چه کسانی این کتاب را می‌خوانند

دانشجوعلاقه‌مند یادگیری
کتابخوان حرفه‌ایلذت مطالعه
نویسندهالهام‌گیری

امنیت در محاسبات، ویرایش ششم

Security in Computing, 6th Edition

Laurent Gounelle، Pfleeger, Charles, Pfleeger, Shari, Coles-Kemp, Lizzie

قیمت نهایی

۴۴٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۰٪ تخفیف
  • تخفیف زمان‌دار−۵٬۰۰۰ تومان

۵٬۰۰۰ تومان صرفه‌جویی نسبت به قیمت اصلی

نسخه اصلی و اورجینال

بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.

تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی

مشخصات کتاب

سال انتشار
۲۰۲۳
فرمت
PDF
زبان
انگلیسی
حجم فایل
۱۳٫۳ مگابایت
شابک
9782863749098، 2863749099، 9780137891214، 0137891210

دربارهٔ کتاب

The Art of Computer and Information Security: From Apps and Networks to Cloud and Crypto Security in Computing, Sixth Edition, is today's essential text for anyone teaching, learning, and practicing cybersecurity. It defines core principles underlying modern security policies, processes, and protection; illustrates them with up-to-date examples; and shows how to apply them in practice. Modular and flexibly organized, this book supports a wide array of courses, strengthens professionals' knowledge of foundational principles, and imparts a more expansive understanding of modern security. This extensively updated edition adds or expands coverage of artificial intelligence and machine learning tools; app and browser security; security by design; securing cloud, IoT, and embedded systems; privacy-enhancing technologies; protecting vulnerable individuals and groups; strengthening security culture; cryptocurrencies and blockchain; cyberwarfare; post-quantum computing; and more. It contains many new diagrams, exercises, sidebars, and examples, and is suitable for use with two leading frameworks: the US NIST National Initiative for Cybersecurity Education (NICE) and the UK Cyber Security Body of Knowledge (CyBOK). Core security concepts: Assets, threats, vulnerabilities, controls, confidentiality, integrity, availability, attackers, and attack types The security practitioner's toolbox: Identification and authentication, access control, and cryptography Areas of practice: Securing programs, user–internet interaction, operating systems, networks, data, databases, and cloud computing Cross-cutting disciplines: Privacy, management, law, and ethics Using cryptography: Formal and mathematical underpinnings, and applications of cryptography Emerging topics and risks: AI and adaptive cybersecurity, blockchains and cryptocurrencies, cyberwarfare, and quantum computing Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details. Cover Half Title Title Page Copyright Page Contents Foreword Preface Acknowledgments About the Authors Chapter 1 Introduction 1.1 What Is Computer Security? Values of Assets The Vulnerability–Threat–Control Paradigm 1.2 Threats Confidentiality Integrity Availability Types of Threats Types of Attackers 1.3 Harm Risk and Common Sense Method–Opportunity–Motive 1.4 Vulnerabilities 1.5 Controls 1.6 Conclusion 1.7 What’s Next? 1.8 Exercises Chapter 2 Toolbox: Authentication, Access Control, and Cryptography 2.1 Authentication Identification vs. Authentication Authentication Based on Phrases and Facts: Something You Know Authentication Based on Biometrics: Something You Are Authentication Based on Tokens: Something You Have Federated Identity Management Multifactor Authentication Fitting Authentication to the Situation 2.2 Access Control Access Policies Implementing Access Control Procedure-Oriented Access Control Role-Based Access Control 2.3 Cryptography Problems Addressed by Encryption Terms and Concepts DES: The Data Encryption Standard AES: Advanced Encryption System Public Key Cryptography Using Public Key Cryptography to Exchange Secret Keys Error Detecting Codes Signatures Trust Certificates: Trustable Identities and Public Keys Digital Signatures—All the Pieces 2.4 Conclusion 2.5 Exercises Chapter 3 Programs and Programming 3.1 Unintentional (Nonmalicious) Programming Oversights Buffer Overflow Incomplete Mediation Time-of-Check to Time-of-Use Undocumented Access Point Off-by-One Error Integer Overflow Unterminated Null-Terminated String Parameter Length, Type, and Number Unsafe Utility Program Race Condition Unsynchronized Activity Developing Secure Apps 3.2 Malicious Code—Malware Malware—Viruses, Worms, and Trojan Horses Technical Details: Malicious Code 3.3 Countermeasures Countermeasures for Users Countermeasures for Developers Countermeasure Specifically for Security Countermeasures That Don’t Work 3.4 Conclusion 3.5 Exercises Chapter 4 The Internet—User Side 4.1 Browser Attacks Browser Attack Types How Browser Attacks Succeed: Failed Identification and Authentication 4.2 Attacks Targeting Users False or Misleading Content Malicious Web Content Protecting Against Malicious Webpages 4.3 Obtaining User or Website Data Code Within Data Website Data: A User’s Problem Too Ransomware Foiling Data Attacks 4.4 Mobile Apps Apps and Security Threats to Mobile Computing Vulnerabilities from Using Apps Why Apps Have