|
|
|||
|
||||
OverviewPublisher's Note: Products purchased from Third Party sellers are not guaranteed by the publisher for quality, authenticity, or access to any online entitlements included with the product. This fully revised four color textbook covers every topic on the current version of the CompTIA Security+ exam Prepare for a career in computer and network security while also studying for professional certification. Take the latest version of the challenging CompTIA Security+ exam with complete confidence using the detailed information contained in this comprehensive classroom-based solution. Written and edited by leaders in the field, the book gets candidates fully prepared for the test and contains the essential fundamentals of computer and network security skills. Principles of Computer Security: CompTIA Security+ and Beyond, Sixth Edition (Exam SY0-601) is presented in an engaging style and features full-color illustrations. Targeted sidebars throughout encourage readers to apply concepts in real-world settings, while other special elements bring the focus back to study with specific test-related advice and information. The textbook features engaging end of chapter sections that help you review the content covered in each chapter while also drilling you on the essentials and providing unique hands-on lab projects. Provides 100% coverage of every objective on exam SY0-601 Online content includes 200 practice questions in the Total Tester exam engine Written by a team of the most well-respected upper-level IT security educators Instructor Materials are available for adopting schools—contact your McGraw Hill sales representative Answers and solutions to the end of chapter sections are only available to adopting instructors Full Product DetailsAuthor: Wm. Arthur Conklin , Greg White , Chuck Cothren , Roger DavisPublisher: McGraw-Hill Education Imprint: McGraw-Hill Education Edition: 6th edition Weight: 2.055kg ISBN: 9781260474312ISBN 10: 1260474313 Pages: 1072 Publication Date: 29 November 2021 Audience: College/higher education , Tertiary & Higher Education Format: Paperback Publisher's Status: Active Availability: In stock We have confirmation that this item is in stock with the supplier. It will be ordered in for you and dispatched immediately. Table of ContentsForeword Preface Introduction Instructor Website Chapter 1 Introduction and Security Trends The Computer Security Problem Threats to Security Attributes of Actors Security Trends Targets and Attacks Approaches to Computer Security Ethics Additional References Chapter 1 Review Chapter 2 General Security Concepts Basic Security Terminology Formal Security Models Additional References Chapter 2 Review Chapter 3 Operational and Organizational Security Policies, Procedures, Standards, and Guidelines Organizational Policies Security Policies Human Resources Policies Security Awareness and Training Standard Operating Procedures Third-Party Risk Management Interoperability Agreements Chapter 3 Review Chapter 4 The Role of People in Security People—A Security Problem Tools Attacks Poor Security Practices People as a Security Tool Chapter 4 Review Chapter 5 Cryptography Cryptography in Practice Cryptographic Objectives Historical Perspectives Hashing Functions Symmetric Encryption Asymmetric Encryption Quantum Cryptography Post-Quantum Lightweight Cryptography Homomorphic Encryption For More Information Chapter 5 Review Chapter 6 Applied Cryptography Cryptography Use Cipher Suites S/MIME PGP Steganography Secure Protocols Secure Protocol Use Cases Cryptographic Attacks Other Standards Chapter 6 Review Chapter 7 Public Key Infrastructure The Basics of Public Key Infrastructures Certificate Authorities Trust Models Digital Certificates Certificate Lifecycles Certificate Repositories Centralized and Decentralized Infrastructures Certificate-Based Threats PKIX and PKCS ISAKMP CMP XKMS CEP Chapter 7 Review Chapter 8 Physical Security The Security Problem Physical Security Safeguards Environmental Controls Fire Suppression Electromagnetic Environment Power Protection Drones/UAVs Chapter 8 Review Chapter 9 Network Fundamentals Network Architectures Network Topology Segregation/Segmentation/Isolation Security Zones Network Protocols Internet Protocol IPv4 vs. IPv6 Packet Delivery Inter-Networking MPLS Software-Defined Networking (SDN) Quality of Service (QoS) Traffic Engineering Route Security For More Information Chapter 9 Review Chapter 10 Infrastructure Security Devices Virtualization Networking Security Devices Security Device/Technology Placement Tunneling/VPN Storage Area Networks Media Removable Media Security Concerns for Transmission Media Physical Security Concerns Chapter 10 Review Chapter 11 Authentication and Remote Access User, Group, and Role Management Account Policies Authorization Identity Authentication Methods Biometric Factors Biometric Efficacy Rates Multifactor Authentication Remote Access Preventing Data Loss or Theft Database Security Cloud vs. On-premises Requirements Connection Summary For More Information Chapter 11 Review Chapter 12 Wireless Security and Mobile Devices Connection Methods and Receivers Wireless Protocols Wireless Systems Configuration Wireless Attacks Mobile Device Management Concepts Mobile Application Security Mobile Devices Policies for Enforcement and Monitoring Deployment Models Chapter 12 Review Chapter 13 Intrusion Detection Systems and Network Security History of Intrusion