Computer Security Books
In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. "Information Security Risk Assessments" gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders. It is based on authors' experiences of real-world assessments, reports, and presentations. It focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment. It includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment.
- RRP £36.99
- Save £5.50Save 14.0000000000000005684341886080801486968994140625%
"Violent Python" shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.
- RRP £37.99
- Save £6.50Save 17.0000000000000005684341886080801486968994140625%
Dependence on computers has had a transformative effect on human society. Cybernetics is now woven into the core functions of virtually every basic institution, including our oldest ones. War is one such institution, and the digital revolution's impact on it has been profound. The American military, which has no peer, is almost completely reliant on high-tech computer systems. Given the Internet's potential for full-spectrum surveillance and information disruption, the marshaling of computer networks represents the next stage of cyberwar. Indeed, it is upon us already. The recent Stuxnet episode, in which Israel fed a malignant computer virus into Iran's nuclear facilities, is one such example. Penetration into US government computer systems by Chinese hackers-presumably sponsored by the Chinese government-is another. Together, they point to a new era in the evolution of human conflict. In Cybersecurity: What Everyone Needs to Know, noted experts Peter W. Singer and Allan Friedman lay out how the revolution in military cybernetics occurred and explain where it is headed. They begin with an explanation of what cyberspace is before moving on to discussions of how it can be exploited and why it is so hard to defend. Throughout, they discuss the latest developments in military and security technology. Singer and Friedman close with a discussion of how people and governments can protect themselves. In sum, Cybersecurity is the definitive account on the subject for the educated layman who wants to know more about the nature of war, conflict, and security in the twenty first century.
- RRP £10.99
Learn to identify the social engineer by non-verbal behavior Unmasking the Social Engineer: The Human Element of Security focuses on combining the science of understanding non-verbal communications with the knowledge of how social engineers, scam artists and con men use these skills to build feelings of trust and rapport in their targets. The author helps readers understand how to identify and detect social engineers and scammers by analyzing their non-verbal behavior. Unmasking the Social Engineer shows how attacks work, explains nonverbal communications, and demonstrates with visuals the connection of non-verbal behavior to social engineering and scamming. Clearly combines both the practical and technical aspects of social engineering security Reveals the various dirty tricks that scammers use Pinpoints what to look for on the nonverbal side to detect the social engineer Sharing proven scientific methodology for reading, understanding, and deciphering non-verbal communications, Unmasking the Social Engineer arms readers with the knowledge needed to help protect their organizations.
- RRP £26.99
- Save £5.40Save 20.00%
Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics-now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques: How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions. Bonus materials include more than 20 real-world exercises, sample memory and code files, and even a formal presentation, syllabus, and test bank.
- RRP £50.00
- Save £10.00Save 20.00%
The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides you with completely up-to-date real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness. The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading. * Learn what Digital Forensics entails* Build a toolkit and prepare an investigative plan* Understand the common artifacts to look for in an exam* Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references
- RRP £25.99
- Save £4.40Save 15.9999999999999982946974341757595539093017578125%
Data is everywhere. We create it every time we go online, turn our phone on (or off) or pay with a credit card. This data is stored, studied, bought and sold by companies and governments for surveillance and for control. "Foremost security expert" (Wired) Bruce Schneier shows how this data has led to a double-edged Internet-a Web that gives power to the people but is abused by the institutions on which those people depend. In Data and Goliath, Schneier reveals the full extent of surveillance, censorship and propaganda in society today, examining the risks of cybercrime, cyberterrorism and cyberwar. He shares technological, legal and social solutions that can help shape a more equal, private and secure world.
Crossing the road, we look both ways. Riding a bicycle at night, we use lights. So why is our attitude towards online security so relaxed? Edward Lucas reveals the ways in which cyberspace is not the secure zone we may hope, how passwords provide no significant obstacle to anyone intent on getting past them, and how anonymity is easily accessible to anyone - malign or benign - willing to take a little time covering their tracks. The internet was designed by a small group of computer scientists looking for a way to share information quickly. In the last twenty years it has expanded rapidly to become a global information superhighway, available to all comers, but also wide open to those seeking invisibility. This potential for anonymity means neither privacy nor secrecy are really possible for law-abiding corporations or citizens. As identities can be faked so easily the very foundations on which our political, legal and economic systems are based are vulnerable. Businesses, governments, national security organisations and even ordinary individuals are constantly at risk and with our ever increasing dependence on the internet and smart-phone technology this threat is unlikely to diminish - in fact, the target for cyber-criminals is expanding all the time. Not only does Cyberphobia lay bare the dangers of the internet, it also explores the most successful defensive cyber-strategies, options for tracking down transgressors and argues that we are moving into a post-digital age where once again face-to-face communication will be the only interaction that really matters.
