Information security book excerpts and reviews

CISSP All-in-One Exam Guide, Sixth Edition
Written by Shon Harris
Published by McGraw-Hill Osborne Media
This excerpt from chapter 1 of CISSP All-in-One Exam Guide, Sixth Edition, has been updated to completely cover the latest releases from (ISC)2, including references for government employees and contractors subject to new requirements. Also, get several brand-new CISSP exam practice questions when you download the full chapter.

Requires Free Membership to View

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

>>READ AN EXCERPT FROM CHAPTER 1, CISSP ALL-IN-ONE EXAM GUIDE

Network Forensics: Tracking Hackers Through Cyberspace
Written by Sherri Davidoff and Jonathan Ham
Published by Prentice Hall Publishing
In this excerpt from chapter 10 of Network Forensics: Tracking Hackers Through Cyberspace, authors Sherri Davidoff and Jonathan Ham discuss Web proxies and caching and how these technologies can benefit forensic analysts.
>>READ AN EXCERPT FROM CHAPTER 10, NETWORK FORENSICS: TRACKING HACKERS THROUGH CYBERSPACE

The CERT Guide to Insider Threats
Written by Dawn M Cappelli, Andrew P Moore, and Randall F. Trzeciak
Published by Addison-Wesley Professional
In this excerpt from chapter 3 of The CERT Guide to Insider Threats, authors Dawn M Cappelli, Andrew P Moore, and Randall F. Trzeciak describe entitlement-based attack models and how to implement controls to prevent entitled assailants from gaining access to critical information.
>>READ AN EXCERPT FROM CHAPTER 3, INSIDER THEFT OF INTELLECTUAL PROPERTY

Web Application Security: A Beginner’s Guide
Written by Bryan Sullivan and Vincent Liu
Published by McGraw-Hill
In this excerpt from chapter 5 of Web Application Security: A Beginner’s Guide, authors Bryan Sullivan and Vincent Liu describe the intricacies of using script code within the framework of a same-origin policy and detail key exceptions to the effectiveness of this procedure.
>>READ AN EXCERPT FROM CHAPTER 5, BROWSER SECURITY PRINCIPLES: THE SAME ORIGIN POLICY

Security Metrics: A Beginner’s Guide
Written by Caroline Wong
Published by McGraw-Hill
In this excerpt from chapter 10 of Security Metrics: A Beginner’s Guide, author Caroline Wong offers key strategies for managing a team of stakeholders in order to control buy-in and implement a security metrics project.
>>READ AN EXCERPT FROM CHAPTER 10, OBTAINING BUY-IN FROM STAKEHOLDERS

Securing the Clicks: Network Security in the Age of Social Media
Written by Gary Bahadur, Jason Inasi, and Alex de Carvalho
Published by McGraw-Hill
In this excerpt from chapter 6 of Securing the Clicks: Network Security in the Age of Social Media, author Gary Bahadur offers insights on effective social media policy and illustrates different strategies for managing in-house and external applications
>>READ AN EXCERPT FROM CHAPTER 6, SECURITY MEDIA POLICY BEST PRACTICES

Mike Myer's CompTIA Security+ Certification Passport
Written by T.J. Samuelle
Published by McGraw-Hill
Questions and answers for a CompTIA security practice exam are included in CompTIA Security+ Certification Passport. In this excerpt from chapter 7, author T,J, Samuelle describes several authentication models and discusses identity management.
>> READ AN EXCERPT FROM CHAPTER 7: AUTHENTICATION AND IDENTITY MANAGEMENT

Bookmark this page

Find the best information security and compliance book chapter excerpts and download right here: http://searchsecurity.com/bookshelf

IT Auditing: Using Controls to Protect Information Assets
Written by Chris Davis, Mike Schiller and Kevin Wheeler
Published by McGraw-Hill
This chapter from Securing the Clicks: Network Security in the Age of Social Media discusses auditing virtualized environments, and begins with an overview of common virtualization technologies and key controls.
>> READ AN EXCERPT FROM CHAPTER 11: AUDITING VIRTUALIZED ENVIRONMENTS

Gray Hat Hacking: The Ethical Hacker's Handbook, 3rd ed.
Written by Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey and Terron Williams
Published by McGraw-Hill
In this chapter from Gray Hat Hacking: The Ethical Hacker's Handbook, 3rd ed., learn how to detect and work to prevent content-type attacks in your environment.
>> READ AN EXCERPT FROM CHAPTER 16: UNDERSTANDING AND DETECTING CONTENT-TYPE ATTACKS

The Tips and Tricks Guide to Managed File Transfer
Written by Don Jones
Published by RealTime Publishers
In this excerpt from Volume 1 of The Tips and Tricks Guide to Managed File Transfer, author Don Jones explains what steps your enterprise should take to ensure secure managed file transfers that also meet compliance requirements.
>> READ AN EXCERPT FROM VOLUME 1: TIP, TRICK, TECHNIQUE 4: HOW DOES MANAGED FILE TRANSFER HELP ME MEET AND MAINTAIN COMPLIANCE REQUIREMENTS?

