Security without Obscurity: A Guide to PKI Operations
Most books on public key infrastructure (PKI) seem to focus on asymmetric cryptography, X.509 certificates, certificate authority (CA) hierarchies, or certificate policy (CP), and certificate practice statements. While algorithms, certificates, and theoretical policy are all excellent discussions, the real-world issues for operating a commercial or private CA can be overwhelming.
Security without Obscurity: A Guide to PKI Operations provides a no-nonsense approach and realistic guide to operating a PKI system. In addition to discussions on PKI best practices, the book supplies warnings against bad PKI practices. Scattered throughout the book are anonymous case studies identifying both good and bad practices.
The highlighted bad practices, based on real-world scenarios from the authors’ experiences, illustrate how bad things are often done with good intentions but cause bigger problems than the original one being solved.
This book offers readers the opportunity to benefit from the authors’ more than 50 years of combined experience in developing PKI-related policies, standards, practices, procedures, and audits, as well as designing and operating various commercial and private PKI systems.
Provides a no-nonsense approach and realistic guide for operating a PKI system
Includes discussions on PKI best practices and contains warnings against PKI bad practices
Presents multiple anonymous case studies that illustrate what not to do when handling particular problems
Out of stock
A clear, actionable blueprint for securing the vital information and IT services of global organizations of all sizes Information Assurance Handbook provides an overall strategy for safeguarding your organization’s critical data. The book presents a body of knowledge and outlines the steps necessary for senior management to effectively work with risk and learn to strategically, systematically, and economically plan for security challenges. You’ll learn how to implement technology, practices, and processes to mitigate and manage risk over time and also how to prevent, detect, contain, and recover from security breaches. The professional practices outlined are essential knowledge for effective security and risk management. Reveals how to predict known–and yet unknown–security risks Invaluable best practices technically vetted by a panel of global security leaders Outlines privacy law and critical standards and practices required to make strategic choices about compliance, risk acceptance, and performance Explains the critical differences between assets, threats, vulnerabilities, and controls to achieve effective decision-making for risk management throughout all levels of the organization.
About the Author
Corey Schou, Ph.D., is a fellow and vice chairperson of (ISC)2, the University Professor of Informatics and professor of computer science at Idaho State University, and the director of the Informatics Research Institute and the National Information Assurance Training and Education Center (NIATEC). Steven Hernandez, MBA, CISSP, is the chief information security officer for the Office of Inspector General at the U.S. Department of Health and Human Services (HHS).
Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics-now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques: How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions. Bonus materials include more than 20 real-world exercises, sample memory and code files, and even a formal presentation, syllabus, and test bank.
About the Author
Michael Hale-Ligh is author of Malware Analysts Cookbook, Secretary/Treasurer of Volatility Foundation, and a world-class reverse engineer. Andrew Case is a Digital Forensics Researcher specializing in memory, disk, and network forensics. Jamie Levy is a Senior Researcher and Developer targeting memory, network. AAron Walters is founder and lead developer of the Volatility Project, President of the Volatility Foundation, and Chair of Open Memory Forensics Workshop.
Building on the successful top-down approach of previous editions, the Sixth Edition of Computer Networking continues with an early emphasis on application-layer paradigms and application programming interfaces (the top layer), encouraging a hands-on experience with protocols and networking concepts, before working down the protocol stack to more abstract layers.
This book has become the dominant book for this course because of the authors’ reputations, the precision of explanation, the quality of the art program, and the value of their own supplements.
About the Author
Adam Shostack is a principal program manager on Microsofts Trustworthy Computing Team. His experience as an operational systems manager and product developer at companies from startups to Microsoft ensures this book is practical and grounded. He helped found the CVE, the Privacy Enhancing Technologies Symposium, and more.