Network and Data Security for Non-Engineers
Learn network and data security by analyzing the Anthem breach and step-by-step how hackers gain entry, place hidden software, download information, and hide the evidence of their entry. Understand the tools, establishing persistent presence, use of sites as testbeds to determine successful variations of software that elude detection, and reaching out across trusted connections to the entire healthcare system of the nation. Examine the components of technology being diverted, starting with application code and how to protect it with isolation approaches. Dissect forms of infections including viruses, worms, bots, and Trojans; and encryption with RSA algorithm as the working example.
About the Author
Stephan S. Jones, PhD, is the director of the Center for Information and Communication Sciences, where he is also a professor delivering core technology courses in the graduate-only program. His industry experience is as a field engineer and owner of a telecommunications company providing voice and data solutions for business/commercial systems in the Midwest. In academe, he has published or edited numerous books and texts associated with simplifying complex communication technologies for nonengineering students to comprehend. He is actively engaged in supporting broadband technology deployments to underserved and unserved regions of the country and providing technical support for non-profit organizations with student participation. Frank Groom, PhD, is a professor in the Graduate Center for Information and Communication Science at Ball State University. His research is concentrated in the areas of high-bandwidth networking, distributed systems, and the storage of multimedia objects. Dr. Groom is the author of seven books, most recently having finished The Basics of Voice over IP Networking and The Basics of 802.11 Wireless LANs. Among his best known books are The Future of ATM and The ATM Handbook. Dr. Groom earned his PhD from the University of Wisconsin- Milwaukee in information systems. He is the former senior director of information systems for Ameritech.
Out of stock
Analyzing how hacks are done, so as to stop them in the future Reverse engineering is the process of analyzing hardware or software and understanding it, without having access to the source code or design documents. Hackers are able to reverse engineer systems and exploit what they find with scary results. Now the good guys can use the same tools to thwart these threats. Practical Reverse Engineering goes under the hood of reverse engineering for security analysts, security engineers, and system programmers, so they can learn how to use these same processes to stop hackers in their tracks. The book covers x86, x64, and ARM (the first book to cover all three); Windows kernel-mode code rootkits and drivers; virtual machine protection techniques; and much more. Best of all, it offers a systematic approach to the material, with plenty of hands-on exercises and real-world examples. Offers a systematic approach to understanding reverse engineering, with hands-on exercises and real-world examples Covers x86, x64, and advanced RISC machine (ARM) architectures as well as deobfuscation and virtual machine protection techniques Provides special coverage of Windows kernel-mode code (rootkits/drivers), a topic not often covered elsewhere, and explains how to analyze drivers step by step Demystifies topics that have a steep learning curve Includes a bonus chapter on reverse engineering tools Practical Reverse Engineering: Using x86, x64, ARM, Windows Kernel, and Reversing Tools provides crucial, up-to-date guidance for a broad range of IT professionals.
About the Author
Bruce Dang is a senior security development engineering lead at Microsoft focusing on Windows kernel and reverse engineering. Alexandre Gazet is a senior security researcher at QuarksLab focusing on reverse engineering and software protection. Elias Bachaalany is a software security engineer at Microsoft.
Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval 2nd Edition
Although we live in an era in which we are surrounded by an ever-deepening fog of data, few of us truly understand how the data are created, where data are stored, or how to retrieve or destroy data-if that is indeed possible. This book is for all of you, whatever your need or interest. Electronically Stored Information: The Complete Guide to Management, Understanding, Acquisition, Storage, Search, and Retrieval, Second Edition explains the reasons you need to know about electronic data. It also gets into great detail about the how, what, when, and where of what is known in legal circles as electronically stored information (ESI). With easy-to-understand explanations and guidelines, this book provides the practical understanding you need to effectively manage the complex world of ESI. Whether you are an attorney, judge, paralegal, business manager or owner, or just one of the ever-growing population of computer users, you will benefit from the information presented in this book.
About the Author
David Matthews has worked in the information technology (IT) field since 1992. He began working for the City of Seattle as the technology manager for the Legislative Department (City Council) in 1998. In early 2005, he was selected to be the first Deputy CISO for the city. In his work for the city, he developed and created an incident response plan that is compliant with the National Incident Management System (NIMS)/Incident Command System (ICS); updated and extensively rewrote the city’s information security policy; and created and taught training courses on information security and forensics. He created an IT primer for the city’s law department as part of his collaboration with them on e-discovery issues. In 2012, he was recruited by Expedia, Inc. to develop and lead their global cyber incident response team. He created and exercised a plan that integrated with their network response and disaster recovery plans and led a team located both in the United States and India. He retired in 2014 and is now doing consultant work mostly with local governments and critical infrastructure to enhance their cyber response and resiliency capabilities.
The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk
Uncertainty and risk, meet planning and action.
Reinforce your organization’s security posture using the expert information contained in this tactical guide. The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk shows you how to build and manage successful response plans for the cyber incidents that have become inevitable for organizations of any size. Find out why these plans work. Learn the step-by-step process for developing and managing plans built to address the wide range of issues organizations face in times of crisis.
