The Art of Computer and Information Security: From Apps and Networks to Cloud and Crypto
Security in Computing, Sixth Edition, is today's essential text for anyone teaching, learning, and practicing cybersecurity. It defines core principles underlying modern security policies, processes, and protection; illustrates them with up-to-date examples; and shows how to apply them in practice. Modular and flexibly organized, this book supports a wide array of courses, strengthens professionals' knowledge of foundational principles, and imparts a more expansive understanding of modern security.
This extensively updated edition adds or expands coverage of artificial intelligence and machine learning tools; app and browser security; security by design; securing cloud, IoT, and embedded systems; privacy-enhancing technologies; protecting vulnerable individuals and groups; strengthening security culture; cryptocurrencies and blockchain; cyberwarfare; post-quantum computing; and more. It contains many new diagrams, exercises, sidebars, and examples, and is suitable for use with two leading frameworks: the US NIST National Initiative for Cybersecurity Education (NICE) and the UK Cyber Security Body of Knowledge (CyBOK).
Core security concepts: Assets, threats, vulnerabilities, controls, confidentiality, integrity, availability, attackers, and attack types
The security practitioner's toolbox: Identification and authentication, access control, and cryptography
Areas of practice: Securing programs, user-internet interaction, operating systems, networks, data, databases, and cloud computing
Cross-cutting disciplines: Privacy, management, law, and ethics
Using cryptography: Formal and mathematical underpinnings, and applications of cryptography
Emerging topics and risks: AI and adaptive cybersecurity, blockchains and cryptocurrencies, cyberwarfare, and quantum computing
Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.
Foreword xix
Preface xxv
Acknowledgments xxxi
About the Authors xxxiii
Chapter 1: Introduction 1
1.1 What Is Computer Security? 3
1.2 Threats 6
1.3 Harm 24
1.4 Vulnerabilities 30
1.5 Controls 30
1.6 Conclusion 33
1.7 What's Next? 34
1.8 Exercises 36
Chapter 2: Toolbox: Authentication, Access Control, and Cryptography 38
2.1 Authentication 40
2.2 Access Control 78
2.3 Cryptography 93
2.4 Conclusion 137
2.5 Exercises 138
Chapter 3: Programs and Programming 141
3.1 Unintentional (Nonmalicious) Programming Oversights 143
3.2 Malicious Code--Malware 178
3.3 Countermeasures 211
3.4 Conclusion 245
3.5 Exercises 245
Chapter 4: The Internet--User Side 248
4.1 Browser Attacks 251
4.2 Attacks Targeting Users 265
4.3 Obtaining User or Website Data 280
4.4 Mobile Apps 289
4.5 Email and Message Attacks 310
4.6 Conclusion 320
4.7 Exercises 321
Chapter 5: Operating Systems 323
5.1 Security in Operating Systems 323
5.2 Security in the Design of Operating Systems 351
5.3 Rootkits 371
5.4 Conclusion 382
5.5 Exercises 382
Chapter 6: Networks 385
6.1 Network Concepts 386
Part I--War on Networks: Network Security Attacks 399
6.2 Threats to Network Communications 400
6.3 Wireless Network Security 421
6.4 Denial of Service 443
6.5 Distributed Denial of Service 468
Part II--Strategic Defenses: Security Countermeasures 479
6.6 Cryptography in Network Security 479
6.7 Firewalls 497
6.8 Intrusion Detection and Prevention Systems 522
6.9 Network Management 536
6.10 Conclusion 545
6.11 Exercises 545
Chapter 7: Data and Databases 549
7.1 Introduction to Databases 550
7.2 Security Requirements of Databases 555
7.3 Reliability and Integrity 561
7.4 Database Disclosure 566
7.5 Data Mining and Big Data 585
7.6 Conclusion 599
7.7 Exercises 599
Chapter 8: New Territory 601
8.1 Introduction 601
8.2 Cloud Architectures and Their Security 605
8.3 IoT and Embedded Devices 627
8.4 Cloud, IoT, and Embedded Devices--The Smart Home 638
8.5 Smart Cities, IoT, Embedded Devices, and Cloud 643
8.6 Cloud, IoT, and Critical Services 648
8.7 Conclusion 657
8.8 Exercises 658
Chapter 9: Privacy 659
9.1 Privacy Concepts 660
9.2 Privacy Principles and Policies 671
9.3 Authentication and Privacy 688
9.4 Data Mining 694
9.5 Privacy on the Internet 698
9.6 Email and Message Security 713
9.7 Privacy Impacts of Newer Technologies 717
9.8 Conclusion 724
9.9 Exercises 725
Chapter 10: Management and Incidents 727
10.1 Security Planning 727
10.2 Business Continuity Planning 738
10.3 Handling Incidents 742
10.4 Risk Analysis 749
10.5 Physical Threats to Systems 767
10.6 New Frontiers in Security Management 776
10.7 Conclusion 778
10.8 Exercises 779
Chapter 11: Legal Issues and Ethics 781
11.1 Protecting Programs and Data 783
11.2 Information and the Law 800
11.3 Rights of Employees and Employers 805
11.4 Redress for Software Failures 808
11.5 Computer Crime 814
11.6 Ethical Issues in Computer Security 822
11.7 An Ethical Dive into Artificial Intelligence 828
11.8 Incident Analyses with Ethics 830
11.9 Conclusion 846
11.10 Exercises 847
Chapter 12: Details of Cryptography 850
12.1 Cryptology 851
12.2 Symmetric Encryption Algorithms 863
12.3 Asymmetric Encryption 877
12.4 Message Digests 883
12.5 Digital Signatures 888
12.6 Quantum Key Distribution 889
12.7 Conclusion 894
Chapter 13: Emerging Topics 895
13.1 AI and Cybersecurity 896
13.2 Blockchains and Cryptocurrencies 908
13.3 Offensive Cyber and Cyberwarfare 924
13.4 Quantum Computing and Computer Security 936
13.5 Conclusion 937
Bibliography 939
Index 963
