Welcome to your Cyber Security: Defence reading list. Here you will find resources selected by your course team to support you throughout this module.
Cybersecurity: a Business Solution by Arnold, R.As a business leader, you might think you have cybersecurity under control because you have a great IT team. But managing cyber risk requires more than firewalls and good passwords. Cash flow, insurance, relationships, and legal affairs for an organization all play major roles in managing cyber risk. Treating cybersecurity as "just an IT problem" leaves an organization exposed and unprepared. Therefore, executives must take charge of the big picture. Cybersecurity: A Business Solution is a concise guide to managing cybersecurity from a business perspective, written specifically for the leaders of small and medium businesses. In this book you will find a step-by-step approach to managing the financial impact of cybersecurity. The strategy provides the knowledge you need to steer technical experts toward solutions that fit your organization's business mission. The book also covers common pitfalls that lead to a false sense of security. And, to help offset the cost of higher security, it explains how you can leverage investments in cybersecurity to capture market share and realize more profits. The book's companion material also includes an executive guide to The National Institute of Standards and Technology (NIST) Cybersecurity Framework. It offers a business level overview of the following key terms and concepts, which are central to managing its adoption. Tiers Profiles Functions Informative References
Call Number: 005.8 ARN
Publication Date: 2017
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th ed. by Chapple, M. ; Stewart, J.M. ; Gibson, D.CISSP Study Guide - fully updated for the 2018 CISSP Body of Knowledge CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide, 8th Edition has been completely updated for the latest 2018 CISSP Body of Knowledge. This bestselling Sybex study guide covers 100% of all exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, real-world examples, advice on passing each section of the exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Six unique 150 question practice exams to help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam. More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the exam A searchable glossary in PDF to give you instant access to the key terms you need to know for the exam Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk Management Asset Security Security Engineering Communication and Network Security Identity and Access Management Security Assessment and Testing Security Operations Software Development Security
Call Number: 005.8 CHA
Publication Date: 2018
Threat Modeling by Shostack, A.The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
Security Engineering by Anderson, R.J.The world has changed radically since the first edition of this book was published in 2001. Spammers, virus writers, phishermen, money launderers, and spies now trade busily with each other in a lively online criminal economy and as they specialize, they get better. In this indispensable, fully updated guide, Ross Anderson reveals how to build systems that stay dependable whether faced with error or malice. Here?s straight talk on critical topics such as technical engineering basics, types of attack, specialized protection mechanisms, security psychology, policy, and more.
Introduction to computer security by Bishop, M. ; Venkatramanayya, S.S.Introduction to Computer Security draws upon Bishop's widely praised Computer Security: Art and Science, without the highly complex and mathematical coverage that most undergraduate students would find difficult or unnecessary. The result: the field's most concise, accessible, and useful introduction. Matt Bishop thoroughly introduces fundamental techniques and principles for modeling and analyzing security. Readers learn how to express security requirements, translate requirements into policies, implement mechanisms that enforce policy, and ensure that policies are effective. Along the way, the author explains how failures may be exploited by attackers and how attacks may be discovered, understood, and countered. Supplements available including slides and solutions.