Surreptitious Software
Written by Christian Collberg and Jasvir Nagra
Published by Addison-Wesley Professional
In Surreptitious Software, authors Christian Collberg and Jasvir Nagra review the indispensible techniques that software developers can use to protect vital intellectual property. The techniques reviewed in the book include cryptography, steganography, watermarking, software metrics, reverse engineering, and compiler optimization. Learn to master the techniques that both attackers and defenders use to analyze programs.
>> READ AN EXCERPT FROM CHAPTER 7: SOFTWARE TAMPERING
>> PODCAST: AUTHORS JASVIR NAGRA AND CHRISTIAN COLLBERG REVEAL WHY THE BOOK IS NOT JUST FOR PROFESSIONALS WHO MAY NOT HAVE AN INTEREST IN CODE.

The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives
Written by Rebecca Herold
Published by RealTime Publishers
The Shortcut Guide to Understanding Data Protection from Four Critical Perspectives is your "Rosetta Stone" of data protection for all levels of corporate staff. In this four-chapter ebook, author Rebecca Herold reviews what IT operations teams, commpliance leaders, corporate business leaders and information security leaders specifically need to know about enterprise data protection.
>> READ AN EXCERPT FROM CHAPTER 2: WHAT CORPORATE COMPLIANCE LEADERS NEED TO KNOW ABOBUT DATA PROTECTION

Practical Intrusion Analysis: Prevention and Detection for the Twenty-First Century
Written by Ryan Trost
Published by Addison-Wesley Professional
Practical Intrusion Analysis explores state-of-the-art intrusion detection and prevention techniques, including network behavioral analysis, data visualization and geospatial analysis on wired and wireless networks and physical devices. In his book, author Ryan Trost reviews cutting-edge IDS technologies that use new visualization tools to report data.
>> READ AN EXCERPT FROM CHAPTER 4: LIFECYCLE OF A VULNERABILITY
>> PODCAST: AUTHOR RYAN TROST REVIEWS THE LATEST ADVANCEMENTS IN INTRUSION DETECTION.

Chained Exploits: Advanced hacking from start to finish
Written by Andrew Whitaker, Keatron Evans, Jack B. Voth
Published by Addison-Wesley | Pearson Education
Three security pros have put together a guide on how to perform and prevent today's toughest chained attacks. The book presents detailed examples of real-world attack strategies and actual high-value targets, including credit card and healthcare data.
>> READ AN EXCERPT FROM CHAPTER 2: DISCOVER WHAT YOUR BOSS IS LOOKING AT
>> AUTHOR KEATRON EVANS EXPLAINS AN INNOVATIVE WAY THAT PHISHERS CAN TRICK EMPLOYEES INTO DOWNLOADING MALWARE.

The Truth about Identity Theft
Written by Jim Stickley
Published by Addison-Wesley | Pearson Education
Author Jim Stickley was hired to test corporations' security, particularly how well they were protect against identity theft. In The Truth about Identity Theft, Stickley reveals how he was able to steal credit cards, hack Social Security numbers and break into banks.
>> READ AN EXCERPT FROM CHAPTER 11: SOCIAL ENGINEERING
>> PODCAST: AUTHOR JIM STICKLEY REVEALS JUST HOW EASY IT IS FOR A CYBERCRIMINAL TO STEAL A PASSWORD.

IPv6 Security
Written by Scott Hogg and Eric Vyncke
Published by Addison-Wesley | Pearson Education
IPv6 is on the way, and networking professionals going through the protocol transition need to have a strong understanding of the security challenges. In this title, two leading Internet security practitioners review how to address specific security deficiencies that occur within IPv6 environments.
>> READ AN EXCERPT FROM CHAPTER 7 AND WATCH AN INTERVIEW WITH AUTHOR ERIC VYNCKE

Applied Security Visualization
Written by Raffael Marty
Published by Addison-Wesley | Pearson Education
By taking advantage of available data visualization techniques, author Raffael Marty explains how you can gain a a better understanding of what's happening on your network at any moment. Applied Security Visualization explains how to transform the most complex network data into crystal-clear graphs, tables and visual representations.
>> AUTHOR RAFFAEL MARTY DISCUSSES HOW TO BUILD THE BRIDGE BETWEEN THE SECURITY AND THE VISUALIZATION TEAM.

