چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

Cybersecurity: Technology and Governance

Audun JÃ ̧sang

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

نویسنده
Audun JÃ ̧sang
سال انتشار
۲۰۲۴
فرمت
PDF
زبان
انگلیسی
حجم فایل
۱۶٫۳ مگابایت
شابک
9783031684821، 9783031684838، 3031684826، 3031684834

دربارهٔ کتاب

Preface Contents Chapter 1: Basic Concepts of Cybersecurity 1.1 Cybersecurity Terminology 1.2 What Is Security? 1.3 What Is Cybersecurity? 1.4 Threats, Vulnerabilities, Incidents, and Impacts 1.5 Information Security Controls 1.6 People – Product – Partner – Process 1.7 Sources of Requirements for Cybersecurity 1.8 Cyber Risk 1.9 CIA Security Goals 1.9.1 Confidentiality 1.9.2 Data Integrity 1.9.3 System Integrity 1.9.4 Availability 1.10 Other Security Goals 1.10.1 Authentication 1.10.2 Accountability and Non-repudiation 1.10.3 Reliability 1.11 Access Authorization and Access Control 1.12 Tasks Chapter 2: Attack Vectors and Malware 2.1 Attack Vectors 2.1.1 Phishing 2.1.2 ID Spoofing with Cracked or Stolen Credentials 2.1.3 Fake or Malicious Websites 2.1.4 Physical Attacks on IT Infrastructures 2.1.5 Direct Attacks Against Vulnerable Systems and Applications 2.1.6 Supply Chain Attacks 2.1.7 Malicious Peripherals 2.1.8 Hacking Unpatched Vulnerable IoT Devices 2.1.9 Deepfake Attacks 2.1.10 Insider Attacks 2.1.11 DDoS Attacks 2.1.12 Tracking 2.2 Malware 2.2.1 Computer Virus 2.2.2 Ransomware 2.2.3 Spyware 2.2.4 Bot Malware 2.2.5 Exploit 2.2.6 Macro-viruses 2.2.7 Trojan 2.2.8 Computer Worm 2.2.9 Rootkit 2.2.10 Back Door 2.2.11 Malicious JavaScript 2.2.12 Logic Bomb 2.3 Tasks Chapter 3: System Security 3.1 System Architecture 3.2 The Importance of System Security 3.3 Vulnerabilities Management for Systems and Software 3.4 Privilege Levels for Processes in the Microprocessor 3.5 Buffers Overflow Vulnerabilities, Exploits and Countermeasures 3.6 Virtualization 3.6.1 Virtual Machines 3.6.2 Virtualization Architectures 3.6.3 Security Aspects of Virtualization 3.7 Trusted Computing 3.8 Secure Boot 3.9 Intel Management Engine 3.10 Side Channels and Covert Channels 3.11 Tasks Chapter 4: Cryptography 4.1 What Is Cryptography? 4.2 Cryptographic Features 4.3 Symmetric Algorithms 4.4 Block Cipher Modes of Operation 4.4.1 ECB: Electronic Codebook 4.4.2 CTR: Counter Mode 4.4.3 CBC: Cipher Block Chaining 4.5 Hash Functions and MAC 4.6 Diffie-Hellman Key Exchange 4.6.1 Traditional Diffie-Hellman 4.6.2 ECDH: Elliptical Curve Diffie-Hellman 4.7 Asymmetric Algorithms 4.7.1 The RSA Algorithm 4.7.2 Hybrid Encryption 4.7.3 Digital Signature 4.7.4 Authenticated Encryption with Forward Secrecy 4.8 The History of Cryptography 4.8.1 Classical Ciphers 4.8.2 Ciphers in the Middle Ages 4.9 Ciphers Leading Up to World War I 4.9.1 Kerckhoffs’s Principle 4.9.2 One-Time Pad 4.10 Ciphers Around World War II 4.10.1 World War II Rotor Ciphers 4.10.2 Shannon’s Theory of Cryptography 4.11 Ciphers Up to the Year 2000 4.12 Ciphers After the Year 2000 4.12.1 Block Cipher: Replace the Old, Tired Horse with a Young, Strong One 4.12.2 Hash Functions: New Sponges Needed 4.12.3 Postquantum Crypto: A Lifeboat in Case the Ship Sinks 4.13 Cryptography and Energy Consumption 4.13.1 TLS Everywhere 4.13.2 Cryptocurrency 4.14 Tasks Chapter 5: Key Management and PKI 5.1 Key Management 5.1.1 Key Types 5.1.2 Crypto Periods 5.1.3 Key Sizes 5.1.4 Key Lifecycle 5.2 PKI 5.2.1 The Challenge of Key Distribution 5.2.2 X.509 Certificates and PKI Components 5.2.3 Generating X.509 Certificates 5.2.4 Validation of X.509 Certificates 5.2.5 Trust Models for PKI 5.3 Challenges and Solutions for PKI 5.3.1 PKI Trust Scope Limited to Authenticity 5.3.2 Certificate