Effective and practical security officer training is the single most important element in establishing a professional security program. The Effective Security Officer's Training Manual, Second Edition helps readers improve services, reduce turnover, and minimize liability by further educating security officers. Self-paced material is presented in a creative and innovative style Glossaries, summaries, questions, and practical exercises accompany each chapter
PART OF THE JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES Revised and updated with the latest information from this fast-paced field, Fundamentals of Information System Security, Second Edition provides a comprehensive overview of the essential concepts readers must know as they pursue careers in information systems security. The text opens with a discussion of the new risks, threats, and vulnerabilities associated with the transformation to a digital world, including a look at how business, government, and individuals operate today. Part 2 is adapted from the Official (ISC)2 SSCP Certified Body of Knowledge and presents a high-level overview of each of the seven domains within the System Security Certified Practitioner certification. The book closes with a resource for readers who desire additional material on information security standards, education, professional certifications, and compliance laws. With its practical, conversational writing style and step-by-step examples, this text is a must-have resource for those entering the world of information systems security. New to the Second Edition: - New material on cloud computing, risk analysis, IP mobility, OMNIBus, and Agile Software Development. - Includes the most recent updates in Information Systems Security laws, certificates, standards, amendments, and the proposed Federal Information Security Amendments Act of 2013 and HITECH Act. - Provides new cases and examples pulled from real-world scenarios. - Updated data, tables, and sidebars provide the most current information in the field.
Totally updated for 2011, here's the ultimate study guide for the CISSP exam Considered the most desired certification for IT security professionals, the Certified Information Systems Security Professional designation is also a career-booster. This comprehensive study guide covers every aspect of the 2011 exam and the latest revision of the CISSP body of knowledge. It offers advice on how to pass each section of the exam and features expanded coverage of biometrics, auditing and accountability, software security testing, and other key topics. Included is a CD with two full-length, 250-question sample exams to test your progress. CISSP certification identifies the ultimate IT security professional; this complete study guide is fully updated to cover all the objectives of the 2011 CISSP exam Provides in-depth knowledge of access control, application development security, business continuity and disaster recovery planning, cryptography, Information Security governance and risk management, operations security, physical (environmental) security, security architecture and design, and telecommunications and network security Also covers legal and regulatory investigation and compliance Includes two practice exams and challenging review questions on the CD Professionals seeking the CISSP certification will boost their chances of success with CISSP: Certified Information Systems Security Professional Study Guide, 5th Edition.
With the end of the Cold War, threats to national security have become increasingly non-military in nature. Issues such as climate change, resource scarcity, infectious diseases, natural disasters, irregular migration, drug trafficking, information security and transnational crime have come to the forefront. This book provides a comprehensive introduction to Non-Traditional Security concepts. It does so by: Covering contemporary security issues in depth Bringing together chapters written by experts in each area Guiding you towards additional material for your essays and exams through further reading lists Giving detailed explanations of key concepts Testing your understanding through end-of-chapter questions Edited by a leading figure in the field, this is an authoritative guide to the key concepts that you′ll encounter throughout your non-traditional, and environmental, security studies courses.