Detection Systems IDS Overview Network-Based IDSs Host-Based IDSs Intrusion Prevention Systems Network Security Monitoring Deception and Disruption Technologies Analytics SIEM DLP Tools Indicators of Compromise For More Information Chapter 13 Review Chapter 14 System Hardening and Baselines Overview of Baselines Hardware/Firmware Security Operating System and Network Operating System Hardening Secure Baseline Endpoint Protection Network Hardening Application Hardening Data-Based Security Controls Environment Automation/Scripting Alternative Environments Industry-Standard Frameworks and Reference Architectures Benchmarks/Secure Configuration Guides For More Information Chapter 14 Review Chapter 15 Types of Attacks and Malicious Software Avenues of Attack Malicious Code Malware Attacking Computer Systems and Networks Advanced Persistent Threat Password Attacks Chapter 15 Review Chapter 16 Security Tools and Techniques Network Reconnaissance and Discovery Tools File Manipulation Tools Shell and Script Environments Packet Capture and Replay Tools Forensic Tools Tool Suites Penetration Testing Vulnerability Testing Auditing Vulnerabilities Chapter 16 Review Chapter 17 Web Components, E-mail, and Instant Messaging Current Web Components and Concerns Web Protocols Code-Based Vulnerabilities Application-Based Weaknesses How E-mail Works Security of E-mail Mail Gateway Mail Encryption Instant Messaging Chapter 17 Review Chapter 18 Cloud Computing Cloud Computing Cloud Types Cloud Service Providers Cloud Security Controls Security as a Service Cloud Security Solutions Virtualization VDI/VDE Fog Computing Edge Computing Thin Client Containers Microservices/API Serverless Architecture Chapter 18 Review Chapter 19 Secure Software Development The Software Engineering Process Secure Coding Concepts Application Attacks Application Hardening Code Quality and Testing Compiled Code vs. Runtime Code Software Diversity Secure DevOps Elasticity Scalability Version Control and Change Management Provisioning and Deprovisioning Integrity Measurement For More Information Chapter 19 Review Chapter 20 Risk Management An Overview of Risk Management Risk Management Vocabulary What Is Risk Management? Security Controls Business Risks Third-party Risks Risk Mitigation Strategies Risk Management Models Risk Assessment Qualitatively Assessing Risk Quantitatively Assessing Risk Qualitative vs. Quantitative Risk Assessment Tools Risk Management Best Practices Additional References Chapter 20 Review Chapter 21 Business Continuity, Disaster Recovery, and Change Management Business Continuity Continuity of Operations Planning (COOP) Disaster Recovery Why Change Management? The Key Concept: Separation of Duties Elements of Change Management Implementing Change Management The Purpose of a Change Control Board The Capability Maturity Model Integration Environment Secure Baseline Sandboxing Integrity Measurement Chapter 21 Review Chapter 22 Incident Response Foundations of Incident Response Attack Frameworks Threat Intelligence Incident Response Process Exercises Stakeholder Management Communication Plan Data Sources Log Files Data Collection Models Standards and Best Practices For More Information Chapter 22 Review Chapter 23 Computer Forensics Evidence Chain of Custody Forensic Process Message Digest and Hash Analysis Host Forensics Device Forensics Network Forensics Legal Hold Chapter 23 Review Chapter 24 Legal Issues and Ethics Cybercrime Ethics Chapter 24 Review Chapter 25 Privacy Data Handling Organizational Consequences of Privacy Breaches Data Sensitivity Labeling and Handling Data Roles Data Destruction and Media Sanitization U.S. Privacy Laws International Privacy Laws Privacy-Enhancing Technologies Privacy Policies Privacy Impact Assessment Web Privacy Issues Privacy in Practice For More Information Chapter 25 Review Appendix A CompTIA Security+ Exam Objectives: SY0-601 Appendix B About the Online Content System Requirements Your Total Seminars Training Hub Account Single User License Terms and Conditions TotalTester Online Technical Support Glossary IndexReviewsAuthor InformationGreg White (San Antonio, TX), CompTIA Security+, CISSP, is an Associate Professor in the Department of Computer Science at the University of Texas at San Antonio. Dr. White is the Director of the Center for Infrastructure Assurance and Security at UTSA. Chuck Cothren is a Research Scientist at University of Texas at San Antonio (UTSA) Center for Infrastructure Assurance and Security (CIAS) and currently serves on the Information Security Associations Alamo Chapter Board of Directors. Mr. Cothren has a wide array of security experience including performing controlled penetration testing, network security policies, computer intrusion forensics, and computer training. He is a Certified Information Systems Security Professional (CISSP) and has co-authored other McGraw-Hill/Osborne titles. Mr. Cothren holds a B.S. in Industrial Distribution from Texas A&M University. Roger L. Davis is a Senior Internal Audit Manager at NuSkin Enterprises and is responsible for evaluating global business operations in over 35 countries. He is a retired Air Force Colonel with over 20 years of military and information security experience. Mr. Davis is a Certified Information Systems Security Professional (CISSP) and holds a Masters Degree in Computer Science from George Washington University. Tab Content 6Author Website:Countries AvailableAll regions |