Computer Security Books
We rely so heavily on the internet for communication, information, entertainment, business and personal finance that we forget that we take a risk when we enter this digital realm.
- RRP £9.99
- Save £6.00
A whole host of dangers lurk beneath the surface, from viruses and malware to hacking and identity theft, not to mention the threat to you and your children's reputation and personal safety, which can be compromised when interacting with others online.
This book takes the reader through what to look out for and avoid, strong passwords, virus checkers and firewalls, other software solutions, how to let your kids surf safely, recovering lost data and keeping safe on smartphones, tablets and laptops as well as PCs.
Discover all the security risks and exploits that can threaten iOS-based mobile devices iOS is Apple's mobile operating system for the iPhone and iPad. With the introduction of iOS5, many security issues have come to light. This book explains and discusses them all. The award-winning author team, experts in Mac and iOS security, examines the vulnerabilities and the internals of iOS to show how attacks can be mitigated. The book explains how the operating system works, its overall security architecture, and the security risks associated with it, as well as exploits, rootkits, and other payloads developed for it. * Covers iOS security architecture, vulnerability hunting, exploit writing, and how iOS jailbreaks work* Explores iOS enterprise and encryption, code signing and memory protection, sandboxing, iPhone fuzzing, exploitation, ROP payloads, and baseband attacks* Also examines kernel debugging and exploitation * Companion website includes source code and tools to facilitate your efforts iOS Hacker's Handbook arms you with the tools needed to identify, understand, and foil iOS attacks.
- RRP £35.99
- Save £0.10
In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. "Information Security Risk Assessments" gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders. It is based on authors' experiences of real-world assessments, reports, and presentations. It focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment. It includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment.
- RRP £34.99
- Save £3.50
"Violent Python" shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.
- RRP £34.99
- Save £3.50
Dependence on computers has had a transformative effect on human society. Cybernetics is now woven into the core functions of virtually every basic institution, including our oldest ones. War is one such institution, and the digital revolution's impact on it has been profound. The American military, which has no peer, is almost completely reliant on high-tech computer systems. Given the Internet's potential for full-spectrum surveillance and information disruption, the marshaling of computer networks represents the next stage of cyberwar. Indeed, it is upon us already. The recent Stuxnet episode, in which Israel fed a malignant computer virus into Iran's nuclear facilities, is one such example. Penetration into US government computer systems by Chinese hackers-presumably sponsored by the Chinese government-is another. Together, they point to a new era in the evolution of human conflict. In Cybersecurity: What Everyone Needs to Know, noted experts Peter W. Singer and Allan Friedman lay out how the revolution in military cybernetics occurred and explain where it is headed. They begin with an explanation of what cyberspace is before moving on to discussions of how it can be exploited and why it is so hard to defend. Throughout, they discuss the latest developments in military and security technology. Singer and Friedman close with a discussion of how people and governments can protect themselves. In sum, Cybersecurity is the definitive account on the subject for the educated layman who wants to know more about the nature of war, conflict, and security in the twenty first century.
- RRP £10.99
- Save £0.10
Learn to identify the social engineer by non-verbal behavior Unmasking the Social Engineer: The Human Element of Security focuses on combining the science of understanding non-verbal communications with the knowledge of how social engineers, scam artists and con men use these skills to build feelings of trust and rapport in their targets. The author helps readers understand how to identify and detect social engineers and scammers by analyzing their non-verbal behavior. Unmasking the Social Engineer shows how attacks work, explains nonverbal communications, and demonstrates with visuals the connection of non-verbal behavior to social engineering and scamming. Clearly combines both the practical and technical aspects of social engineering security Reveals the various dirty tricks that scammers use Pinpoints what to look for on the nonverbal side to detect the social engineer Sharing proven scientific methodology for reading, understanding, and deciphering non-verbal communications, Unmasking the Social Engineer arms readers with the knowledge needed to help protect their organizations.
- RRP £27.99
- Save £5.60
Must-have book from one of the world's experts on threat modeling Adam Shostak is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and benefit from numerous examples of effective designs that have been validated at Microsoft and EMC. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat-model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides numerous examples of current, effective designs that have been validated at Microsoft and EMC Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security .
- RRP £50.00
- Save £10.21
Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics-now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques: How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions. Bonus materials include more than 20 real-world exercises, sample memory and code files, and even a formal presentation, syllabus, and test bank.