Revocation 5.3.3 CA Authorization and Certificate Transparency 5.4 Use of Blockchains 5.5 Tasks Chapter 6: Network Security 6.1 Computer Networks and the Internet 6.1.1 The Domain Name System 6.1.2 The Internet Stack 6.2 Communication Security 6.2.1 TLS: Transport Layer Security 6.2.2 IPSec: Internet Protocol Security 6.2.3 VPN: Virtual Private Networks 6.2.4 Steganography 6.3 Computer Network Security 6.4 Firewalls 6.4.1 Stateless Packet Filter 6.4.2 Stateful Packet Filter 6.4.3 Application Firewall 6.5 Intrusion Detection 6.5.1 Signature-Based Detection 6.5.2 Anomaly-Based Detection 6.6 Network Architecture for Security 6.7 TLS Inspection 6.8 Tasks Chapter 7: Wireless Security 7.1 Radio Communications 7.1.1 Radio Signals 7.1.2 The Radio Spectrum 7.2 Security in Wi-Fi 7.2.1 Basic Wi-Fi Concepts 7.2.2 Development of Security in Wi-Fi 7.2.3 Secure Network Access with WPA 7.2.4 SAE: Simultaneous Authentication of Equals 7.3 Bluetooth Security 7.3.1 Bluetooth Technologies 7.3.2 Pairing and Connection 7.3.3 SSP and Authentication Between Devices 7.3.4 Bluetooth Security Recommendations 7.4 Mobile Network Security 7.4.1 Mobile Network Technologies 7.4.2 2G Security Architecture 7.4.3 IMSI Catchers 7.4.4 Security in 4G 7.4.5 Security in 5G 7.4.6 SIM, eSIM and iSIM 7.5 Tasks Chapter 8: User Authentication 8.1 What Is User Authentication? 8.2 Authentication Methods 8.3 Knowledge-Based Authenticators: Passwords and Learned Patterns 8.3.1 Password Protection Against Cracking 8.3.2 Strong Password Advice 8.3.3 Password Managers 8.4 Ownership-Based Authenticators: Devices 8.4.1 OTP Tokens 8.4.2 Passkeys and Online Tokens 8.4.3 Access and ID Cards 8.4.4 Secondary Channels 8.5 Biometrics 8.5.1 Requirements for Biometric Systems 8.5.2 Mode of Operation and Components of Biometric Systems 8.5.3 Quality Aspects of Biometric Systems 8.5.4 Safety Aspects of Biometric Systems 8.6 Multi-factor Authentication 8.7 e-Authentication Frameworks 8.7.1 USA: NIST SP 800-63-4 Digital Identity Guidelines 8.7.2 EU: eIDAS 8.7.3 India: e-Pramaan 8.7.4 ISO/IEC 29115 Entity Authentication Assurance Framework 8.8 Tasks Chapter 9: IAM—Identity and Access Management 9.1 Definition of IAM 9.2 Identity Management 9.2.1 Identity 9.2.2 The Silo Model for Identity Management 9.2.3 Federated Identity Management 9.2.4 ID Federation Protocols 9.2.5 OpenID Connect 9.2.6 Indian eID and e-Pramaan Federation 9.2.7 European eID and Identity Federation 9.2.8 eID in the USA 9.2.9 The Identity Federations Facebook, Twitter, Google etc. 9.2.10 Categorization of Identity Federation 9.3 Access Control 9.3.1 DAC: Name-Based Access Control 9.3.2 MAC: Label Access Control 9.3.3 RBAC: Role-Based Access Control 9.4 OAuth and Distributed Access Management 9.4.1 ABAC: Attribute-Based Access Control 9.4.2 OAuth for Online Services 9.4.3 OAuth for Access and Interaction Between Healthcare Institutions 9.5 Tasks Chapter 10: Information Privacy 10.1 What Is the Difference Between Privacy and Information Privacy? 10.2 Privacy in the Digital Age 10.3 Privacy-Invasive Technologies 10.3.1 Tracking with Cookies 10.3.2 Tracking with Email Addresses and Phone Numbers 10.3.3 Cross-Platform Fingerprint Tracking 10.3.4 Mobile App Tracking 10.4 Anti-tracking 10.5 GDPR: The EU General Data Protection Regulation 10.6 Roles in GDPR 10.6.1 The Data Subject and the Associated Personal Data 10.6.2 The Data Controller 10.6.3 Data Processor 10.6.4 Data Protection Officer 10.6.5 The Data Protection Authority and Penalties for Infringement of the GDPR 10.7 Particularly Relevant Articles in GDPR 10.7.1 Article 5: Principles Relating to Processing of Personal Data 10.7.2 Article 6: Lawfulness