Flaws Finding Secure Apps Protecting Yourself After Installing an App 4.5 Email and Message Attacks Fake Email Fake Email Messages as Spam Fake (Inaccurate) Email Header Data Phishing Protecting Against Email Attacks 4.6 Conclusion 4.7 Exercises Chapter 5 Operating Systems 5.1 Security in Operating Systems Background: Operating System Structure Security Features of Ordinary Operating Systems A Bit of History Protected Objects Operating System Tools to Implement Security Functions 5.2 Security in the Design of Operating Systems Simplicity of Design Layered Design Kernelized Design Reference Monitor Correctness and Completeness Secure Design Principles Trusted Systems 5.3 Rootkits Example: Phone Rootkits Rootkit Characteristics Rootkit Case Studies Nonmalicious Rootkits 5.4 Conclusion 5.5 Exercises Chapter 6 Networks 6.1 Network Concepts Background: Network Transmission Media Background: Protocol Layers Background: Addressing and Routing Part I—War on Networks: Network Security Attacks 6.2 Threats to Network Communications Interception: Eavesdropping and Wiretapping Modification: Data Corruption Interruption: Loss of Service Port Scanning Network Vulnerability Summary 6.3 Wireless Network Security WiFi Background Vulnerabilities in Wireless Networks Failed Countermeasure: WEP (Wired Equivalent Privacy) Stronger Protocol Suite: WPA (WiFi Protected Access) 6.4 Denial of Service Example: Massive Estonian Web Failure How Service Is Denied Flooding (Capacity) Attacks in Detail Network Flooding Caused by Malicious Code Network Flooding by Resource Exhaustion Denial of Service by Addressing Failures Traffic Redirection DNS Attacks Exploiting Known Vulnerabilities Physical Disconnection 6.5 Distributed Denial of Service Scripted Denial-of-Service Attacks Bots Botnets Malicious Autonomous Mobile Agents Autonomous Mobile Protective Agents Part II—Strategic Defenses: Security Countermeasures 6.6 Cryptography in Network Security Network Encryption Browser Encryption Onion Routing IP Security Protocol Suite (IPsec) Virtual Private Networks 6.7 Firewalls System Architecture What Is a Firewall? Design of Firewalls Types of Firewalls Personal Firewalls Comparison of Firewall Types Examples of Firewall Configurations Network Address Translation (NAT) 6.8 Intrusion Detection and Prevention Systems Types of IDSs Goals for Intrusion Detection Systems IDS Strengths and Limitations Intrusion Prevention Systems Intrusion Response 6.10 Conclusion 6.9 Network Management Management to Ensure Service Security Information and Event Management All-of-the-Above Products or Families 6.11 Exercises Chapter 7 Data and Databases 7.1 Introduction to Databases Concept of a Database Components of Databases Advantages of Using Databases 7.2 Security Requirements of Databases Integrity of the Database Element Integrity Auditability Access Control User Authentication Availability Integrity/Confidentiality/Availability 7.3 Reliability and Integrity Protection Features from the Operating System Two-Phase Update Redundancy/Internal Consistency Recovery Concurrency/Consistency 7.4 Database Disclosure Sensitive Data Types of Disclosures Preventing Disclosure: Data Suppression and Modification Security versus Precision 7.5 Data Mining and Big Data Data Mining Big Data Controls on U.S. Government Websites 7.6 Conclusion 7.7 Exercises Chapter 8 New Territory 8.1 Introduction Cloud Computing The Internet of Things Embedded Systems 8.2 Cloud Architectures and Their Security Essential Characteristics Service Models Deployment Models Security in Cloud Computing Identity Management in the Cloud 8.3 IoT and Embedded Devices IoT and Security 8.4 Cloud, IoT, and Embedded Devices—The Smart Home Securing Smart Homes Security Practices and Controls in the Smart Home 8.5 Smart Cities, IoT, Embedded Devices, and Cloud Smart City Digital Architecture Security and the Smart City 8.6 Cloud, IoT, and Critical Services Healthcare Security and the Internet of Medical Things Utilities—Electricity and Water 8.7 Conclusion 8.8 Exercises Chapter 9 Privacy 9.1 Privacy Concepts Aspects of Information Privacy Computer-Related Privacy Problems 9.2 Privacy Principles and Policies Fair Information Practices U.S. Privacy Laws Controls on U.S. Government Websites Controls on Commercial Websites Non-U.S. Privacy Principles Individual Actions to Protect Privacy Governments and Privacy Identity Theft 9.3 Authentication and Privacy What Authentication Means Conclusions 9.4 Data Mining Government Data Mining Privacy-Preserving Data Mining 9.5 Privacy on the Internet Understanding the Online Environment Payments on the Internet Site and Portal Registrations Whose Page Is This? Precautions for Web Surfing Spyware Shopping on the Internet 9.6 Email and Message Security Where Does Email Go, and Who Can Access It? Monitoring Email Anonymous, Pseudonymous, and Disappearing Email Spoofing and Spamming Summary 9.7 Privacy Impacts of Newer Technologies Radio Frequency Identification Electronic Voting Privacy in the Cloud Conclusions on Newer Technologies 9.8 Conclusion 9.9 