Computer Security Books
In order to protect company's information assets such as sensitive customer records, health care records, etc., the security practitioner first needs to find out: what needs protected, what risks those assets are exposed to, what controls are in place to offset those risks, and where to focus attention for risk treatment. This is the true value and purpose of information security risk assessments. Effective risk assessments are meant to provide a defendable analysis of residual risk associated with your key assets so that risk treatment options can be explored. "Information Security Risk Assessments" gives you the tools and skills to get a quick, reliable, and thorough risk assessment for key stakeholders. It is based on authors' experiences of real-world assessments, reports, and presentations. It focuses on implementing a process, rather than theory, that allows you to derive a quick and valuable assessment. It includes a companion web site with spreadsheets you can utilize to create and maintain the risk assessment.
- RRP £36.99
- Save £5.50Save 14%
"Violent Python" shows you how to move from a theoretical understanding of offensive computing concepts to a practical implementation. Instead of relying on another attacker's tools, this book will teach you to forge your own weapons using the Python programming language. This book demonstrates how to write Python scripts to automate large-scale network attacks, extract metadata, and investigate forensic artifacts. It also shows how to write code to intercept and analyze network traffic using Python, craft and spoof wireless frames to attack wireless and Bluetooth devices, and how to data-mine popular social media websites and evade modern anti-virus.
- RRP £37.99
- Save £6.50Save 17%
Dependence on computers has had a transformative effect on human society. Cybernetics is now woven into the core functions of virtually every basic institution, including our oldest ones. War is one such institution, and the digital revolution's impact on it has been profound. The American military, which has no peer, is almost completely reliant on high-tech computer systems. Given the Internet's potential for full-spectrum surveillance and information disruption, the marshaling of computer networks represents the next stage of cyberwar. Indeed, it is upon us already. The recent Stuxnet episode, in which Israel fed a malignant computer virus into Iran's nuclear facilities, is one such example. Penetration into US government computer systems by Chinese hackers-presumably sponsored by the Chinese government-is another. Together, they point to a new era in the evolution of human conflict. In Cybersecurity: What Everyone Needs to Know, noted experts Peter W. Singer and Allan Friedman lay out how the revolution in military cybernetics occurred and explain where it is headed. They begin with an explanation of what cyberspace is before moving on to discussions of how it can be exploited and why it is so hard to defend. Throughout, they discuss the latest developments in military and security technology. Singer and Friedman close with a discussion of how people and governments can protect themselves. In sum, Cybersecurity is the definitive account on the subject for the educated layman who wants to know more about the nature of war, conflict, and security in the twenty first century.
- RRP £10.99
The all-new edition of this security bestseller reveals the most relevant and up-to-date incident response techniques, tools, and case scenarios. Incident Response & Computer Forensics, Third Edition arms you with the right know-how to react quickly and efficiently to the daily onslaught of data breaches that hit all organizations worldwide. This new edition is chock-full of updates about tools and techniques as well as real-world scenarios reflecting today's most common types of incidents. Specific, detailed advice covers all aspects of incident investigation and handling, with an emphasis on forensics. Special features highlight important tips for security practitioners: the Law Enforcement feature that appears throughout all chapters provides advice on when and how law enforcement must be informed; the What Can Happen feature shows how badly certain scenarios could turn out (with non-action or wrong-action) and why; the Where to Look feature guides you through the fastest routes to key evidence; and the Eye Witness feature details relevant real-world cases for context and urgency. Part I: Introduction to Incident Response covers real-world incidents, an introduction to the incident response process, preparation for incident response, and what happens after the detection of an incident. Part II: Data Collection covers live data collection from Windows and UNIX systems, forensic duplication, collecting network-based evidence, and evidence handling. Part III: Data Analysis covers computer system storage fundamentals, data analysis techniques, investigating Windows and UNIX systems, analyzing network traffic, investigating hacker tools, investigating routers, and writing computer forensic reports. The most technically rigorous handbook on incident handling available All-new advice on architecting networks from the ground-up to fight intrusions New details on streamlining intrusion diagnoses for faster recovery New coverage of: log file and massive data analysis; memory analysis; social media portals to entry; malware analysis; and mobile device-originated breaches New real-world scenarios added throughout exemplify the latest, most prevalent incident types New and up-to-date methods for investigating and assessing hackers' latest tools A forensics-forward approach to handling and protecting sensitive data without further compromising systems
- RRP £49.99
- Save £10.40Save 20%
Learn to identify the social engineer by non-verbal behavior Unmasking the Social Engineer: The Human Element of Security focuses on combining the science of understanding non-verbal communications with the knowledge of how social engineers, scam artists and con men use these skills to build feelings of trust and rapport in their targets. The author helps readers understand how to identify and detect social engineers and scammers by analyzing their non-verbal behavior. Unmasking the Social Engineer shows how attacks work, explains nonverbal communications, and demonstrates with visuals the connection of non-verbal behavior to social engineering and scamming. Clearly combines both the practical and technical aspects of social engineering security Reveals the various dirty tricks that scammers use Pinpoints what to look for on the nonverbal side to detect the social engineer Sharing proven scientific methodology for reading, understanding, and deciphering non-verbal communications, Unmasking the Social Engineer arms readers with the knowledge needed to help protect their organizations.