of processing 10.7.3 Article 25: Data Protection by Design and by Default 10.7.4 Art. 32: Security of Processing 10.7.5 Articles 45 and 46: Transfer of Personal Data to Countries Outside the EU/EEA 10.8 Article 35: Data Protection Impact Assessment—DPIA 10.8.1 The Process Around DPIA 10.8.2 When Is It Necessary to Perform a DPIA? 10.8.3 Threat Actors as an Element in Risk Assessment 10.8.4 Who Should Perform DPIA? 10.8.5 The Steps of the DPIA 10.9 Notification of Personal Data Breaches 10.10 Tasks Chapter 11: Secure by Design 11.1 Secure by Design 11.2 Privacy by Design 11.3 The Seven Phases of Secure by Design 11.3.1 Training 11.3.2 Cybersecurity and Privacy Requirements 11.3.3 Secure Design 11.3.4 Implementation and Secure Coding 11.3.5 Software Security Testing 11.3.5.1 Dynamic Testing/Vulnerability Analysis 11.3.5.2 Penetration Testing 11.3.5.3 Fuzz Testing 11.3.6 Release 11.3.6.1 Plan for Operation, Maintenance and Incident Management 11.3.6.2 Formal Approval of Production Setting 11.3.7 Operation and Incident Management 11.3.7.1 Operation and Maintenance of the Software 11.3.7.2 Incident Management 11.4 Secure Software Development 11.4.1 The Waterfall Method 11.4.2 Agile Software Development 11.4.3 Secure, Agile Software Development 11.4.4 Security Champion 11.5 Identification of Threats During Software Development 11.5.1 Threat Modelling 11.5.2 User Stories and Use Cases 11.5.3 Attacker Stories and Threat Scenarios 11.5.4 STRIDE Threat Modelling for Software Development 11.6 Application Security 11.6.1 Web Applications’ Exposure to Threats 11.6.2 OWASP: The Open Web Application Security Project 11.6.3 OWASP Top 10 11.6.4 OWASP ASVS 11.7 Examples of Attacks Against Applications 11.7.1 SQL Injection 11.7.2 XSS: Cross-Site Scripting 11.7.3 Security in the cloud 11.7.4 Cloud services 11.7.5 Cloud Security 11.7.6 DevOps 11.7.7 Cloud Security Alliance 11.8 Tasks Chapter 12: Physical Information Security 12.1 Physical Security Goals and Threats 12.2 Safety of Staff and Their Environment 12.2.1 HSE: Health, Safety and Environment 12.2.2 Weighing Priorities for Safety Against Security 12.3 Controlled Authorized Access 12.3.1 Secure Entry Points 12.3.2 Physical Security Monitoring 12.4 Shielding of Sites and Equipment 12.4.1 Physical Perimeter Defences 12.4.2 Working in Secure Areas 12.4.3 Security of Assets Off-Site 12.4.4 Protecting Against Physical and Environmental Threats 12.4.5 Emission Security 12.5 Continuity of Technical Support Services 12.5.1 Uninterruptible Power Supply 12.5.2 Water, Gas, Air Temperature and Humidity 12.6 Tasks Chapter 13: Security Culture 13.1 Definition of Security Culture 13.2 Building the Security Culture 13.3 The Insider Threat 13.3.1 Personal Integrity 13.3.2 Management’s Responsibility for Handling the Insider Threat 13.4 Social Engineering 13.5 Techno-social Engineering 13.5.1 Phishing Attacks 13.5.2 Detection of Phishing Attacks 13.5.3 When Realising that You Have Been Phished 13.6 Physical Social Engineering 13.6.1 Physical Social Engineering Attack Strategies 13.6.2 Defense Against Physical Social Engineering 13.7 Security Usability and Security Learning 13.8 Tasks Chapter 14: Cybersecurity Readiness, Security Testing and Audit 14.1 Background for Cyber Contingency Planning 14.2 Contingency Planning Principles 14.3 Technical Concepts of Cyber Contingency Planning 14.4 Cyber Contingency Planning 14.5 Cyber Incident Management 14.5.1 Preparation 14.5.2 Triage 14.5.3 Response 14.5.4 Post-Incident 14.6 Digital Forensics 14.7 Security Testing of Systems, Networks, and Enterprises 14.7.1 Pentesting 14.7.2 Red-Teaming and Blue-Teaming 14.7.3 TIBER 14.8 Security Audit 14.9 