- Inbunden (Hardback)
- Antal sidor
- Pfleeger, Shari Lawrence
- 241 x 190 x 38 mm
- Antal komponenter
- 1179 g
Du kanske gillar
Analyzing Computer Security: A Threat / Vulnerability / Countmeasure Approach
A Threat / Vulnerability / Countermeasure Approach
Fri frakt inom Sverige för privatpersoner.
Security in Computing, Fourth Editionteach security the way modern security professionals approach it: by identifying the people or things that may cause harm, uncovering weaknesses that can be exploited, and showing how to choose and apply the right protections.
- Visa hela texten
Recensioner i media
This is a must-read book for any budding Security Architect and also makes a great professional reference. Id recommend this book to any IT architect or specialist wishing to enter the field of security architectures, as well as to anyone who already has that title and wants a good quality reference book.-John Hughes, InfoSec Reviews
Bloggat om Analyzing Computer Security: A Threat / V...
Charles P. Pfleeger is an independent consultant with the Pfleeger Consulting Group, specializing in computer and information system security. Among his responsibilities are threat and vulnerability analysis, risk analysis, system security design and review, certification preparation, training, expert testimony and general security advice. Dr. Pfleeger was chair of the IEEE Computer Society Technical Committee on Security and Privacy from 1997-1999 and has been a member of the executive council of that committee since 1995. He is on the board of reviewers for Computers and Security, and was a member of the editorial board of IEEE Security and Privacy, and the board of advisors for OWASP, the Open Web Application Security Project. Dr. Pfleeger has lectured throughout the world and published numerous papers and books. Shari Lawrence Pfleeger is the Research Director for Dartmouth College's Institute for Information Infrastructure Protection, a consortium of leading universities, national laboratories and nonprofit institutions dedicated to strengthening the U.S. cyber infrastructure. She joined the I3P after serving for nine years as a senior researcher at the RAND Corporation, where she focused on software quality and cyber security. Named repeatedly by the Journal of Systems and Software as one of the world's top software engineering researchers, Shari is the author of more than one hundred articles and many books.
Chapter 1: Security Blanket or Security Theater?
How Dependent Are We on Computers?
What is Computer Security?
Analyzing Security Using Examples
Chapter 2: Knock, Knock. Whos There?
Attack Detail: Failed Authentication
Vulnerability: Faulty or Incomplete Authentication
Countermeasure: Strong Authentication
Recurring Thread: Privacy
Recurring Thread: Usability
Chapter 3: 2+2 = 5
Attack: Program Flaw in Spacecraft Software
Threat: Program Flaw Leads to Security Failing
Vulnerability: Incomplete Mediation
Vulnerability: Race Condition
Vulnerability: Time-of-Check to Time-of-Use
Vulnerability: Undocumented Access Point
Ineffective Countermeasure: Penetrate and Patch
Countermeasure: Identifying and Classifying Faults
Countermeasure: Secure Software Design Elements
Countermeasure: Secure Software Development Process
Countermeasure: Defensive Programming
Recurring Thread: LegalRedress for Software Failures
Chapter 4: A Horse of a Different Color
Attack: Malicious Code
Threat: MalwareVirus, Trojan Horse and Worm
History of Malicious Code
Vulnerability: Voluntary Introduction
Vulnerability: Unlimited Privilege
Vulnerability: Stealthy Behavior: Hard to Detect and Characterize
Countermeasure: Detection Tools
Countermeasure: Error-Detecting and Error-Correcting Codes
Countermeasure: Memory Separation
Countermeasure: Basic Security Principles
Recurring Thread: LegalComputer Crime
Chapter 5: The Keys to the Kingdom
Attack: Key Logging
Threat: Illicit Data Access
Harm: Data and Reputation
Vulnerability: Physical Access
Vulnerability: Misplaced Trust
Vulnerability: System Subversion
Vulnerability: Weak Authentication
Failed Countermeasure: Security Through Obscurity
Countermeasure: Physical Access Control
Countermeasure: Strong Authentication
Countermeasure: Trust/Least Privilege
Recurring ThreadForensics: Plug-and-Play Devices
Interlude A: Cloud Computing
What is Cloud Computing?
What are the Risks in the Cloud?
Chapter 6: My Cup Runneth Over
Attack: What Did You Say That Number Was?
Harm: Destruction of Code and Data
Vulnerability: Off-By-One Error
Vulnerability: Integer Ove...