- RRP £9.99
Secure your PHP-based web applications with this compact handbook. You'll get clear, practical and actionable details on how to secure various parts of your PHP web application. You'll also find scenarios to handle and improve existing legacy issues. Is your PHP app truly secure? Let's make sure you get home on time and sleep well at night. Learn the security basics that a senior developer usually acquires over years of experience, all condensed down into one quick and easy handbook. Do you ever wonder how vulnerable you are to being hacked? Do you feel confident about storing your users' sensitive information? Imagine feeling confident in the integrity of your software when you store your users' sensitive data. No more fighting fires with lost data, no more late nights, your application is secure. Well, this short book will answer your questions and give you confidence in being able to secure your and other PHP web apps. What You'll Learn * Never trust your users - escape all input* HTTPS/SSL/BCA/JWH/SHA and other random letters: some of them actually matter* How to handle password encryption and storage for everyone* What are authentication, access control, and safe file handing and how to implement them* What are safe defaults, cross site scripting and other popular hacks Who This Book Is For Experienced PHP coders, programmers, developers.
Any good attacker will tell you that expensive security monitoring and prevention tools aren't enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You'll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco's Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture. Learn incident response fundamentals-and the importance of getting back to basics Understand threats you face and what you should be protecting Collect, mine, organize, and analyze as many relevant data sources as possible Build your own playbook of repeatable methods for security monitoring and response Learn how to put your plan into action and keep it running smoothly Select the right monitoring and detection tools for your environment Develop queries to help you sort through data and create valuable reports Know what actions to take during the incident response phase
- RRP £39.99
- Save £5.30Save 13.00%
Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. What You Will Learn: * Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats * Prepare for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001 * Calibrate the scope, and customize security controls to fit into an organization's culture * Implement the most challenging processes, pointing out common pitfalls and distractions * Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice Who This Book Is For: IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals)
- RRP £23.99
- Save £4.80Save 20.00%
The upcoming IoT age will blur the line between our physical and online lives. Attacks targeting our online spaces will put our physical security at risk. Traditionally, the attack vectors to our fundamental luxuries have required physical tampering, mostly because access to the infrastructure has been limited from the Internet. This is about to change with the upcoming disruption caused by a future with billions of "things" connected to the Internet. In this book, we will take a fascinating look into abusing the most popular IoT-based devices already available in the market. We will take a look at how a simple attack can cause a perpetual blackout targeting LED lightbulbs, how bad security decisions have grossly violated the physical safety and privacy of families, and how the insecurity of powerful electric vehicles can put your life at risk. The goal of this book is to demonstrate tangible risk in IoT devices that we are going to depend on more and more as time progresses.Once we begin to understand the cause of actual security vulnerabilities in devices today, we will begin to set the path for a future that will help us enable these devices to securely enhance and augment our lives. Malicious attackers are already hard at work uncovering and exploiting these security defects and they will continue to find crafty avenues to abuse their knowledge every way they can. These attackers span the spectrum of curious college students to sophisticated private and state sponsored criminal gangs that are interested in terrorizing individuals and populations. The impact of security vulnerabilities in IoT devices can lead to mass compromise of privacy and cause physical harm. The stakes are high.