- RRP £26.99
- Save £5.40Save 20%
The Basics of Digital Forensics provides a foundation for people new to the digital forensics field. This book teaches you how to conduct examinations by discussing what digital forensics is, the methodologies used, key tactical concepts, and the tools needed to perform examinations. Details on digital forensics for computers, networks, cell phones, GPS, the cloud and the Internet are discussed. Also, learn how to collect evidence, document the scene, and how deleted data can be recovered. The new Second Edition of this book provides you with completely up-to-date real-world examples and all the key technologies used in digital forensics, as well as new coverage of network intrusion response, how hard drives are organized, and electronic discovery. You'll also learn how to incorporate quality assurance into an investigation, how to prioritize evidence items to examine (triage), case processing, and what goes into making an expert witness. The Second Edition also features expanded resources and references, including online resources that keep you current, sample legal documents, and suggested further reading. * Learn what Digital Forensics entails* Build a toolkit and prepare an investigative plan* Understand the common artifacts to look for in an exam* Second Edition features all-new coverage of hard drives, triage, network intrusion response, and electronic discovery; as well as updated case studies, expert interviews, and expanded resources and references
- RRP £25.99
- Save £4.40Save 16%
Data is everywhere. We create it every time we go online, turn our phone on (or off) or pay with a credit card. This data is stored, studied, bought and sold by companies and governments for surveillance and for control. "Foremost security expert" (Wired) Bruce Schneier shows how this data has led to a double-edged Internet-a Web that gives power to the people but is abused by the institutions on which those people depend. In Data and Goliath, Schneier reveals the full extent of surveillance, censorship and propaganda in society today, examining the risks of cybercrime, cyberterrorism and cyberwar. He shares technological, legal and social solutions that can help shape a more equal, private and secure world.
Crossing the road, we look both ways. Riding a bicycle at night, we use lights. So why is our attitude towards online security so relaxed? Edward Lucas reveals the ways in which cyberspace is not the secure zone we may hope, how passwords provide no significant obstacle to anyone intent on getting past them, and how anonymity is easily accessible to anyone - malign or benign - willing to take a little time covering their tracks. The internet was designed by a small group of computer scientists looking for a way to share information quickly. In the last twenty years it has expanded rapidly to become a global information superhighway, available to all comers, but also wide open to those seeking invisibility. This potential for anonymity means neither privacy nor secrecy are really possible for law-abiding corporations or citizens. As identities can be faked so easily the very foundations on which our political, legal and economic systems are based are vulnerable. Businesses, governments, national security organisations and even ordinary individuals are constantly at risk and with our ever increasing dependence on the internet and smart-phone technology this threat is unlikely to diminish - in fact, the target for cyber-criminals is expanding all the time. Not only does Cyberphobia lay bare the dangers of the internet, it also explores the most successful defensive cyber-strategies, options for tracking down transgressors and argues that we are moving into a post-digital age where once again face-to-face communication will be the only interaction that really matters.
- RRP £9.99
Any good attacker will tell you that expensive security monitoring and prevention tools aren't enough to keep you secure. This practical book demonstrates a data-centric approach to distilling complex security monitoring, incident response, and threat analysis ideas into their most basic elements. You'll learn how to develop your own threat intelligence and incident detection strategy, rather than depend on security tools alone. Written by members of Cisco's Computer Security Incident Response Team, this book shows IT and information security professionals how to create an InfoSec playbook by developing strategy, technique, and architecture. Learn incident response fundamentals-and the importance of getting back to basics Understand threats you face and what you should be protecting Collect, mine, organize, and analyze as many relevant data sources as possible Build your own playbook of repeatable methods for security monitoring and response Learn how to put your plan into action and keep it running smoothly Select the right monitoring and detection tools for your environment Develop queries to help you sort through data and create valuable reports Know what actions to take during the incident response phase
- RRP £39.99
- Save £5.30Save 13%
Follow step-by-step guidance to craft a successful security program. You will identify with the paradoxes of information security and discover handy tools that hook security controls into business processes. Information security is more than configuring firewalls, removing viruses, hacking machines, or setting passwords. Creating and promoting a successful security program requires skills in organizational consulting, diplomacy, change management, risk analysis, and out-of-the-box thinking. What You Will Learn: * Build a security program that will fit neatly into an organization and change dynamically to suit both the needs of the organization and survive constantly changing threats * Prepare for and pass such common audits as PCI-DSS, SSAE-16, and ISO 27001 * Calibrate the scope, and customize security controls to fit into an organization's culture * Implement the most challenging processes, pointing out common pitfalls and distractions * Frame security and risk issues to be clear and actionable so that decision makers, technical personnel, and users will listen and value your advice Who This Book Is For: IT professionals moving into the security field; new security managers, directors, project heads, and would-be CISOs; and security specialists from other disciplines moving into information security (e.g., former military security professionals, law enforcement professionals, and physical security professionals)
- RRP £23.99
- Save £4.80Save 20%
- RRP £22.99
- Save £4.60Save 20%
This anniversary edition which has stood the test of time as a runaway best-seller provides a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working but isn't, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier's tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community.