Call Number: 005.8 BIS
Publication Date: 2006
The Incremental Commitment Spiral Model by Boehm, B.; Turner, R.; Lane, J.A.; Koolmanojwong, S."The title makes a huge promise: a way to divide commitment into increments that are both meetable (good news for developers) and meaningful (good news for managers and stakeholders). And the book makes good on that promise." -Tom DeMarco, Principal, The Atlantic Systems Guild, author of Peopleware, Deadline, and Slack nbsp; "I am seriously impressed with this ICSM book. Besides being conceptually sound, I was amazed by the sheer number of clear and concise characterizations of issues, relationships, and solutions. I wanted to take a yellow highlighter to it until I realized I'd be highlighting most of the book." -Curt Hibbs, Chief Agile Evangelist, Boeing nbsp; Use the ICSM to Generate and Evolve Your Life-Cycle Process Assets to Best Fit Your Organization's Diverse and Changing Needs nbsp; Many systems development practitioners find traditional "one-size-fits-all" processes inadequate for the growing complexity, diversity, dynamism, and assurance needs of their products and services. The Incremental Commitment Spiral Model (ICSM) responds with a principle- and risk-based framework for defining and evolving your project and corporate process assets, avoiding pitfalls and disruption, and leveraging opportunities to increase value. nbsp; This book explains ICSM's framework of decision criteria and principles, and shows how to apply them through relevant examples. It demonstrates ICSM's potential for reducing rework and technical debt, improving maintainability, handling emergent requirements, and raising assurance levels. nbsp; Its coverage includes What makes a system development successful ICSM's goals, principles, and usage as a process-generation framework Creating and evolving processes to match your risks and opportunities Integrating your current practices and adopting ICSM concepts incrementally, focusing on your greatest needs and opportunities nbsp; About the Website: Download the evolving ICSM guidelines, subprocesses, templates, tools, white papers, and academic support resources atcsse.usc.edu/ICSM. nbsp;
Call Number: 005.1 BOE
Publication Date: 2014
The Mobile Application Hacker's Handbook by Chell, D.; Erasmus, T.; Lindsay, J.; Colley, S.; Whitehouse, O.The Mobile Application Hacker's Handbook is a comprehensive guide to securing all mobile applications by approaching the issue from a hacker's point of view. Heavily practical, this book provides expert guidance toward discovering and exploiting flaws in mobile applications on the iOS, Android, Blackberry, and Windows Phone platforms. You will learn a proven methodology for approaching mobile application assessments, and the techniques used to prevent, disrupt, and remediate the various types of attacks. Coverage includes data storage, cryptography, transport layers, data leakage, injection attacks, runtime manipulation, security controls, and cross-platform apps, with vulnerabilities highlighted and detailed information on the methods hackers use to get around standard security.
Mobile applications are widely used in the consumer and enterprise markets to process and/or store sensitive data. There is currently little published on the topic of mobile security, but with over a million apps in the Apple App Store alone, the attack surface is significant. This book helps you secure mobile apps by demonstrating the ways in which hackers exploit weak points and flaws to gain access to data.
Understand the ways data can be stored, and how cryptography is defeated
Set up an environment for identifying insecurities and the data leakages that arise
Develop extensions to bypass security controls and perform injection attacks
Learn the different attacks that apply specifically to cross-platform apps
IT security breaches have made big headlines, with millions of consumers vulnerable as major corporations come under attack. Learning the tricks of the hacker's trade allows security professionals to lock the app up tight. For better mobile security and less vulnerable data, The Mobile Application Hacker's Handbook is a practical, comprehensive guide.
Call Number: 005.8 CHE + eBook
Publication Date: 2015
Information Warfare and Security by Denning, D.E.This is a comprehensive and detailed view of information warfare. It presents methods, laws, and case examples stressing actual incidents to illustrate such instances. What individuals, corporations, and governments need to know about information-related attacks and defenses Every day, we hear reports of hackers who have penetrated computer networks, vandalized Web pages, and accessed sensitive information. We hear how they have tampered with medical records, disrupted emergency 911 systems, and siphoned money from bank accounts. Could information terrorists, using nothing more than a personal computer, cause planes to crash, widespread power blackouts, or financial chaos? Such real and imaginary scenarios, and our defense against them, are the stuff of information warfare-operations that target or exploit information media to win some objective over an adversary. Dorothy E. Denning, a pioneer in computer security, provides in this book a framework for understanding and dealing with information-based threats: computer break-ins, fraud, sabotage, espionage, piracy, identity theft, invasions of privacy, and electronic warfare. She describes these attacks with astonishing, real examples, as in her analysis of information warfare operations during the Gulf War. Then, offering sound advice for security practices and policies, she explains countermeasures that are both possible and necessary.