- RRP £52.50
- Save £10.50
The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides you with completely up-to-date real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness. The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading. * Learn what Digital Forensics entails* Build a toolkit and prepare an investigative plan* Understand the common artifacts to look for in an exam* Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references
- RRP £23.99
- Save £2.40
Data is everywhere. We create it every time we go online, turn our phone on (or off) or pay with a credit card. This data is stored, studied, bought and sold by companies and governments for surveillance and for control. "Foremost security expert" (Wired) Bruce Schneier shows how this data has led to a double-edged Internet-a Web that gives power to the people but is abused by the institutions on which those people depend. In Data and Goliath, Schneier reveals the full extent of surveillance, censorship and propaganda in society today, examining the risks of cybercrime, cyberterrorism and cyberwar. He shares technological, legal and social solutions that can help shape a more equal, private and secure world.
Crossing the road, we look both ways. Riding a bicycle at night, we use lights. So why is our attitude towards online security so relaxed? Edward Lucas reveals the ways in which cyberspace is not the secure zone we may hope, how passwords provide no significant obstacle to anyone intent on getting past them, and how anonymity is easily accessible to anyone - malign or benign - willing to take a little time covering their tracks. The internet was designed by a small group of computer scientists looking for a way to share information quickly. In the last twenty years it has expanded rapidly to become a global information superhighway, available to all comers, but also wide open to those seeking invisibility. This potential for anonymity means neither privacy nor secrecy are really possible for law-abiding corporations or citizens. As identities can be faked so easily the very foundations on which our political, legal and economic systems are based are vulnerable. Businesses, governments, national security organisations and even ordinary individuals are constantly at risk and with our ever increasing dependence on the internet and smart-phone technology this threat is unlikely to diminish - in fact, the target for cyber-criminals is expanding all the time. Not only does Cyberphobia lay bare the dangers of the internet, it also explores the most successful defensive cyber-strategies, options for tracking down transgressors and argues that we are moving into a post-digital age where once again face-to-face communication will be the only interaction that really matters.
- RRP £9.99
- Save £1.10
Secure your PHP-based web applications with this compact handbook. You'll get clear, practical and actionable details on how to secure various parts of your PHP web application. You'll also find scenarios to handle and improve existing legacy issues. Is your PHP app truly secure? Let's make sure you get home on time and sleep well at night. Learn the security basics that a senior developer usually acquires over years of experience, all condensed down into one quick and easy handbook. Do you ever wonder how vulnerable you are to being hacked? Do you feel confident about storing your users' sensitive information? Imagine feeling confident in the integrity of your software when you store your users' sensitive data. No more fighting fires with lost data, no more late nights, your application is secure. Well, this short book will answer your questions and give you confidence in being able to secure your and other PHP web apps. What You'll Learn * Never trust your users - escape all input* HTTPS/SSL/BCA/JWH/SHA and other random letters: some of them actually matter* How to handle password encryption and storage for everyone* What are authentication, access control, and safe file handing and how to implement them* What are safe defaults, cross site scripting and other popular hacks Who This Book Is For Experienced PHP coders, programmers, developers.
Any good attacker will tell you that expensive security monitoring and prevention tools aren't enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You'll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco's Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture. Learn incident response fundamentals-and the importance of getting back to basics Understand threats you face and what you should be protecting Collect, mine, organize, and analyze as many relevant data sources as possible Build your own playbook of repeatable methods for security monitoring and response Learn how to put your plan into action and keep it running smoothly Select the right monitoring and detection tools for your environment Develop queries to help you sort through data and create valuable reports Know what actions to take during the incident response phase
- RRP £39.99
- Save £5.30
Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. What You Will Learn: * Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats * Prepare for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001 * Calibrate the scope, and customize security controls to fit into an organization's culture * Implement the most challenging processes, pointing out common pitfalls and distractions * Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice Who This Book Is For: IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals)
This value-packed packed set for the serious CISSP certification candidate combines the bestselling CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition with an all new collection of Practice Exams to give you the best preparation ever for the high-stakes CISSP Exam. CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 7th Edition has been completely updated for the latest 2015 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes four unique 250 question practice exams to help you identify where you need to study more, more than 650 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam, a searchable glossary in PDF to give you instant access to the key terms you need to know for the exam. Add to that the all-new CISSP Official ISC2 Practice Tests with 2 more complete 250-question exams and another 100 questions for each of the 8 domains and you'll be as ready as you can be for the CISSP exam. Coverage of all of the exam topics in each book means you'll be ready for: * Security and Risk Management * Asset Security * Security Engineering * Communication and Network Security * Identity and Access Management * Security Assessment and Testing * Security Operations * Software Development Security