Praise for Secrets and Lies
"This is a business issue, not a technical one, and executives can no longer leave such decisions to techies. That's why Secrets and Lies belongs in every manager's library."-Business Week
"Startlingly lively...a jewel box of little surprises you can actually use."-Fortune
"Secrets is a comprehensive, well-written work on a topic few business leaders can afford to neglect."-Business 2.0
"Instead of talking algorithms to geeky programmers, [Schneier] offers a primer in practical computer security aimed at those shopping, communicating or doing business online-almost everyone, in other words."-The Economist
"Schneier...peppers the book with lively anecdotes and aphorisms, making it unusually accessible."-Los Angeles Times
With a new and compelling Introduction by the author, this premium edition will become a keepsake for security enthusiasts of every stripe.
The upcoming IoT age will blur the line between our physical and online lives. Attacks targeting our online spaces will put our physical security at risk. Traditionally, the attack vectors to our fundamental luxuries have required physical tampering, mostly because access to the infrastructure has been limited from the Internet. This is about to change with the upcoming disruption caused by a future with billions of "things" connected to the Internet. In this book, we will take a fascinating look into abusing the most popular IoT-based devices already available in the market. We will take a look at how a simple attack can cause a perpetual blackout targeting LED lightbulbs, how bad security decisions have grossly violated the physical safety and privacy of families, and how the insecurity of powerful electric vehicles can put your life at risk. The goal of this book is to demonstrate tangible risk in IoT devices that we are going to depend on more and more as time progresses.Once we begin to understand the cause of actual security vulnerabilities in devices today, we will begin to set the path for a future that will help us enable these devices to securely enhance and augment our lives. Malicious attackers are already hard at work uncovering and exploiting these security defects and they will continue to find crafty avenues to abuse their knowledge every way they can. These attackers span the spectrum of curious college students to sophisticated private and state sponsored criminal gangs that are interested in terrorizing individuals and populations. The impact of security vulnerabilities in IoT devices can lead to mass compromise of privacy and cause physical harm. The stakes are high.
- RRP £39.99
- Save £8.10Save 20%
Information risk management (IRM) is about identifying, assessing and prioritising risks to keep information secure and available. This accessible book is a practical guide to understanding the principles of IRM and developing a strategic approach to an IRM programme. It also includes a chapter on applying IRM in the public sector. It is the only textbook for the BCS Practitioner Certificate in Information Risk Management.
In today's technology-driven environment, there is an ever-increasing demand for information delivery. A compromise has to be struck between security and availability. This book is a pragmatic guide to information assurance for both business professionals and technical experts. The second edition includes the security of cloud-based resources and the contents have been revised to reflect the changes to the BCS Certification in Information Security Management Principles which the book supports.
- RRP £39.99
- Save £5.60Save 14%
Malware analysis is big business, and attacks can cost a company dearly. When malware breaches your defenses, you need to act quickly to cure current infections and prevent future ones from occurring. For those who want to stay ahead of the latest malware, Practical Malware Analysis will teach you the tools and techniques used by professional analysts. With this book as your guide, you'll be able to safely analyze, debug, and disassemble any malicious software that comes your way. You'll learn how to: * Set up a safe virtual environment to analyze malware * Quickly extract network signatures and host-based indicators * Use key analysis tools like IDA Pro, OllyDbg, and WinDbg * Overcome malware tricks like obfuscation, anti-disassembly, anti-debugging, and anti-virtual machine techniques * Use your newfound knowledge of Windows internals for malware analysis * Develop a methodology for unpacking malware and get practical experience with five of the most popular packers * Analyze special cases of malware with shellcode, C++, and 64-bit code Hands-on labs throughout the book challenge you to practice and synthesize your skills as you dissect real malware samples, and pages of detailed dissections offer an over-the-shoulder look at how the pros do it. You'll learn how to crack open malware to see how it really works, determine what damage it has done, thoroughly clean your network, and ensure that the malware never comes back. Malware analysis is a cat-and-mouse game with rules that are constantly changing, so make sure you have the fundamentals. Whether you're tasked with securing one network or a thousand networks, or you're making a living as a malware analyst, you'll find what you need to succeed in Practical Malware Analysis.