Introduction to Security has been the leading text on private security for over thirty years. Celebrated for its balanced and professional approach, this new edition gives future security professionals a broad, solid base that prepares them to serve in a variety of positions. Security is a diverse and rapidly growing field that is immune to outsourcing. The author team as well as an outstanding group of subject-matter experts combine their knowledge and experience with a full package of materials geared to experiential learning. As a recommended title for security certifications, and an information source for the military, this is an essential reference for all security professionals. This timely revision expands on key topics and adds new material on important issues in the 21st century environment such as the importance of communication skills; the value of education; internet-related security risks; changing business paradigms; and brand protection. - New sections on terrorism and emerging security threats like cybercrime and piracy - Top industry professionals from aerospace and computer firms join instructors from large academic programs as co-authors and contributors - Expanded ancillaries for both instructors and students, including interactive web-based video and case studies
Learn application security from the very start, with this comprehensive and approachable guide! Alice and Bob Learn Application Security is an accessible and thorough resource for anyone seeking to incorporate, from the beginning of the System Development Life Cycle, best security practices in software development. This book covers all the basic subjects such as threat modeling and security testing, but also dives deep into more complex and advanced topics for securing modern software systems and architectures. Throughout, the book offers analogies, stories of the characters Alice and Bob, real-life examples, technical explanations and diagrams to ensure maximum clarity of the many abstract and complicated subjects. Topics include: Secure requirements, design, coding, and deployment Security Testing (all forms) Common Pitfalls Application Security Programs Securing Modern Applications Software Developer Security Hygiene Alice and Bob Learn Application Security is perfect for aspiring application security engineers and practicing software developers, as well as software project managers, penetration testers, and chief information security officers who seek to build or improve their application security programs. Alice and Bob Learn Application Security illustrates all the included concepts with easy-to-understand examples and concrete practical applications, furthering the reader's ability to grasp and retain the foundational and advanced topics contained within.
The skills and tools for collecting, verifying and correlating information from different types of systems is an essential skill when tracking down hackers. This book explores Open Source Intelligence Gathering (OSINT) inside out from multiple perspectives, including those of hackers and seasoned intelligence experts. OSINT refers to the techniques and tools required to harvest publicly available data concerning a person or an organization. With several years of experience of tracking hackers with OSINT, the author whips up a classical plot-line involving a hunt for a threat actor. While taking the audience through the thrilling investigative drama, the author immerses the audience with in-depth knowledge of state-of-the-art OSINT tools and techniques. Technical users will want a basic understanding of the Linux command line in order to follow the examples. But a person with no Linux or programming experience can still gain a lot from this book through the commentaries. This book’s unique digital investigation proposition is a combination of story-telling, tutorials, and case studies. The book explores digital investigation from multiple angles: Through the eyes of the author who has several years of experience in the subject. Through the mind of the hacker who collects massive amounts of data from multiple online sources to identify targets as well as ways to hit the targets. Through the eyes of industry leaders. This book is ideal for: Investigation professionals, forensic analysts, and CISO/CIO and other executives wanting to understand the mindset of a hacker and how seemingly harmless information can be used to target their organization. Security analysts, forensic investigators, and SOC teams looking for new approaches on digital investigations from the perspective of collecting and parsing publicly available information. CISOs and defense teams will find this book useful because it takes the perspective of infiltrating an organization from the mindset of a hacker. The commentary provided by outside experts will also provide them with ideas to further protect their organization’s data.
Presenting invaluable advice from the world?s most famous computer security expert, this intensely readable collection features some of the most insightful and informative coverage of the strengths and weaknesses of computer security and the price people pay -- figuratively and literally -- when security fails. Discussing the issues surrounding things such as airplanes, passports, voting machines, ID cards, cameras, passwords, Internet banking, sporting events, computers, and castles, this book is a must-read for anyone who values security at any level -- business, technical, or personal.
"If you've got nothing to hide," many people say, "you shouldn't worry about government surveillance." Others argue that we must sacrifice privacy for security. But as Daniel J. Solove argues in this important book, these arguments and many others are flawed. They are based on mistaken views about what it means to protect privacy and the costs and benefits of doing so. The debate between privacy and security has been framed incorrectly as a zero-sum game in which we are forced to choose between one value and the other. Why can't we have both? In this concise and accessible book, Solove exposes the fallacies of many pro-security arguments that have skewed law and policy to favor security at the expense of privacy. Protecting privacy isn't fatal to security measures; it merely involves adequate oversight and regulation. Solove traces the history of the privacy-security debate from the Revolution to the present day. He explains how the law protects privacy and examines concerns with new technologies. He then points out the failings of our current system and offers specific remedies. Nothing to Hide makes a powerful and compelling case for reaching a better balance between privacy and security and reveals why doing so is essential to protect our freedom and democracy"--Jacket.