- RRP £75.00
- Save £15.00
Forensic image acquisition is an important part of post-mortem incident response and evidence collection. Digital forensic investigators acquire, preserve, and manage digital evidence to support civil and criminal cases, examine organizational policy violations, resolve disputes, and analyze cyber attacks. "Practical Forensic Imaging" takes a detailed look at how to secure and manage digital evidence using Linux-based command line tools. This essential guide walks you through the entire forensic acquisition process and covers a wide range of practical scenarios and situations related to the imaging of storage media.You'll learn how to: Use Linux and command line tools to perform to forensic imaging of magnetic hard disks, SSD and flash, optical discs, magnetic tapes, and legacy technologies.Protect attached evidence media from accidental alteration and modification by using hardware and software write blockers, and ensuring read-only access.Manage large forensic image files, storage capacity planning, image format conversion, compression, splitting, duplication, secure transfer and storage, and secure disposal.Preserve and verify evidence integrity with cryptographic hashing and piece-wise hashing, public key signatures, and RFC-3161 time-stamping. Work with new drive and interface technologies such as NVME, SATA Express, 4K-native sector drives, Hybrid SSDs, SAS, UASP/USB3x, Thunderbolt, and more.Manage drive security such as ATA passwords, encrypted thumb drives, Opal self encrypting drives, Bitlocker, FileVault, Truecrypt, and others.Acquire usable images from more complex or challenging situations such as RAID systems, virtual machine images, and damaged media.With its unique focus on digital forensic acquisition and evidence preservation, "Practical Forensic Imaging" is a valuable resource for experienced digital forensic investigators wanting to advance their Linux skills, and experienced Linux administrators wanting to learn digital forensics. This is a must have reference for every digital forensics lab.
Move beyond cybersecurity to take protection of your digital business to the next level
- RRP £32.99
- Save £4.10
Beyond Cybersecurity: Protecting Your Digital Business arms your company against devastating online security breaches by providing you with the information and guidance you need to avoid catastrophic data compromise. Based upon highly-regarded risk assessment analysis, this critical text is founded upon proprietary research, client experience, and interviews with over 200 executives, regulators, and security experts, offering you a well-rounded, thoroughly researched resource that presents its findings in an organized, approachable style. In addition to the text, you receive access to digital materials that further reinforce key concepts, including a cybersecurity risk maturity survey, cybersecurity templates and checklists, and access to all survey results associated with cybersecurity.
Members of the global economy have spent years and tens of billions of dollars fighting cyber threats but attacks remain an immense concern in the world of online business. The threat of data compromise that can lead to the leak of important financial and personal details can make consumers suspicious of the digital economy, and cause a nosedive in their trust and confidence in online business models. * Understand the critical issue of cyber-attacks, and how they are both a social and a business issue that could slow the pace of innovation while wreaking financial havoc * Consider how step-change capability improvements can create more resilient organizations * Discuss how increased collaboration within the cybersecurity industry could improve alignment on a broad range of policy issues * Explore how the active engagement of top-level business and public leaders can achieve progress toward cyber-resiliency
Beyond Cybersecurity: Protecting Your Digital Business is an essential resource for business leaders who want to protect their organizations against cyber-attacks.
Protect your data from attack by using SQL Server technologies to implement a defense-in-depth strategy, performing threat analysis, and encrypting sensitive data as a last line of defense against compromise. The multi-layered approach in this book helps ensure that a single breach doesn't lead to loss or compromise of your data that is confidential and important to the business. Database professionals in today's world deal increasingly often with repeated data attacks against high-profile organizations and sensitive data. It is more important than ever to keep your company's data secure. Securing SQL Server demonstrates how administrators and developers can both play their part in the protection of a SQL Server environment. This book provides a comprehensive technical guide to the security model, and to encryption within SQL Server, including coverage of the latest security technologies such as Always Encrypted, Dynamic Data Masking, and Row Level Security. Most importantly, the book gives practical advice and engaging examples on how to defend your data -- and ultimately your job! -- against attack and compromise.* Covers the latest security technologies, including Always Encrypted, Dynamic Data Masking, and Row Level Security* Promotes security best-practice and strategies for defense-in-depth of business-critical database assets * Gives advice on performing threat analysis and reducing the attack surface that your database presents to the outside worldWhat You Will Learn* Perform threat analysis* Implement access level control and data encryption* Avoid non-reputability by implementing comprehensive auditing* Use security metadata to ensure your security policies are enforced* Apply the latest SQL Server technologies to increase data security* Mitigate the risk of credentials being stolenWho This Book Is For SQL Server database administrators who need to understand and counteract the threat of attacks against their company's data. The book is also of interest to database administrators of other platforms, as several of the attack techniques are easily generalized beyond SQL Server and to other database brands.
