Book description
The InfoSec Handbook offers the reader an organized layout of information that is easily read and understood. Allowing beginners to enter the field and understand the key concepts and ideas, while still keeping the experienced readers updated on topics and concepts.
It is intended mainly for beginners to the field of information security, written in a way that makes it easy for them to understand the detailed content of the book. The book offers a practical and simple view of the security practices while still offering somewhat technical and detailed information relating to security. It helps the reader build a strong foundation of information, allowing them to move forward from the book with a larger knowledge base.
Security is a constantly growing concern that everyone must deal with. Whether it's an average computer user or a highly skilled computer user, they are always confronted with different security risks. These risks range in danger and should always be dealt with accordingly. Unfortunately, not everyone is aware of the dangers or how to prevent them and this is where most of the issues arise in information technology (IT). When computer users do not take security into account many issues can arise from that like system compromises or loss of data and information. This is an obvious issue that is present with all computer users.
This book is intended to educate the average and experienced user of what kinds of different security practices and standards exist. It will also cover how to manage security software and updates in order to be as protected as possible from all of the threats that they face
Table of contents
- Cover
- Title
- Copyright
- About ApressOpen
- Dedication
- Contents at a Glance
- Contents
- About the Authors
- Acknowledgments
- Introduction
- Part I: Introduction
-
Part II: Key Principles and Practices
- Chapter 3: Key Concepts and Principles
- Chapter 4: Access Controls
- Chapter 5: Information Systems Management
-
Part III: Application Security
-
Chapter 6: Application and Web Security
- Introduction
-
Software Applications
- Completeness of the Inputs
- Correctness of the Inputs
- Completeness of Processing
- Correctness of Processing
- Completeness of the Updates
- Correctness of the Updates
- Preservation of the Integrity of the Data in Storage
- Preservation of the Integrity of the Data while in Transmission
- Importance of an Effective Application Design and Development Life Cycle
- Important Guidelines for Secure Design and Development
- Web Browsers, Web Servers, and Web Applications
- Chapter Summary
- Chapter 7: Malicious Software and Anti-Virus Software
- Chapter 8: Cryptography
-
Chapter 6: Application and Web Security
-
Part IV: Network Security
- Chapter 9: Understanding Networks and Network Security
- Chapter 10: Firewalls
- Chapter 11: Intrusion Detection and Prevention Systems
- Chapter 12: Virtual Private Networks
-
Chapter 13: Data Backups and Cloud Computing
- Introduction
- Need for Data Backups
-
Types of Backups
- Category 1: Based on current data on the system and the data on the backups
- Category 2: Based on what goes into the backup
- Category 3: Based on storage of backups
- Category 4: Based on the extent of the automation of the backups
- RAID Levels
- Other Important Fault Tolerance Mechanisms
- Role of Storage Area Networks (SAN) in providing Backups and Disaster Recovery
- Cloud Infrastructure in Backup Strategy
- Database Backups
- Backup Strategy
- Introduction to Cloud Computing
- Fundamentals of Cloud Computing
-
Important Benefits of Cloud Computing
- Upfront Capital Expenditure (CAPEX) versus Pay as you use Operational Expenditure (OPEX)
- Elasticity or Flexibility
- Reduced need for specialized resources and maintenance services
- On-Demand Self-Service Mode versus Well-Planned Time-Consuming Ramp Up
- Redundancy and Resilience versus Single Points of Failure
- Cost of traditional DRP and BCP versus the DRP & BCP through Cloud Environment
- Ease of use on the Cloud Environment
- Important Enablers of Cloud Computing
- Four Cloud Deployment Models
-
Main Security and Privacy Concerns of Cloud Computing
- Compliance
- Lack of Segregation of Duties
- Complexity of the Cloud Computing System
- Shared Multi-tenant Environment
- Internet and Internet Facing Applications
- Control of the Cloud Consumer on the Cloud Environment
- Types of Agreements related to Service Levels and Privacy with the Cloud Provider
- Data Management and Data Protection
- Insider Threats
- Security Issues on account of multiple levels
- Physical security issues related to Cloud Computing environment
- Cloud Applications Security
- Threats on account of Virtual Environment
- Encryption and Key Management
-
Some Mechanisms to address the Security and Privacy Concerns in Cloud Computing Environment
- Understand the Cloud Computing environment and protect yourself
- Understand the Technical Competence and segregation of duties of the Cloud Provider
- Protection against Technical Vulnerabilities and Malicious Attacks
- Regular Hardening and Appropriate Configurations of the Cloud Computing Environment
- Data Protection
- Encryption
- Good Governance Mechanisms
- Compliance
- Logging and Auditing
- Patching / Updating
- Application Design and Development
- Physical Security
- Strong Access Controls
- Backups
- Third-Party Certifications / Auditing
- Chapter Summary
-
Part V: Physical Security
- Chapter 14: Physical Security and Biometrics
-
Chapter 15: Social Engineering
- Introduction
- Social Engineering Attacks: How They Exploit Human Nature
- Social Engineering: Attacks Caused by Human Beings
- Social Engineering: Attacks Caused by Computers or Other Automated Means
- Social Engineering: Methods that are Used for Attacks
- Social Engineering: Other Important Attack Methods
- Social Engineering: How to Reduce the Possibility of Falling Prey to Attacks
- Chapter Summary
- Chapter 16: Current Trends in Information Security
- Bibliography
- Index
Product information
- Title: The InfoSec Handbook
- Author(s):
- Release date: September 2014
- Publisher(s): Apress
- ISBN: 9781430263838
You might also like
book
Information Security Handbook
Implement information security effectively as per your organization's needs. About This Book Learn to build your …
book
Defensive Security Handbook
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don’t have …
book
Defensive Security Handbook, 2nd Edition
Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have …
book
The Basics of Information Security, 2nd Edition
As part of the Syngress Basics series, The Basics of Information Security provides you with fundamental …