Call Number: 355.343 DEN
Publication Date: 1998
Managing Complex Systems by Eisner, H.Nine innovative methods to think outside the box and solve complexsystem problems Managing Complex Systems provides specific tools and guidanceneeded to be a more creative and innovative thinker. Following theauthor's methodology, the reader will be better able to devise andimplement nontraditional solutions to seemingly intractable complexproblems. By challenging the reader to think in new and creativeways, the book offers a road map to success, whether measured interms of competitive advantage, greater market share, improvedproductivity, or higher profits, all based upon better solutions todifficult problems. The first four chapters set the foundation for creative thinking byexploring the nature of large-scale systems and complexity,thinking inside and outside the box, and examples of how aninventive mind solves problems in both management and scientificdomains. Subsequent chapters address nine focused methods that theauthor has formulated to help the reader think outside thebox: * Broaden and generalize * Crossover * Question conventional wisdom * Back of the envelope * Expanding the dimensions * Obversity * Remove constraints * Thinking with pictures * Systems approach Real-life examples are provided for each method that demonstratehow the approach enhances problem solving and decision making insystem development and management. Following the discussion of thenine methods, the author examines group decision making as well asadditional creative thinking procedures devised by otherresearchers, including references that assist in exploring thesemethods in greater detail. The author ends with a wrap-up chapterthat includes a test to help readers practice their tendenciestoward creative thinking skills and action with respect to solvingreal-world problems. The nine methods discussed in this book have broad applicabilityand can be used successfully by managers with a wide range ofresponsibilities in business and technology. For anyone who istired of the same old approach with the same old results, this bookis essential reading.
Call Number: 658.404 EIS + eBook
Publication Date: 2005
CEHv9 : certified ethical hacker version 9 by Oriyano, S-P.The ultimate preparation guide for the unique CEH exam. The CEH v10: Certified Ethical Hacker Version 10 Study Guide is your ideal companion for CEH v10 exam preparation. This comprehensive, in-depth review of CEH certification requirements is designed to help you internalize critical information using concise, to-the-point explanations and an easy-to-follow approach to the material. Covering all sections of the exam, the discussion highlights essential topics like intrusion detection, DDoS attacks, buffer overflows, and malware creation in detail, and puts the concepts into the context of real-world scenarios. Each chapter is mapped to the corresponding exam objective for easy reference, and the Exam Essentials feature helps you identify areas in need of further study. You also get access to online study tools including chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms to help you ensure full mastery of the exam material. The Certified Ethical Hacker is one-of-a-kind in the cybersecurity sphere, allowing you to delve into the mind of a hacker for a unique perspective into penetration testing. This guide is your ideal exam preparation resource, with specific coverage of all CEH objectives and plenty of practice material. Review all CEH v10 topics systematically Reinforce critical skills with hands-on exercises Learn how concepts apply in real-world scenarios Identify key proficiencies prior to the exam The CEH certification puts you in professional demand, and satisfies the Department of Defense's 8570 Directive for all Information Assurance government positions. Not only is it a highly-regarded credential, but it's also an expensive exam--making the stakes even higher on exam day. The CEH v10: Certified Ethical Hacker Version 10 Study Guide gives you the intense preparation you need to pass with flying colors.
Call Number: 005.8 ORI + eBook
Publication Date: 2016
Security in Computing by Pfleeger, C.P. ; Pfleeger, S.L. ; Margulies, J.This book offers complete coverage of all aspects of computer security, including users, software, devices, operating systems, networks, law, and ethics. Reflecting rapidly evolving attacks, countermeasures, and computing environments, it introduces up-to-the-minute best practices for authenticating users, preventing malicious code execution, using encryption, protecting privacy, implementing firewalls, detecting intrusions, and more.
Call Number: 005.8 PFL
Publication Date: 2015
Cybersecurity and Cyberwar by Singer, P. W. ; Friedman, A.Dependence on computers has had a transformative effect on human society. Cybernetics is now woven into the core functions of virtually every basic institution, including our oldest ones. War is one such institution, and the digital revolution's impact on it has been profound. The Americanmilitary, which has no peer, is almost completely reliant on high-tech computer systems. Given the Internet's potential for full-spectrum surveillance and information disruption, the marshaling of computer networks represents the next stage of cyberwar. Indeed, it is upon us already. The recentStuxnet episode, in which Israel fed a malignant computer virus into Iran's nuclear facilities, is one such example. Penetration into US government computer systems by Chinese hackers - presumably sponsored by the Chinese government - is another. Together, they point to a new era in the evolution ofhuman conflict. In Cybersecurity and Cyberwar: What Everyone Needs to Know, noted experts Peter W. Singer and Allan Friedman lay out how the revolution in military cybernetics occurred and explain where it is headed. They begin with an explanation of what cyberspace is before moving on to discussions of how it canbe exploited and why it is so hard to defend. Throughout, they discuss the latest developments in military and security technology. Singer and Friedman close with a discussion of how people and governments can protect themselves. In sum, Cybersecurity and Cyberwar is the definitive account on thesubject for the educated layman who wants to know more about the nature of war, conflict, and security in the twenty first century.
