Vai al contenuto principale della pagina

Ten laws for security / Eric Diehl



(Visualizza formato Marc21)    (visualizza in BIBRAME 2.0)

Creatore: Diehl, Eric, author Visualizza persona
Titolo: Ten laws for security / Eric Diehl
Link to work: Ten laws for security Visualizza cluster
Pubblicazione: Cham, Switzerland : Springer, 2016
Estensione: 1 online resource : illustrations
Tipo formato: computer
Tipo contenuto: text
Tipo supporto: online resource
Disciplina: 005.8
Genere/Forma: Electronic books
Classificazione LOC: QA76.9.A25
Contenuto supplementare: Includes bibliographical references.
Nota di contenuto: Foreword; Preface; Contents; Abbreviations and Acronyms; List of Figures; Introduction; 1 Law 1: Attackers Will Always Find Their Way; 1.1 Examples; 1.2 Analysis; 1.2.1 Should Vulnerabilities Be Published?; 1.2.2 Jailbreaking and Secure Bootloaders; 1.2.3 Flawed Designs; 1.2.4 Advanced Persistent Threats; 1.3 Takeaway; 1.3.1 Design Your System for Renewability; 1.3.2 Design for Secure Failure; 1.3.3 Defense in Depth; 1.3.4 Backup; 1.4 Summary; 2 Law 2: Know the Assets to Protect; 2.1 Examples; 2.2 Analysis; 2.2.1 Classification of Assets; 2.2.2 Classification of Attackers; 2.2.3 Threats.
2.3 Takeaway2.3.1 Overprotecting Can Be Bad; 2.3.2 Know Your Enemy; 2.4 Summary; 3 Law 3: No Security Through Obscurity; 3.1 Examples; 3.2 Analysis; 3.2.1 Designing a Secure Encryption Algorithm; 3.2.2 Kerckhoffs' Law Does Not Mean Publish Everything; 3.3 Takeaway; 3.4 Summary; 4 Law 4: Trust No One; 4.1 Examples; 4.2 Analysis; 4.2.1 Supply Chain Attack; 4.2.2 Who Can You Trust?; 4.2.3 Is This Certificate Yours?; 4.2.4 Is the Cloud Trustworthy?; 4.2.5 Hardware Root of Trust; 4.3 Takeaway; 4.3.1 Define Your Trust Model; 4.3.2 Minimize Attack Surface Area; 4.3.3 Principle of Least Privilege.
4.3.4 Simplicity4.3.5 Insiders; 4.3.6 Isolate Your Trust Space; 4.4 Summary; 5 Law 5: Si Vis Pacem, Para Bellum; 5.1 Example; 5.2 Analysis; 5.2.1 Security Is Aging; 5.3 Takeaway; 5.3.1 Active Defense; 5.3.2 Renewability; 5.3.3 Be Vigilant; 5.4 Summary; 6 Law 6: Security Is no Stronger Than Its Weakest Link; 6.1 Examples; 6.2 Analysis; 6.2.1 Design Issues; 6.2.2 Side-Channel Attacks; 6.2.3 Rollback and Backward Compatibility; 6.3 Takeaway; 6.3.1 Test; 6.3.2 Fix Security Issues Adequately; 6.3.3 Take Care of Your Keys; 6.3.4 Think Global; 6.4 Summary; 7 Law 7: You are the Weakest Link.
7.1 Examples7.2 Analysis; 7.2.1 Bring Your Own Cloud; 7.2.2 Authentication; 7.2.3 Social Engineering; 7.2.4 Biometrics; 7.2.5 Do Users Care About Security Warnings?; 7.3 Takeaway; 7.3.1 Understand Your Users; 7.3.2 Align the Interests of All Actors; 7.3.3 Awareness; 7.4 Summary; 8 Law 8: If You Watch the Internet, the Internet Is Watching You; 8.1 Examples; 8.2 Analysis; 8.2.1 Protect Your Corporate LAN; 8.3 Takeaway; 8.3.1 Assume External Systems Are Insecure; 8.3.2 Privacy; 8.3.3 Anonymity; 8.4 Summary; 9 Law 9: Quis Custodiet Ipsos Custodes?; 9.1 Examples; 9.2 Analysis; 9.2.1 CobiT.
9.3 Takeaway9.3.1 Separation of Duties; 9.3.2 Logfiles Are to Be Reviewed; 9.4 Summary; 10 Law 10: Security Is Not a Product, Security Is a Process; 10.1 Examples; 10.2 Analysis; 10.2.1 The McCumber Cube; 10.2.2 Security Mindset; 10.2.3 ISO 27005; 10.3 Takeaway; 10.3.1 What Makes a Great Hacker?; 10.3.2 Tools; 10.3.3 Written Policies; 10.3.4 Communicate Risks; 10.3.5 Think Out of the Box; 10.4 Summary; Conclusions; Conclusions; Appendix A: A Brief Introduction to Cryptography; A.1 Symmetric Cryptography; A.2 Asymmetric Cryptography; A.3 Hash Functions.
Restrizioni accesso: Access is restricted to users affiliated with licensed institutions.
Sommario/riassunto: In this book the author presents ten key laws governing information security. He addresses topics such as attacks, vulnerabilities, threats, designing security, identifying key IP assets, authentication, and social engineering. The informal style draws on his experience in the area of video protection and DRM, while the text is supplemented with introductions to the core formal technical ideas. It will be of interest to professionals and researchers engaged with information security.
ISBN: 9783319426419
3319426419
3319426397
9783319426396
Formato: Materiale a stampa
Livello bibliografico Monografia
Lingua di pubblicazione: Inglese
Record Nr.: 006187123
Localizzazioni e accesso elettronico https://ebookcentral.proquest.com/lib/nyulibrary-ebooks/detail.action?docID=4744597
Collocazione: Electronic access
Lo trovi qui: New York University
Altra ed. diverso supporto: Printed edition: 9783319426396