2. Protecting Against Malware
    3. Operating System Security Tools
    4. Summary
    5. Exercises
  21. 12 MOBILE, EMBEDDED, AND INTERNET OF THINGS SECURITY
    1. Mobile Security
    2. Embedded Security
    3. Internet of Things Security
    4. Summary
    5. Exercises
  22. 13 APPLICATION SECURITY
    1. Software Development Vulnerabilities
    2. Web Security
    3. Database Security
    4. Application Security Tools
    5. Summary
    6. Exercises
  23. 14 ASSESSING SECURITY
    1. Vulnerability Assessment
    2. Penetration Testing
    3. Does This Really Mean You’re Secure?
    4. Summary
    5. Exercises
  24. NOTES
  25. INDEX