Tasks Chapter 15: AI and Cybersecurity 15.1 Introduction to AI 15.1.1 Artificial Neural Networks (ANN) 15.1.2 Machine Learning Paradigms 15.1.3 Training Methods and Model Tasks 15.2 Offensive Use of AI 15.2.1 Deepfakes 15.2.2 Malware Engineering 15.2.3 Attack Automation 15.3 Defensive Use of AI 15.3.1 Detection of Malicious Activities 15.3.2 Malware Detection and Analysis 15.3.3 AI Support for Cyber Threat Intelligence 15.3.4 Automated Response and Mitigation 15.4 Vulnerabilities and Exploitation of AI Systems 15.4.1 Poisoning Attacks 15.4.2 Polluted Learning 15.4.3 AI Supply Chain Risks 15.4.4 Evasion Attacks 15.4.5 Privacy Attacks 15.4.6 Prompt Injection Attacks 15.5 Tasks Chapter 16: Cyber Operations 16.1 Advanced Cyber Threats 16.1.1 APT: Advanced Persistent Threat 16.1.2 Cyber Kill Chain: A Model for APT Attacks 16.2 CTI: Cyber Threat Intelligence 16.2.1 Categories and Levels of Digital Threat Intelligence 16.2.2 MITRE ATT&CK 16.2.3 CTI Cycle 16.2.4 Sharing CTI 16.2.5 Representation and Use of CTI 16.3 Cyber Warfare 16.3.1 Comparison of Weapons 16.3.2 Cyber Deterrence and Cyber Privateering 16.3.3 The Role of Big Tech in Cyber Warfare 16.4 Tasks Chapter 17: Cyber Organizational Structures and Regulation 17.1 The Importance of Cybersecurity Regulations 17.1.1 Responsibility and Accountability 17.1.2 Hierarchy of Regulation 17.2 Cyber-Organizational Structures 17.3 USA 17.3.1 CFAA (Computer Fraud and Abuse Act) 17.3.2 FISMA (Federal Information Security Management Act) 17.3.3 CISA (Cybersecurity Information Sharing Act) 17.3.4 HIPAA (Health Insurance Portability and Accountability Act) 17.4 Europe 17.4.1 EU Regulation 17.4.2 NIS2 Directive 17.4.3 Cybersecurity Act 17.4.4 Cyber Resilience Act (in Progress) 17.4.5 Cyber Solidarity Act (in Progress) 17.5 Russia 17.5.1 Federal Law on Personal Data 17.5.2 Criminal Code of the Russian Federation 17.5.3 Sovereign Internet Law 17.5.4 FSB Law 17.6 China 17.6.1 Cybersecurity Law (CSL) 17.6.2 Data Security Law (DSL) 17.6.3 Personal Information Protection Law (PIPL) 17.6.4 National Intelligence Law 17.7 General Remarks on Cyber-Organizational Structures 17.8 Tasks Chapter 18: Governance and Information Security Management 18.1 Information Security Management Levels 18.1.1 Information Security Governance 18.1.2 Questions that the Board and Executive Should Ask Themselves 18.1.3 Information Security Management 18.1.4 Administration and Operation of Cybersecurity 18.2 NIST Cybersecurity Framework 18.2.1 NIST CSF Core 18.2.2 CSF Profiles 18.2.3 CSF Tiers 18.3 The Cyber Defense Matrix 18.4 CIS Critical Security Controls 18.5 ISO/IEC 27000 Series of Security Standards 18.5.1 The History of ISO/IEC 27001 and 27002 18.5.2 ISO/IEC 27001 ISMS: Requirements 18.5.3 ISMS Process Cycle 18.5.4 ISO/IEC 27002 Information Security Controls 18.5.5 27000 Family of Standards 18.6 Maturity in Information Security Management 18.7 Tasks Chapter 19: Cyber Risk Management 19.1 Interpretation of Risk and Risk Management 19.1.1 Definition of Information Security Risk 19.1.2 Information Security Risk Models 19.1.3 Definition of Information Security Risk Management 19.2 Risk Management Process 19.2.1 Context Establishment 19.2.2 Risk Assessment 19.2.3 Risk Treatment 19.2.4 Risk Treatment Plan and Accepted Risk 19.3 Risk Assessment Process 19.4 Risk Identification 19.4.1 Identification of Assets 19.4.2 Threat Modeling: Identifying Threats 19.4.3 Identification of Impacts 19.4.4 Risk Description 19.5 Risk Analysis 19.5.1 Qualitative Risk Analysis 19.5.2 Relative Risk Analysis 19.5.3 Quantitative Risk Analysis 19.6 Risk Evaluation and Reporting 19.7 Tasks References Index

قیمت نهایی

۴۴٬۰۰۰ تومان