Voice over IP Security
Written by Patrick Park
Published by Addison-Wesley | Pearson Education
Firewalls and network devices alone will not protect voice networks from recent innovative attacks and fraud. In Voice over IP security, author Patrick Park reviews a new set of emerging threats to VoIP networks.
>> READ AN EXCERPT FROM CHAPTER 2
>> PODCAST: AUTHOR PATRICK PARK REVEALS TWO OF THE BIGGEST VOIP MYTHS AROUND.

The New School of Information Security
Written by Adam Shostack and Andrew Stewart
Published by Addison-Wesley | Pearson Education
Security experts Adam Shostack and Andrew Stewart offer honest and perhaps troubling answers to today's information security questions. The New School of Information Security explains why professionals have taken to studying economics, not cryptography--and why you should, too. See why the authors are saying that security breach notices are the best thing to ever happen to information security.
>> READ AN EXCERPT FROM CHAPTER 7

The Shortcut Guide to Extended Validation SSL Certificates
Written by Dan Sullivan
Published by Realtimepublishers
The Internet has rapidly become an integral part of day-to-day business and is now a critical component to business operations, posing unique security challenges for any organization. The risks of unchecked security weaknesses can range from fraud and identity theft which may ultimately damage a company's brand and reputation. This guide addresses one method for establishing trust: the use of Extended Validation Secure Sockets Layer SSL (EV SSL) certificates.
>> READ AN EXCERPT FROM CHAPTER 2

Geekonomics: The Real Cost of Insecure Software
Written by David Rice
Published by Addison-Wesley
Software has become crucial to the very survival of civilization. But badly written, insecure software is hurting people -- and costing businesses and individuals billions of dollars every year. In Geekonomics, David Rice reveals how people can revamp the software industry's incentives to get the reliability and security that users need and deserve.
>> READ AN EXCERPT FROM CHAPTER 1
>> AUTHOR DAVID RICE EXPLAINS WHY THE NEED FOR FEATURES HAS LED TO BAD SOFTWARE.

The Craft of System Security
Written by Sean Smith and John Marchesini
Published by Addison-Wesley
The Craft of System Security introduces the modern security practitioner's toolkit and reveals why each particular tool exists. Authors Sean Smith and John Marchesini discuss the new threat landscape and use real-life anecdotes to illustrate the evolution of today's security challenges and responses.
>> READ AN EXCERPT FROM CHAPTER 16
>> LISTEN TO AUTHOR SEAN SMITH TELL REAL-LIFE ANECDOTES OF PRIVACY LOSS DISASTERS.

Virtual Honeypots: From Botnet Tracking to Intrusion Detection
Written by Niels Provos and Thorsten Holz
Published by Addison-Wesley
Honeypots have demonstrated immense value in Internet security, but physical honeypot deployment can be prohibitively complex, time-consuming and expensive. Now there's a breakthrough solution. In this hands-on book, two leading honeypot pioneers explain exactly how to implement, configure, use and maintain virtual honeypots.
>> READ AN EXCERPT FROM CHAPTER 11
>> LISTEN TO AUTHOR NIELS PROVOS DEMONSTRATE HOW VIRTUAL HONEYPOTS CAN COLLECT MALWARE

Securing VoIP Networks: Threats, Vulnerabilities, and Countermeasures
Written by Peter Thermos and Ari Takanen
Published by Addison-Wesley
As Voice-over-IP (VoIP) becomes more important to service providers, carriers, commercial organizations and residential users, protecting VoIP communications becomes increasingly urgent. Drawing on case studies from extensive fieldwork, the authors address VoIP security from the perspective of real-world network implementers, managers and security specialists.
>> READ AN EXCERPT FROM CHAPTER 6
>> LISTEN TO AUTHOR PETER THERMOS REVEAL THE ATTACKS RELATED TO TELEPHONY SERVICES

Fuzzing: Brute Force Vulnerability Discovery
Written by Michael Sutton, Adam Greene and Pedram Amini
Published by Addison-Wesley
Fuzzing has evolved into one of today's most effective approaches to test software security, and this book introduces state-of-the-art fuzzing techniques that can find vulnerabilities in network protocols, file formats and Web applications. Throughout each chapter, the three authors also present several insightful case histories that show the bug-finding technique at work.
>> READ AN EXCERPT FROM CHAPTER 21
>> LISTEN TO AUTHOR MICHAEL SUTTON DEFINE THE PHASES OF FUZZING