Call Number: 005.8 SIN + eBook
Publication Date: 2014
Network Security Essentials by Stallings, W.For courses in Corporate, Computer and Network Security . Network Security: Innovations and Improvements Network Securities Essentials: Applications and Standards introduces readers to the critical importance of internet security in our age of universal electronic connectivity. Amidst viruses, hackers, and electronic fraud, organizations and individuals are constantly at risk of having their private information compromised. This creates a heightened need to protect data and resources from disclosure, guarantee their authenticity, and safeguard systems from network-based attacks. The Sixth Edition covers the expanding developments in the cryptography and network security disciplines, giving readers a practical survey of applications and standards. The text places emphasis on applications widely used for Internet and corporate networks, as well as extensively deployed internet standards.
Call Number: 005.8 STA + eBook
Publication Date: 2016
The Web Application Hacker's Handbook by Stuttard, D.; Pinto, M.The highly successful security book returns with a new edition, completely updated Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You'll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. Reveals how to overcome the new technologies and techniques aimed at defending web applications against attacks that have appeared since the previous edition Discusses new remoting frameworks, HTML5, cross-domain integration techniques, UI redress, framebusting, HTTP parameter pollution, hybrid file attacks, and more Features a companion web site hosted by the authors that allows readers to try out the attacks described, gives answers to the questions that are posed at the end of each chapter, and provides a summarized methodology and checklist of tasks Focusing on the areas of web application security where things have changed in recent years, this book is the most current resource on the critical topic of discovering, exploiting, and preventing web application security flaws. Also available as a set with, CEHv8: Certified Hacker Version 8 Study Guide, Ethical Hacking and Web Hacking Set, 9781119072171.
Call Number: eBook
Publication Date: 005.8 STU + 2011
Computer Networks 5th edn. by Tanenbaum, A.S.; Wetherall, D.J.Tanenbaum takes a structured approach to explaining how networks work from the inside out. He starts with an explanation of the physical layer of networking, computer hardware and transmission systems; then works his way up to network applications. Tanenbaum's in-depth application coverage includes email; the domain name system; the World Wide Web (both client- and server-side); and multimedia (including voice over IP, Internet radio video on demand, video conferencing, and streaming media. Each chapter follows a consistent approach.
Tanenbaum presents key principles, then illustrates them utilising real-world example networks that run through the entire book--the Internet, and wireless networks, including Wireless LANs, broadband wireless and Bluetooth. The Fifth Edition includes a chapter devoted exclusively to network security.
Call Number: 004.6 TAN + eBook
Publication Date: 2013
Penetration Testing by Weidman, G.Penetration testers simulate cyber attacks to find security weaknesses in networks, operating systems, and applications. Information security experts worldwide use penetration techniques to evaluate enterprise defenses. In Penetration Testing, security expert, researcher, and trainer Georgia Weidman introduces you to the core skills and techniques that every pentester needs. Using a virtual machine-based lab that includes Kali Linux and vulnerable operating systems, you'll run through a series of practical lessons with tools like Wireshark, Nmap, and Burp Suite. As you follow along with the labs and launch attacks, you'll experience the key stages of an actual assessment - including information gathering, finding exploitable vulnerabilities, gaining access to systems, post exploitation, and more. Learn how to: Crack passwords and wireless network keys with brute-forcing and wordlists Test web applications for vulnerabilities Use the Metasploit Framework to launch exploits and write your own Metasploit modules Automate social-engineering attacks Bypass antivirus software Turn access to one machine into total control of the enterprise in the post exploitation phase You'll even explore writing your own exploits. Then it's on to mobile hacking - Weidman's particular area of research - with her tool, the Smartphone Pentest Framework. With its collection of hands-on lessons that cover key tools and strategies, Penetration Testing is the introduction that every aspiring hacker needs.