- RRP £49.99
- Save £10.00Save 20%
Applying the scientific method to security is about using techniques to carefully observe, measure, experiment, form explanations, test, and evaluate security processes in software and products. This practical book shows how incorporating these techniques will provide developers with the knowledge to produce more secure, more useful, and more valuable products and services. You'll learn how to: Apply the scientific method to evaluate projects in digital forensics, software assurance, and intrusion detection Develop your own security methods using this process to build and sell more secure products Discover how to spot bogus security claims and processes
- RRP £39.99
- Save £5.50Save 13%
Balancing usability and security when building a website or app can be incredibly difficult. This practical book teaches you a results-driven approach for accomplishing both without compromising either. Not only will you learn what to be aware of when building your systems, but also how to build a solid identity infrastructure across devices that's both usable and secure. You'll be able to harden your data infrastructure and privileged user information, while using common techniques to prevent data breaches. You'll also take a look at future technology that will impact data and identity security.
- RRP £31.99
- Save £6.40Save 20%
The book describes data-driven approach to optimal monitoring and alerting in distributed computer systems. It interprets monitoring as a continuous process aimed at extraction of meaning from system's data. The resulting wisdom drives effective maintenance and fast recovery - the bread and butter of web operations. The content of the book gives a scalable perspective on the following topics: anatomy of monitoring and alerting conclusive interpretation of time series data-driven approach to setting up monitors addressing system failures by their impact applications of monitoring in automation reporting on quality with quantitative means and more!
- RRP £17.50
- Save £3.50Save 19%
"The best guide to the Metasploit Framework." --HD Moore, Founder of the Metasploit Project The Metasploit Framework makes discovering, exploiting, and sharing vulnerabilities quick and relatively painless. But while Metasploit is used by security professionals everywhere, the tool can be hard to grasp for first-time users. Metasploit: The Penetration Tester's Guide fills this gap by teaching you how to harness the Framework and interact with the vibrant community of Metasploit contributors. Once you've built your foundation for penetration testing, you'll learn the Framework's conventions, interfaces, and module system as you launch simulated attacks. You'll move on to advanced penetration testing techniques, including network reconnaissance and enumeration, client-side attacks, wireless attacks, and targeted social-engineering attacks. Learn how to: * Find and exploit unmaintained, misconfigured, and unpatched systems * Perform reconnaissance and find valuable information about your target * Bypass anti-virus technologies and circumvent security controls * Integrate Nmap, NeXpose, and Nessus with Metasploit to automate discovery * Use the Meterpreter shell to launch further attacks from inside the network * Harness standalone Metasploit utilities, third-party tools, and plug-ins * Learn how to write your own Meterpreter post exploitation modules and scripts You'll even touch on exploit discovery for zero-day research, write a fuzzer, port existing exploits into the Framework, and learn how to cover your tracks. Whether your goal is to secure your own networks or to put someone else's to the test, Metasploit: The Penetration Tester's Guide will take you there and beyond.
- RRP £41.99
- Save £8.40Save 20%
How secure is your network? The best way to find out is to attack it. Network Security Assessment provides you with the tricks and tools professional security analysts and consultants use to identify and assess risks in internet-based networks - the same penetration testing model they use to secure government, military, and commercial networks. With this book, you can adopt, refine, and reuse this testing model to design and deploy networks that are hardened and immune from attack. This book demonstrates how a determined attacker scours internet-based networks in search of vulnerable components, from the network to the application level. This third edition is up-to-date on the latest hacking techniques, but rather than focus on individual issues, it looks at the bigger picture by grouping and analyzing threats at a high-level. By grouping threats in this way, you learn to create proactive defensive strategies against entire attack categories, providing protection now and into the future.This book includes: The latest hacking tools, techniques, and defense strategies Relevant background information regarding stack overflows, heap corruption, format string bugs, and more Testing approaches based on standards recognized by the US and UK governments An author who works as a technical director for a security firm that consults Merrill Lynch, American Express and other high-profile clients
- RRP £39.99
- Save £8.00Save 20%
Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs.
- RRP £36.99
- Save £5.50Save 14%
This book constitutes the proceedings of the 37th European Conference on IR Research, ECIR 2015, held in Vienna, Austria, in March/April 2015. The 44 full papers, 41 poster papers and 7 demonstrations presented together with 3 keynotes in this volume were carefully reviewed and selected from 305 submissions. The focus of the papers were on following topics: aggregated search and diversity, classification, cross-lingual and discourse, efficiency, evaluation, event mining and summarisation, information extraction, recommender systems, semantic and graph-based models, sentiment and opinion, social media, specific search tasks, temporal models and features, topic and document models, user behavior and reproducible IR.
- RRP £99.99
- Save £46.60Save 46%