Security Metrics: Replacing Fear, Uncertainty, and Doubt
Written by Andrew Jaquith
Published by Addison-Wesley
Using sample charts, graphics, case studies and war stories, Yankee Group security expert Andrew Jaquith demonstrates how to establish effective metrics that fit your organization's unique requirements. Jaquith explains how to quantify hard-to-measure security activities, compile and analyze all relevant data, set cost-effective priorities for improvement, and craft compelling messages for senior management.
>> READ AN EXCERPT FROM CHAPTER 6
>> LISTEN TO AUTHOR ANDREW JAQUITH EXPLAIN THE FEATURES OF A SECURITY SCORECARD

The Art of Software Security Testing: Identifying Software Security Flaws
Written by Chris Wysopal, Lucas Nelson, Dino Dai Zovi and Elfriede Dustin
Published by Addison-Wesley
The deck is stacked heavily against the software developer, and malicious hackers are ready to exploit today's many coding and design vulnerabilities. In this book, authors Chris Wysopal, Lucas Nelson, Dino Dai Zovi and Elfriede Dustin deliver in-depth, up-to-date, battle-tested techniques that can identify software security problems before the bad guys do.
>> READ AN EXCERPT FROM CHAPTER 11
>> HEAR CO-AUTHOR CHRIS WYSOPAL IDENTIFY COMMON SOFTWARE FLAWS

Endpoint Security
Written by Mark S. Kadrich
Published by Addison-Wesley
Despite massive investments in security technology and training, hackers are increasingly succeeding in attacking networks at their weakest links: their endpoints. Now, leading security expert Mark Kadrich introduces a breakthrough, "one-size-does-not-fit-all" approach to protecting all of your endpoint devices, from desktops and notebooks to PDAs and cell phones.

>> READ AN EXCERPT FROM CHAPTER 3
>> HEAR AUTHOR MARK S. KADRICH EXPLAIN HOW TO ENABLE NETWORK ACCESS

The Shortcut Guide to Protecting Business Internet Usage
Written by Dan Sullivan
Published by Realtime Publishers
The complexity of today's Internet threats demands that information security pros not only understand how they occur, but also how to combat them while avoiding costly countermeasures that provide more protection than an organization needs. In this eBook, author Dan Sullivan examines the critical business drivers enterprise security professionals must address to keep their corporations' information assets and its infrastructure secure.
>> READ EXCERPTS FROM CHAPTER 3

How to Cheat at Managing Information Security
Written by Mark Osborne
Published by Syngress Publishing
For information security managers, having a solid understanding of all major security issues is integral to effectively managing their departments and keeping privileged information safe. From designing remote access options to implementing security policies, author Mark Osborne provides in-depth information required to become a successful security manager.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 7

Business Continuity and Disaster Recovery for InfoSec Managers
Written by John W. Rittinghouse and James F. Ransome
Published by Digital Press, a division of Elsevier
Every information security officer would like to avoid a disaster, however its best to be prepared should the unforeseeable happen. In this book, authors John W. Rittinghouse and James F. Ransome provide operational security management techniques information security managers can use to establish and maintain an effective business continuity plan.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 1

Implementing Database Security and Auditing
Written by Ron Ben Natan
Published by Digital Press, a division of Elsevier
Because the database stores an enterprise's most valuable asset, its security should be a priority. From encryption to access controls, author Ron Ben Natan examines a wide variety of database security topics to protect databases and avoid a security breach.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 9

Securing Storage: A Practical Guide to SAN and NAS Security
Written by Himanshu Dwivedi
Published by Addison-Wesley Professional
Storage security is a crucial to protecting sensitive information and complying with regulations, yet it's often overlooked by security pros. In this book, author Himanshu Dwivedi explains the dangers of unsecured SAN and NAS systems and offers practical solutions for locking them down and keeping attackers from gaining access.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 2

Preventing Web Attacks with Apache
Written by Ryan C. Barnett
Published by Addison-Wesley Professional
Considered mandatory reading for anyone running Apache, this book provides step-by-step guidance on the exploits that target Apache servers and Web applications and how to defend against them.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 7

How to Break Web Software: Functional and Security Testing of Web Applications and Web Services
Written by Mike Andrews and James A. Whittaker
Published by Addison-Wesley
If your Web sites, applications and services are vulnerable to attack, you need to find out before a hacker does. In this hands-on guide, Mike Andrews and James A. Whittaker explain where to look for potential threats and how to conduct tests to prevent attacks.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 4