Exercises Chapter 10 Management and Incidents 10.1 Security Planning Organizations and Security Plans Contents of a Security Plan Security Planning Team Members Assuring Commitment to a Security Plan 10.2 Business Continuity Planning Assess Business Impact Develop Strategy Develop the Plan 10.3 Handling Incidents Incident Response Plans Incident Response Teams 10.4 Risk Analysis The Nature of Risk Steps of a Risk Analysis Arguments For and Against Risk Analysis 10.5 Physical Threats to Systems Natural Disasters Human Vandals Contingency Planning Physical Security Recap 10.6 New Frontiers in Security Management 10.7 Conclusion 10.8 Exercises Chapter 11 Legal Issues and Ethics 11.1 Protecting Programs and Data Copyrights Patents Trade Secrets Special Cases 11.2 Information and the Law Information as an Object The Legal System Summary of Protection for Computer Artifacts 11.3 Rights of Employees and Employers Control of Products Employment Contracts 11.4 Redress for Software Failures Selling Correct Software Reporting Software Flaws 11.5 Computer Crime Examples of Statutes International Dimensions Why Computer Criminals Are Hard to Catch What Computer Crime Statutes Do Not Address Summary of Legal Issues in Computer Security 11.6 Ethical Issues in Computer Security Differences Between the Law and Ethics Studying Ethics Ethical Reasoning 11.7 An Ethical Dive into Artificial Intelligence AI’s Meaning and Concerns IBM: A Study in How to Approach Ethical AI 11.8 Incident Analyses with Ethics Situation I: Use of Computer Services Situation II: Privacy Rights Situation III: Denial of Service Situation IV: Ownership of Programs Situation V: Proprietary Resources Situation VI: Fraud Situation VII: Accuracy of Information Situation VIII: Ethics of Hacking or Cracking Situation IX: True Representation Conclusion of Computer Ethics 11.9 Conclusion 11.10 Exercises Chapter 12 Details of Cryptography 12.1 Cryptology Cryptanalysis Cryptographic Primitives One-Time Pads Statistical Analysis What Makes a “Secure” Encryption Algorithm? 12.2 Symmetric Encryption Algorithms DES Attacking Ciphertext AES Other Symmetric Algorithms 12.3 Asymmetric Encryption The RSA Algorithm Strength of the RSA Algorithm Elliptic Curve Cryptosystems Digression: Diffie–Hellman Key Exchange 12.4 Message Digests Hash Functions One-Way Hash Functions Message Digests Authenticated Encryption 12.5 Digital Signatures 12.6 Quantum Key Distribution Key Distribution Quantum Physics Implementation 12.7 Conclusion Chapter 13 Emerging Topics 13.1 AI and Cybersecurity AI-Based Decision Making AI-Driven Security Management Adversarial AI Responsible AI Open Questions 13.2 Blockchains and Cryptocurrencies What Is a Blockchain? Commerce and Trust What Is Cryptocurrency? Cryptocurrency in the World Context Is the Implementation of Cryptocurrencies Secure? Open Questions 13.3 Offensive Cyber and Cyberwarfare What Is Cyberwarfare? Possible Examples of Cyberwarfare Cyberwar or Offensive Cyber? Critical Issues 13.4 Quantum Computing and Computer Security Quantum Computers Quantum-Resistant Cryptography 13.5 Conclusion Bibliography Index A B C D E F G H I J K L M N O P Q R S T U V W X Y Z "A useful aid to understanding today's headlines as well as Israel's recent past." –Kirkus ReviewSecurity in Computing, Sixth Edition, is today's essential text for anyone teaching, learning, and practicing cybersecurity. It defines core principles underlying modern security policies, processes, and protection; illustrates them with up-to-date examples; and shows how to apply them in practice. Modular and flexibly organized, this book supports a wide array of courses, strengthens professionals' knowledge of foundational principles, and imparts a more expansive understanding of modern security.This extensively updated edition adds or expands coverage of artificial intelligence and machine learning tools; app and browser security; security by design; securing cloud, IoT, and embedded systems; privacy-enhancing technologies; protecting vulnerable individuals and groups; strengthening security culture; cryptocurrencies and blockchain; cyberwarfare; post-quantum computing; and more. It contains many new diagrams, exercises, sidebars, and examples, and is suitable for use with two leading frameworks: the US NIST National Initiative for Cybersecurity Education (NICE) and the UK Cyber Security Body of Knowledge (CyBOK).• Core security concepts: Assets, threats, vulnerabilities, controls, confidentiality, integrity, availability, attackers, and attack types• The security practitioner's toolbox: Identification and authentication, access control, and cryptography• Areas of practice: Securing programs, userinternet interaction, operating systems, networks, data, databases, and cloud computing• Cross-cutting disciplines: Privacy, management, law, and ethics• Using cryptography: Formal and mathematical underpinnings, and applications of cryptography• Emerging topics and risks: AI and adaptive cybersecurity, blockchains and cryptocurrencies, cyberwarfare, and quantum computing

