The New State of the Art in Information Security: From Cloud to Crypto, AI-Driven Security to Post-Quantum Computing.
Now extensively updated throughout, Security in Computing, Sixth Edition, is today's one-stop, primary text for everyone teaching, learning, and practicing information cybersecurity. It defines core principles associated with modern security policies, processes, and protection; illustrates them with up-to-date sidebars and examples; and shows how to apply them in practice. Modular and flexibly organized, it supports a wide array of courses, strengthens professionals' knowledge of foundational principles; and imparts a more expansive understanding of modern security.
This edition adds or expands coverage of artificial intelligence and machine learning tools; app and browser security; security by design; securing cloud, IoT, and embedded systems; privacy-enhancing technologies; protecting vulnerable individuals and groups; strengthening security culture; cryptocurrencies and blockchain; offensive cyberwarfare; post-quantum computing; and more. It contains many new diagrams, exercises, sidebars, and examples, and is mapped to two leading frameworks: the US NIST National Initiative for Cybersecurity Education (NICE) and the UK Cyber Body of Knowledge (CyBOK).
Because programmers make mistakes of many kinds, we can never be sure all programs are without flaws. We know of many practices that can be used during software development to lead to high assurance of correctness. This chapter surveys programs and programming: errors programmers make and vulnerabilities attackers exploit. These failings can have serious consequences, as reported almost daily in the news. However, there are techniques to mitigate these shortcomings. In this section we presented several characteristics of good, secure software. Of course, a programmer can write secure code that has none of these characteristics, and faulty software can exhibit all of them. These qualities are not magic; they cannot turn bad code into good. Rather, they are properties that many examples of good code reflect and practices that good code developers use; the properties are not a cause of good code but are paradigms that tend to go along with it. Following these principles affects the mindset of a designer or developer, encouraging a focus on quality and security; this attention is ultimately good for the resulting product and for its users.
Cryptography is a specialized topic that depends on several areas of mathematics and theoretical computer science, including number theory, finite field algebra, computational complexity, and logic. After reading this overview, you would need to develop a significant background to study cryptography in depth. And we caution you strongly against studying a little cryptography and concluding that you can design your own secure cryptosystem. The field of cryptography is littered with failed approaches designed even by experts, so nonexperts are well advised to “leave the driving to the professionals.”
Remember from Chapter 2 that cryptanalysis is the act of studying a cryptographic algorithm, its implementation, plaintext, ciphertext, and any other available information to try to break the protection of encryption. A cryptanalyst’s chore is to break an encryption. That is, the cryptanalyst attempts to deduce the original meaning of a ciphertext message. Better yet, the cryptanalyst hopes to determine which decrypting algorithm, and ideally which key, match the encrypting algorithm to be able to break other messages encoded in the same way.
Core security concepts: Assets, threats, vulnerabilities, controls, confidentiality, integrity, availability, attackers, and attack types
The security practitioner's toolbox: Identification, authentication, access control, and encryption
Areas of practice: Securing programs, userinternet interaction, operating systems, networks, data, databases, and cloud computing
Cross-cutting disciplines: Privacy, management, law, and ethics
Using cryptography: Solve real problems, and explore its formal and mathematical underpinnings
Emerging topics and risks: AI and adaptive cybersecurity, blockchains and cryptocurrencies, computer-assisted offensive warfare, and quantum computing
Author(s): Charles P. Pfleeger; Shari Lawrence Pfleeger; Lizzie Coles-Kemp
Edition: 6
Publisher: Addison-Wesley
Year: 2024
Language: English
Pages: 1417
Cover Page
About This eBook
Halftitle Page
Title Page
Copyright Page
Pearson’s Commitment to Diversity, Equity, and Inclusion
Contents
Foreword
Citations
Preface
Why Read This Book?
Uses and Users of this Book
Organization of This Book
How to Read This Book
What Is New in This Edition
Acknowledgments
About the Authors
1. Introduction
1.1 What Is Computer Security?
1.2 Threats
1.3 Harm
1.4 Vulnerabilities
1.5 Controls
1.6 Conclusion
1.7 What’s Next?
1.8 Exercises
2. Toolbox: Authentication, Access Control, and Cryptography
2.1 Authentication
2.2 Access Control
2.3 Cryptography
2.4 Conclusion
2.5 Exercises
3. Programs and Programming
3.1 Unintentional (Nonmalicious) Programming Oversights
3.2 Malicious Code—Malware
3.3 Countermeasures
3.4 Conclusion
3.5 Exercises
4. The Internet—User Side
4.1 Browser Attacks
4.2 Attacks Targeting Users
4.3 Obtaining User or Website Data
4.4 Mobile Apps
4.5 Email and Message Attacks
4.6 Conclusion
4.7 Exercises
5. Operating Systems
5.1 Security in Operating Systems
5.2 Security in the Design of Operating Systems
5.3 Rootkits
5.4 Conclusion
5.5 Exercises
6. Networks
6.1 Network Concepts
Part I—War on Networks: Network Security Attacks
6.2 Threats to Network Communications
6.3 Wireless Network Security
6.4 Denial of Service
6.5 Distributed Denial of Service
Part II—Strategic Defenses: Security Countermeasures
6.6 Cryptography in Network Security
6.7 Firewalls
6.8 Intrusion Detection and Prevention Systems
6.9 Network Management
6.10 Conclusion
6.11 Exercises
7. Data and Databases
7.1 Introduction to Databases
7.2 Security Requirements of Databases
7.3 Reliability and Integrity
7.4 Database Disclosure
7.5 Data Mining and Big Data
7.6 Conclusion
7.7 Exercises
8. New Territory
8.1 Introduction
8.2 Cloud Architectures and Their Security
8.3 IoT and Embedded Devices
8.4 Cloud, IoT, and Embedded Devices—The Smart Home
8.5 Smart Cities, IoT, Embedded Devices, and Cloud
8.6 Cloud, IoT, and Critical Services
8.7 Conclusion
8.8 Exercises
9. Privacy
9.1 Privacy Concepts
9.2 Privacy Principles and Policies
9.3 Authentication and Privacy
9.4 Data Mining
9.5 Privacy on the Internet
9.6 Email and Message Security
9.7 Privacy Impacts of Newer Technologies
9.8 Conclusion
9.9 Exercises
10. Management and Incidents
10.1 Security Planning
10.2 Business Continuity Planning
10.3 Handling Incidents
10.4 Risk Analysis
10.5 Physical Threats to Systems
10.6 New Frontiers in Security Management
10.7 Conclusion
10.8 Exercises
11. Legal Issues and Ethics
11.1 Protecting Programs and Data
11.2 Information and the Law
11.3 Rights of Employees and Employers
11.4 Redress for Software Failures
11.5 Computer Crime
11.6 Ethical Issues in Computer Security
11.7 An Ethical Dive into Artificial Intelligence
11.8 Incident Analyses with Ethics
11.9 Conclusion
11.10 Exercises
12. Details of Cryptography
12.1 Cryptology
12.2 Symmetric Encryption Algorithms
12.3 Asymmetric Encryption
12.4 Message Digests
12.5 Digital Signatures
12.6 Quantum Key Distribution
12.7 Conclusion
13. Emerging Topics
13.1 AI and Cybersecurity
13.2 Blockchains and Cryptocurrencies
13.3 Offensive Cyber and Cyberwarfare
13.4 Quantum Computing and Computer Security
13.5 Conclusion
Bibliography
Index
Code Snippets