Software Security: Building Security In
Written by Gary McGraw
Published by Addison-Wesley Professional
In this book, author Gary McGraw begins where he left off in his best-selling book, "Building Secure Software," and teaches you methods for adding security to your development processes. He provides detailed explanations of risk management frameworks and processes, code review, architectural risk analysis, pen testing, security testing and abuse case development, and explains how to make them work for you.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 5

Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition
Written by Ed Skoudis and Tom Liston
Published by Prentice Hall
In the updated version of this best-selling network security guide, security expert Ed Skoudis teams up with Tom Liston to provide the latest information on hacker tools and techniques, and arm you with tactics for recognizing and preventing them.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 7

The Little Black Book of Computer Security
Written by Joel Dubin
Published by 29th Street Press
This book is a concise guide to network security for IT managers and security practitioners. Topics are presented in an easy-to-read checklist format, making it a quick reference guide on a variety of strategies for securing enterprise networks and systems.
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 5, TAKING CARE OF PHYSICAL SECURITY
>> READ AN EXCERPT AND DOWNLOAD CHAPTER 6, MANAGING HUMAN RESOURCES

Rootkits: Subverting the Windows Kernel
Written by Greg Hoglund & James Butler
Published by Addison-Wesley
Considered a "must read" for all security professionals, this book provides a detailed guide to understanding, detecting and preventing Rootkit attacks.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK

Spies Among Us: How to Stop the Spies, Terrorists, Hackers, and Criminals You Don't Even Know You Encounter Every Day
Written by Ira Winkler
Published by Wiley
Using personal examples, Ira Winkler explains how easy it can be for anyone to infiltrate any company's confidential information and he offers advice on how to protect your organization.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK

Information Nation Warrior: Information Compliance Management Boot Camp
Written by Randolph A. Kahn, Esq. & Barclay T. Blair
Published by AIIM Publishing
This book uses real-life stories to address the compliance needs of executives in the four key areas – IT, legal, business and records management. It offers handy checklists and tips to arms readers with tools for battling the compliance challenge.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK

Information Security Policies Made Easy, Version 10
Written by Charles Cresson Wood
Published by Information Shield
Often touted as the definitive guide to information security policies, this book provides more than 1,360 pre-written policies organized in ISO 17799 format.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK

Cryptography for Dummies
Written by Chey Cobb
Published by John Wiley & Sons
Learn the ins-and-outs of cryptography, from crypto basics to deciding what you really need.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> SHARE YOUR OPINION OF THIS BOOK

The Black Book on Corporate Security
Published by Larstan Publishing
This collection of essays focuses on security management topics ranging from intellectual property protection to identity theft. Each essay is written by a different author -- many of them vendors -- whose contact information is also included.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> READ A REVIEW OF THIS BOOK
>> SHARE YOUR OPINION OF THIS BOOK

The Art of Computer Virus Research and Defense
Written by Peter Szor
Published by Symantec Press
This book provides the computer science and mathematical theories underlying computer viruses as well as their history, starting with the "Creeper" virus in the early 1970s.
>> READ AN EXCERPT AND DOWNLOAD A CHAPTER FROM THE BOOK
>> READ A REVIEW OF THIS BOOK

The Executive Guide to Information Security: Threats, Challenges and Solutions
Written by Mark Egan with Tim Mather
Published by Symantec Press
Written for C-level executives, this summary of security challenges and practices provides concise, nontechnical, business-driven explanations of what information security really is and how it should be managed in the enterprise.
>> READ AN EXCERPT FROM THE BOOK
>> READ A REVIEW OF THIS BOOK
>> SHARE YOUR OPINION OF THIS BOOK

Outsourcing Information Security
Written by C. Warren Axelrod
Published by Artech House
This book provides an overview of outsourcing and the associated information security risks. In addition to discussions regarding the justification, risks, costs, benefits and evaluation of outsourcing, the author addresses the business decision process.
>> READ AN EXCERPT FROM THE BOOK
>> READ A REVIEW OF THIS BOOK
>> SHARE YOUR OPINION OF THIS BOOK

Information Protection Made Easy: A guide for employees and contractors
Written by David J. Lineman
Published by Information Shield Inc.
In this excerpt of Chapter 3: Security rules to live by from Information Protection Made Easy: A guide for employees and contractors, author David J. Lineman examines how complying with enterprise and federal laws and regulations affects information security and provides guidelines practitioners can use to protect themselves and their organization.
>> READ AN EXCERPT FROM THE BOOK