- Contains the essentials for developing both data breach and malware outbreak response plans—and best practices for maintaining those plans
- Features ready-to-implement CIRPs—derived from living incident response plans that have survived the rigors of repeated execution and numerous audits
- Clearly explains how to minimize the risk of post-event litigation, brand impact, fines and penalties—and how to protect shareholder value
- Supports corporate compliance with industry standards and requirements, including PCI, HIPAA, SOX, and CA SB-24
About the Author
N.K. McCarthy previously managed the Information Security Operations / Threat & Vulnerability Management for a Fortune 50 Corporation for several years. His international staff performed round-the-clock security event monitoring and response. His responsibilities included: security patch remediation, vulnerability scans, and remediation, penetration testing, system configuration monitoring and remediation, maintaining the various Computer Incident Response Plans (CIRP), and an active threat portfolio for key business functions, users, application platforms and persistent vulnerabilities.
With a career in over 20 plus years in IT, Mr. McCarthy has held a wide range of roles within IT including systems programming, IT consultant, technical management, and IT sales. He recently retired after 30 plus years as a Marine Corps reservist obtaining the rank of Lieutenant Colonel. His last reserve assignment of five years was with the U.S. Cyber Command. After 9/11, Lt. Col. McCarthy was mobolized and spent almost four years on active duty as an Information Warfare Officer working at the U.S. Strategic Command, the Pentagon, and the National Security Agency (NSA). Mr. McCarthy also has 17 years of experience as a volunteer reserve police officer. In this capacity he was able to attend U.S. DOJ (Law Enforcement Only) training in computer forensics and advanced Internet investigations. He was also certified by FEMA for its Incident Command System (ICS) and the National Incident Management System (NIMS). Mr. McCarthy is currently on the Board of Directors of the San Francisco Bay Area and Silicon Valley chapter of the FBI’s Infragard program.
Mr. McCarthy has a B.S. degree in Computer Science, an M.B.A. and a CISSP. He is also the CEO of an SDVOB S-corporation with established and developing business in California and Nevada.
Dr. Matthew Todd is the Chief Security Officer and Vice President of Risk and Technical Operations for Financial Engines (NASDAQ: FNGN), a financial advisor with more than $47 billion in assets under management. At Financial Engines, he is responsible for security, privacy, business continuity, audit, and risk management for the firm.
In addition to his work at Financial Engines, Dr. Todd is the president of the San Francisco Bay Area InfraGard chapter, representing more than 1000 volunteer InfraGard members. He has been a local mentor for the SANS Institute, is a CISM and CIPP, and holds the GSEC certification. He has more than 20 years of experience in the technology space and has been actively involved in information security for the last 15 years. He obtained his Ph.D. from Northwestern University and was a fellow of both the National Science Foundation (U.S.) and the Danish National Science Foundation.
Jeff Klaben is an Adjunct Professor with Santa Clara University’s College of Engineering, where he currently teaches Information Assurance and Computer Forensics. He is also a principal with Neohapsis, helping Fortune 500 organizations and leading security technology providers overcome global challenges in technology risk management, competitive strategy, product engineering, compliance, and trusted collaboration to achieve break-through innovation. Previously, Jeff served as Group Director of Technology Risk Management at SanDisk, Chief Information Security Officer for Life Technologies, Engineering Group Director with Cadence Design Systems, and Senior Manager of Enterprise Architecture, IT Security, and Compliance at Applied Materials. He also led product management, professional services delivery, and start-up incubation at Accenture.
Jeff is a frequent speaker at industry conferences, and for the past decade, has served on the board of directors of the San Francisco Bay Area InfraGard, a 501(c)(3) nonprofit and public/private partnership dedicated to information sharing for critical infrastructure protection. He assisted the White House as town hall moderator for the rollout of the National Strategy to Secure Cyberspace and was recognized by the U.S. Department of Justice with awards for Dedicated Service and Exceptional Service in the Public Interest. He also received the Belotti Award for Outstanding Business Policy in High Technology Firms from Santa Clara University’s Leavey School of Business. Jeff earned an M.B.A. from Santa Clara University, a B.S. in Information Systems from Wright State University, and the credentials of Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), and Certified Information Systems Auditor (CISA).
GUIDE TO NETWORKING ESSENTIALS provides students with both the knowledge and hands-on skills necessary to work with network operating systems in a network administration environment. By focusing on troubleshooting and computer networking technologies, this book offers a comprehensive introduction to networking and to advances in software, wireless and network security. Challenge Labs and Hands-On Projects are directly integrated in each chapter to allow for a hands-on experience in the classroom. Updated content reflects the latest networking technologies and operating systems including new Ethernet standards, cloud computing, Windows 10, Windows Server 2016, and recent Linux distributions.
About the Author
Greg Tomsho is director of the Computer Networking Technology Department and Cisco Academy at Yavapai College in Prescott, Ariz. He has earned the CCNA, MCTS, MCSA, A , Security and Linux certifications. A former software engineer, technical support manager and IT director, he has more than 30 years of computer and networking experience. His other books include MCTS GUIDE TO WINDOWS SERVER 2008 ACTIVE DIRECTORY CONFIGURATION, MCTS GUIDE TO MICROSOFT WINDOWS SERVER 2008 APPLICATIONS INFRASTRUCTURE CONFIGURATION, GUIDE TO NETWORKING ESSENTIALS, GUIDE TO NETWORK SUPPORT AND TROUBLESHOOTING and A COURSEPREP EXAMGUIDE.