book

Foundations of Information Security

by Jason Andress

October 2019

Beginner

248 pages

7h 7m

English

No Starch Press

Read now

Unlock full access

Who Should Read This Book?About This Book
Defining Information SecurityWhen Are You Secure?Models for Discussing Security IssuesAttacksDefense in DepthSummaryExercises

IdentificationAuthenticationCommon Identification and Authentication MethodsSummaryExercises
What Are Access Controls?Implementing Access ControlsAccess Control ModelsPhysical Access ControlsSummaryExercises
AccountabilitySecurity Benefits of AccountabilityAuditingSummaryExercises
The History of CryptographyModern Cryptographic ToolsProtecting Data at Rest, in Motion, and in UseSummaryExercises
What Is Compliance?Achieving Compliance with ControlsMaintaining ComplianceLaws and Information SecurityAdopting Frameworks for ComplianceCompliance amid Technological ChangesSummaryExercises
The Operations Security ProcessLaws of Operations SecurityOperations Security in Our Personal LivesOrigins of Operations SecuritySummaryExercises
Gathering Information for Social Engineering AttacksTypes of Social Engineering AttacksBuilding Security Awareness with Security Training ProgramsSummaryExercises
Identifying Physical ThreatsPhysical Security ControlsProtecting PeopleProtecting DataProtecting EquipmentSummaryExercises
Protecting NetworksProtecting Network TrafficNetwork Security ToolsSummaryExercises
Operating System HardeningProtecting Against MalwareOperating System Security ToolsSummaryExercises
Mobile SecurityEmbedded SecurityInternet of Things SecuritySummaryExercises
Software Development VulnerabilitiesWeb SecurityDatabase SecurityApplication Security ToolsSummaryExercises
Vulnerability AssessmentPenetration TestingDoes This Really Mean You’re Secure?SummaryExercises

Content preview from Foundations of Information Security

8HUMAN ELEMENT SECURITY

In information security, we refer to people as the “weak link” of security programs. Regardless of the security measures you set, you have little control over your employees who might click dangerous links, send sensitive information via unprotected channels, hand over passwords, or post important data in conspicuous places.

Worse yet, attackers can take advantage of these tendencies to conduct social engineering attacks that manipulate people to gain information or access to facilities. These attacks usually rely on the willingness of people to help others, particularly when faced with someone who appears to be in distress, ...