book

Foundations of Information Security

by Jason Andress

October 2019

Beginner

248 pages

7h 7m

English

No Starch Press

Read now

Unlock full access

Who Should Read This Book?About This Book
Defining Information SecurityWhen Are You Secure?Models for Discussing Security IssuesAttacksDefense in DepthSummaryExercises

IdentificationAuthenticationCommon Identification and Authentication MethodsSummaryExercises
What Are Access Controls?Implementing Access ControlsAccess Control ModelsPhysical Access ControlsSummaryExercises
AccountabilitySecurity Benefits of AccountabilityAuditingSummaryExercises
The History of CryptographyModern Cryptographic ToolsProtecting Data at Rest, in Motion, and in UseSummaryExercises
What Is Compliance?Achieving Compliance with ControlsMaintaining ComplianceLaws and Information SecurityAdopting Frameworks for ComplianceCompliance amid Technological ChangesSummaryExercises
The Operations Security ProcessLaws of Operations SecurityOperations Security in Our Personal LivesOrigins of Operations SecuritySummaryExercises
Gathering Information for Social Engineering AttacksTypes of Social Engineering AttacksBuilding Security Awareness with Security Training ProgramsSummaryExercises
Identifying Physical ThreatsPhysical Security ControlsProtecting PeopleProtecting DataProtecting EquipmentSummaryExercises
Protecting NetworksProtecting Network TrafficNetwork Security ToolsSummaryExercises
Operating System HardeningProtecting Against MalwareOperating System Security ToolsSummaryExercises
Mobile SecurityEmbedded SecurityInternet of Things SecuritySummaryExercises
Software Development VulnerabilitiesWeb SecurityDatabase SecurityApplication Security ToolsSummaryExercises
Vulnerability AssessmentPenetration TestingDoes This Really Mean You’re Secure?SummaryExercises

Content preview from Foundations of Information Security

14ASSESSING SECURITY

Once you’ve put your security measures in place, you need to make sure they’re actually protecting your assets. As discussed in Chapter 6, complying with laws and regulations doesn’t actually mean you’re secure. Since that’s the case, how can you assess the true level of your security? You have two primary vehicles for doing so: vulnerability assessment and penetration testing. In this chapter, I’ll discuss these two methods.

Vulnerability Assessment

A vulnerability assessment is a process that uses a specially designed tool to scan for vulnerabilities. Two common vulnerability assessment tools are Qualys and Nessus. To create ...