- RRP £39.99
- Save £8.10Save 20.00%
The ultimate hands-on guide to IT security and proactive defense The Network Security Test Lab is a hands-on, step-by-step guide to ultimate IT security implementation. Covering the full complement of malware, viruses, and other attack technologies, this essential guide walks you through the security assessment and penetration testing process, and provides the set-up guidance you need to build your own security-testing lab. You'll look inside the actual attacks to decode their methods, and learn how to run attacks in an isolated sandbox to better understand how attackers target systems, and how to build the defenses that stop them. You'll be introduced to tools like Wireshark, Networkminer, Nmap, Metasploit, and more as you discover techniques for defending against network attacks, social networking bugs, malware, and the most prevalent malicious traffic. You also get access to open source tools, demo software, and a bootable version of Linux to facilitate hands-on learning and help you implement your new skills. Security technology continues to evolve, and yet not a week goes by without news of a new security breach or a new exploit being released. The Network Security Test Lab is the ultimate guide when you are on the front lines of defense, providing the most up-to-date methods of thwarting would-be attackers. * Get acquainted with your hardware, gear, and test platform * Learn how attackers penetrate existing security systems * Detect malicious activity and build effective defenses * Investigate and analyze attacks to inform defense strategy The Network Security Test Lab is your complete, essential guide.
- RRP £37.99
- Save £7.60Save 20.00%
Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.
In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. The second edition includes the security of cloud-based resources and the contents have been revised to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.
- RRP £39.99
- Save £5.60Save 14.00%
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. You'll learn how to: * Set up a safe virtual environment to analyze malware * Quickly extract network signatures and host-based indicators * Use key analysis tools like IDA Pro, OllyDbg, and WinDbg * Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques * Use your newfound knowledge of Windows internals for malware analysis * Develop a methodology for unpacking malware and get practical experience with five of the most popular packers * Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back. Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.
- RRP £49.99
- Save £10.00Save 20.00%
Applying the scientific method to security is about using techniques to carefully observe, measure, experiment, form explanations, test, and evaluate security processes in software and products. This practical book shows how incorporating these techniques will provide developers with the knowledge to produce more secure, more useful, and more valuable products and services. You'll learn how to: Apply the scientific method to evaluate projects in digital forensics, software assurance, and intrusion detection Develop your own security methods using this process to build and sell more secure products Discover how to spot bogus security claims and processes
- RRP £39.99
- Save £5.50Save 13.00%
Balancing usability and security when building a website or app can be incredibly difficult. This practical book teaches you a results-driven approach for accomplishing both without compromising either. Not only will you learn what to be aware of when building your systems, but also how to build a solid identity infrastructure across devices that's both usable and secure. You'll be able to harden your data infrastructure and privileged user information, while using common techniques to prevent data breaches. You'll also take a look at future technology that will impact data and identity security.
- RRP £31.99
- Save £6.40Save 20.00%
The book describes data-driven approach to optimal monitoring and alerting in distributed computer systems. It interprets monitoring as a continuous process aimed at extraction of meaning from system's data. The resulting wisdom drives effective maintenance and fast recovery - the bread and butter of web operations. The content of the book gives a scalable perspective on the following topics: anatomy of monitoring and alerting conclusive interpretation of time series data-driven approach to setting up monitors addressing system failures by their impact applications of monitoring in automation reporting on quality with quantitative means and more!
- RRP £17.50
- Save £3.50Save 18.999999999999998721023075631819665431976318359375%
"The best guide to the Metasploit Framework." --HD Moore, Founder of the Metasploit Project The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to: * Find and exploit unmaintained, misconfigured, and unpatched systems * Perform reconnaissance and find valuable information about your target * Bypass anti-virus technologies and circumvent security controls * Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery * Use the Meterpreter shell to launch further attacks from inside the network * Harness standalone Metasploit utilities, third-party tools, and plug-ins * Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
- RRP £41.99
- Save £8.40Save 20.00%
Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs.
- RRP £36.99
- Save £5.50Save 14.0000000000000005684341886080801486968994140625%
This book constitutes the proceedings of the 37th European Conference on IR Research, ECIR 2015, held in Vienna, Austria, in March/April 2015. The 44 full papers, 41 poster papers and 7 demonstrations presented together with 3 keynotes in this volume were carefully reviewed and selected from 305 submissions. The focus of the papers were on following topics: aggregated search and diversity, classification, cross-lingual and discourse, efficiency, evaluation, event mining and summarisation, information extraction, recommender systems, semantic and graph-based models, sentiment and opinion, social media, specific search tasks, temporal models and features, topic and document models, user behavior and reproducible IR.
- RRP £99.99
- Save £20.00Save 20.00%