Tag Archives: RSA,

Security in Computing, 4th Edition

FREEDownload : Security in Computing, 4th Edition

Security in Computing, 4th Edition by Charles P. Pfleeger, Shari Lawrence Pfleeger
2006 | ISBN: 0132390779 | English | 880 pages | EPUB | 7 MB

Security in Computing, 4th Edition
The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information Security
For years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.
The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.

Security in Computing, Fourth Edition , goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy–from data mining and identity theft, to RFID and e-voting.

New coverage also includes
Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks
Web application threats and vulnerabilities
Networks of compromised systems: bots, botnets, and drones
Rootkits–including the notorious Sony XCP
Wi-Fi network security challenges, standards, and techniques
New malicious code attacks, including false interfaces and keystroke loggers
Improving code quality: software engineering, testing, and liability approaches
Biometric authentication: capabilities and limitations
Using the Advanced Encryption System (AES) more effectively
Balancing dissemination with piracy control in music and other digital content
Countering new cryptanalytic attacks against RSA, DES, and SHA
Responding to the emergence of organized attacker groups pursuing profit
(Premium Recommended)

Continue reading

CBT Nuggets – (ISC)2 Security CISSP

CBT Nuggets – (ISC)2 Security CISSP
English | 02.2014 | flv | H264 1280×720 | AAC 1 ch | 12 hrs | 2.79 GB
This video training with Michael Shannon covers information security, including topics such as access control, cryptography, and more.

Recommended skills:
At least 5 years experience in two of the following areas: access control, telecommunications and network security, information security governance and risk management, software development security, cryptography, security architecture and design, operations security, business continuity and disaster recovery planning, legal, regulations, investigations and compliance, and physical security

Recommended equipment:

Related certifications:
CISSPĀ® – Certified Information Systems Security Professional

Related job functions:
– Security consultant
– Security analyst
– Security manager
– Security systems engineer
– IT director
– Chief information security officer
– Security auditor
– Security architect
– Network architect

CISSP certification one of the most respected certifications available, and is currently in great demand by organizations of all types. From banking and financial institutions to government and public utilities as well as high-tech and hospitality, the skills of a CISSP are needed by nearly every industry.

In this training, you'll learn how to develop security policies for a computer network. It also covers security of physical assets and facilities, ethics, cyber crime and business practices. It's great overview of everything security related without getting deep into the technical.

Introduction to (ISC)2 Security CISSP
This introductory Nugget to the CISSP series covers an exam and certification overview, exam objectives, and best practices for the getting the most out of this CISSP CBT Nugget.

Information Security Governance and Risk Management (part 1)
This nugget covers security management and security administration. The organizational security model is explored along with Information Risk Management (IRM)

Information Security Governance and Risk Management (part 2)
In part two we continue our discussion of information risk management. Other topics include security program development and risk analysis.

Information Security Governance and Risk Management (part 3)
In this continuation of this CISSP CBK domain we cover security policy and practice; data classification; responsibility of roles; and security awareness and training.

Access Control (part 1)
This module begins with an introduction to access control fundamentals. Next you will learn about identity management. Other topics involve directories and web access, password management, and biometrics.

Access Control (part 2)
Here is an excellent look at authorization concepts; SSO, Kerberos, and SESAME; security domains; access control models; and access control techniques and methodologies.

Access Control (part 3)
This nugget covers access control administration, accounting, auditing, monitoring, and an overview of common threats to access controls.

Security Architecture and Design (part 1)
In this exploration security architecture we will explore CPU architecture, processor and process management, memory management, CPU modes, and protection rings.

Security Architecture and Design (part 2)
We go deeper with topics like storage architecture, system architecture, security models, and security modes of system operation.

Security Architecture and Design (part 3)
Here is an excellent exploration systems evaluation types, certification, accreditation, open vs. closed systems, and a survey of common threats to system architectures.

Physical (Environmental) Security (part 1)
Its time to take a look at an introduction to physical security, planning physical security, and physical security program design.

Physical (Environmental) Security (part 2)
This design nugget covers asset protection, internal support, and environmental systems.

Physical (Environmental) Security (part 3)
This final installment of physical and environmental security focuses exclusively on perimeter security. Topics include: facility access control, personnel access controls, and external boundary mechanisms.

Telecommunications and Network Security (part 1)
This nugget explores the ISO OSI seven-layer model and TCP/IP model. Other topics include TCP, UDP, IP and well-known port numbers for network applications and services.

Telecommunications and Network Security (part 2)
Let's take a look at transmission types, topologies, media access, LAN protocols, routing protocols, and network devices.

Telecommunications and Network Security (part 3)
Let's take a look at transmission types, topologies, media access, LAN protocols, routing protocols, and network devices.

Cryptography (part 1)
The first cryptography nugget covers definitions, symmetric vs. asymmetric algorithms, block vs. stream ciphers, an overview of encryption methods, cryptographic hashes, and keys.

Cryptography (part 2)
We will dig a lot deeper into symmetric key cryptosystems in this second nugget of this domain. You will also learn about authentication hashes and digital signatures.

Cryptography (part 3)
The topics of part three include: asymmetric key algorithms in-depth, RSA, Diffie-Helman (DH), PKI, SSL VPNs and IPSec VPNs.

Business Continuity and Disaster Recovery Planning (part 1)
This nugget covers definitions, business continuity steps, security policy integration, project initiation, BCP requirements, BIA steps, and BCP responsibilities.

Business Continuity and Disaster Recovery Planning (part 2)
Topics in this second domain nugget include: preventative controls, recovery strategies, hardware and software backups, and documentation.

Business Continuity and Disaster Recovery Planning (part 3)
In this continuation of business continuity and disaster recovery you will learn about the importance of insurance, recovery, restoration, and testing strategies.

Legal, Regulations, Investigations and Compliance (part 1)
Its time to learn about cyberlaw and cybercrime. You will also explore the types of law, intellectual property, privacy issues, mandates, and regulations.

Legal, Regulations, Investigations and Compliance (part 2)
Here is a great discussion of liability, investigations, incident response, computer forensics, evidence, and ethics.

Software Development Security (part 1)
This Nugget begins with an introduction to application security. Other topics include: database terminology, database models, RDBMS models, data mining, and data warehousing.

Software Development Security (part 2)
In this exploration application security you will learn about software system development, application development techniques, and distributed computing.

Software Development Security (part 3)
We go deeper in part three as we look at expert systems, knowledge-based systems, application threat agents, and application security countermeasures.

Security Operations (part 1)
Here is an excellent exploration of a wide variety mission-critical security concepts. Topics include: the role of operations security, clipping and assurance levels, Trusted Computing Base (TCB), I/O controls, system hardening, and configuration management.

Security Operations (part 2)
Its time to take a tour of media controls and data leakage; MTBR and MTTR; RAID, MAID, RAIT, and SANs; grid and cloud computing; and HSM.

Security Operations (part 3)
This final Nugget of the CISSP series email vulnerabilities and security, MIME, S/MIME, PGP technology, and SSL/ VPN solutions for operations security.




Continue reading