کتاب‌های مشابه

محاسبات با متا متیکا، ویرایش دوم

محاسبات با متا متیکا، ویرایش دوم

۴۹٬۰۰۰ تومان

مقدمه‌ای بر نظریه اتوماتا، زبان‌ها و محاسبات، ویرایش دوم

مقدمه‌ای بر نظریه اتوماتا، زبان‌ها و محاسبات، ویرایش دوم

۴۹٬۰۰۰ تومان

فناوری امنیت جاسازی شده در پلتفرم فاش شد: حفاظت از آینده محاسبات با امنیت جاسازی شده و موتور مدیریت اینتل

فناوری امنیت جاسازی شده در پلتفرم فاش شد: حفاظت از آینده محاسبات با امنیت جاسازی شده و موتور مدیریت اینتل

۴۹٬۰۰۰ تومان

راهنمای مدیریت امنیت اطلاعات، ویرایش ششم، جلد ۷

راهنمای مدیریت امنیت اطلاعات، ویرایش ششم، جلد ۷

۴۹٬۰۰۰ تومان

جبر رایانه‌ای، ویرایش دوم: سیستم‌ها و الگوریتم‌ها برای محاسبات جبری

جبر رایانه‌ای، ویرایش دوم: سیستم‌ها و الگوریتم‌ها برای محاسبات جبری

۴۹٬۰۰۰ تومان

مقدمه‌ای بر شناسایی الگوهای آماری، ویرایش دوم (سری علوم کامپیوتر و محاسبات علمی)

مقدمه‌ای بر شناسایی الگوهای آماری، ویرایش دوم (سری علوم کامپیوتر و محاسبات علمی)

۴۹٬۰۰۰ تومان

برنامه‌نویسی پیشرفته در محیط UNIX (ویرایش دوم) (سری محاسبات حرفه‌ای ادیسون-وِسلی)

برنامه‌نویسی پیشرفته در محیط UNIX (ویرایش دوم) (سری محاسبات حرفه‌ای ادیسون-وِسلی)

۴۹٬۰۰۰ تومان

معماری امنیت اطلاعات: رویکردی یکپارچه به امنیت در سازمان، ویرایش دوم

معماری امنیت اطلاعات: رویکردی یکپارچه به امنیت در سازمان، ویرایش دوم

۴۹٬۰۰۰ تومان

امنیت فیزیکی مؤثر، ویرایش چهارم

امنیت فیزیکی مؤثر، ویرایش چهارم

۴۹٬۰۰۰ تومان

امنیت کامپیوتر [هنر و علم] ویرایش دوم

امنیت کامپیوتر [هنر و علم] ویرایش دوم

۴۹٬۰۰۰ تومان

قابلیت محاسبه: توابع قابل محاسبه، منطق و بنیادهای ریاضیات، ویرایش سوم

قابلیت محاسبه: توابع قابل محاسبه، منطق و بنیادهای ریاضیات، ویرایش سوم

۴۹٬۰۰۰ تومان

(ویراستاران) نظریه گروه، ترکیب و محاسبات (مجموعه مقالات)

(ویراستاران) نظریه گروه، ترکیب و محاسبات (مجموعه مقالات)

۴۹٬۰۰۰ تومان

قیمت نهایی

۴۴٬۰۰۰ تومان