- RRP £23.99
- Save £4.80
- RRP £24.99
- Save £5.00
This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn't, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier's tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.
Praise for Secrets and Lies
"This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That's why Secrets and Lies belongs in every manager's library."-Business Week
"Startlingly lively...a jewel box of little surprises you can actually use."-Fortune
"Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect."-Business 2.0
"Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online-almost everyone, in other words."-The Economist
"Schneier...peppers the book with lively anecdotes and aphorisms, making it unusually accessible."-Los Angeles Times
With a new and compelling Introduction by the author, this premium edition will become a keepsake for security enthusiasts of every stripe.
With Obfuscation, Finn Brunton and Helen Nissenbaum mean to start a revolution. They are calling us not to the barricades but to our computers, offering us ways to fight today's pervasive digital surveillance -- the collection of our data by governments, corporations, advertisers, and hackers. To the toolkit of privacy protecting techniques and projects, they propose adding obfuscation: the deliberate use of ambiguous, confusing, or misleading information to interfere with surveillance and data collection projects. Brunton and Nissenbaum provide tools and a rationale for evasion, noncompliance, refusal, even sabotage -- especially for average users, those of us not in a position to opt out or exert control over data about ourselves. Obfuscation will teach users to push back, software developers to keep their user data safe, and policy makers to gather data without misusing it. Brunton and Nissenbaum present a guide to the forms and formats that obfuscation has taken and explain how to craft its implementation to suit the goal and the adversary. They describe a series of historical and contemporary examples, including radar chaff deployed by World War II pilots, Twitter bots that hobbled the social media strategy of popular protest movements, and software that can camouflage users' search queries and stymie online advertising. They go on to consider obfuscation in more general terms, discussing why obfuscation is necessary, whether it is justified, how it works, and how it can be integrated with other privacy practices and technologies.
The upcoming IoT age will blur the line between our physical and online lives. Attacks targeting our online spaces will put our physical security at risk. Traditionally, the attack vectors to our fundamental luxuries have required physical tampering, mostly because access to the infrastructure has been limited from the Internet. This is about to change with the upcoming disruption caused by a future with billions of "things" connected to the Internet. In this book, we will take a fascinating look into abusing the most popular IoT-based devices already available in the market. We will take a look at how a simple attack can cause a perpetual blackout targeting LED lightbulbs, how bad security decisions have grossly violated the physical safety and privacy of families, and how the insecurity of powerful electric vehicles can put your life at risk. The goal of this book is to demonstrate tangible risk in IoT devices that we are going to depend on more and more as time progresses.Once we begin to understand the cause of actual security vulnerabilities in devices today, we will begin to set the path for a future that will help us enable these devices to securely enhance and augment our lives. Malicious attackers are already hard at work uncovering and exploiting these security defects and they will continue to find crafty avenues to abuse their knowledge every way they can. These attackers span the spectrum of curious college students to sophisticated private and state sponsored criminal gangs that are interested in terrorizing individuals and populations. The impact of security vulnerabilities in IoT devices can lead to mass compromise of privacy and cause physical harm. The stakes are high.
- RRP £39.99
- Save £8.10
The ultimate hands-on guide to IT security and proactive defense The Network Security Test Lab is a hands-on, step-by-step guide to ultimate IT security implementation. Covering the full complement of malware, viruses, and other attack technologies, this essential guide walks you through the security assessment and penetration testing process, and provides the set-up guidance you need to build your own security-testing lab. You'll look inside the actual attacks to decode their methods, and learn how to run attacks in an isolated sandbox to better understand how attackers target systems, and how to build the defenses that stop them. You'll be introduced to tools like Wireshark, Networkminer, Nmap, Metasploit, and more as you discover techniques for defending against network attacks, social networking bugs, malware, and the most prevalent malicious traffic. You also get access to open source tools, demo software, and a bootable version of Linux to facilitate hands-on learning and help you implement your new skills. Security technology continues to evolve, and yet not a week goes by without news of a new security breach or a new exploit being released. The Network Security Test Lab is the ultimate guide when you are on the front lines of defense, providing the most up-to-date methods of thwarting would-be attackers. * Get acquainted with your hardware, gear, and test platform * Learn how attackers penetrate existing security systems * Detect malicious activity and build effective defenses * Investigate and analyze attacks to inform defense strategy The Network Security Test Lab is your complete, essential guide.
- RRP £42.50
- Save £8.50
Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.