Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Bücher
Zeitschriften
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
SLX-Digitalkonferenz: Zukunftswerkstatt 2024

Mehr Umsatz mit Top-Kontakten

Am 7. Mai erfahren Sie, wie Vertriebsteams Leadgenerierung, Leadnurturing und Leadstrategien effizient steuern können.
Erweiterte Suche
Anmelden
nach oben

2023 | Buch

The Psychology of Cybersecurity Kapitel lesen Erstes Kapitel lesen

Discovering Cybersecurity

A Technical Introduction for the Absolute Beginner

verfasst von: Seth James Nielson

Verlag: Apress

Enthalten in: Springer Professional "Wirtschaft+Technik" , Springer Professional "Technik" , Springer Professional "Wirtschaft"

Einloggen, um Zugang zu erhalten
insite
SUCHEN

Über dieses Buch

The contemporary IT landscape is littered with various technologies that vendors claim will “solve” an organization’s cybersecurity challenges. These technologies are powerful and, in the right context, can be very effective. But misunderstood and misused, they either do not provide effective protection or do not protect the right things. This results in unnecessary expenditures, false beliefs of security, and interference with an organization’s mission.

This book introduces major technologies that are employed in today’s cybersecurity landscape and the fundamental principles and philosophies behind them. By grasping these core concepts, professionals in every organization are better equipped to know what kind of technology they need, ask the right questions of vendors, and better interface with their CISO and security organization. The book is largely directed at beginners, including non-technical professionals such as policy makers, compliance teams, and business executives.

What You Will Learn

Authentication technologies, including secure password storage and how hackers “crack” password listsAccess control technology, such as BLP, BIBA, and more recent models such as RBAC and ABACCore cryptography technology, including AES encryption and public key signaturesClassical host security technologies that protect against malware (viruses, trojans, ransomware)Classical network security technologies, such as border security (gateways, firewalls, proxies), network IDS and IPS, and modern deception systemsWeb security technologies, including cookies, state, and session defenses, and threats that try to subvert themEmail and social media security threats such as spam, phishing, social media, and other email threats

Who This Book Is For

Professionals with no technical training in engineering, computers, or other technology; those who want to know things at a technical level but have no previous background; professionals with a background in policy, compliance, and management; technical professionals without a background in computer security who seek an introduction to security topics; those with a security background who are not familiar with this breadth of technology.

Inhaltsverzeichnis

Frontmatter
1. The Psychology of Cybersecurity
Abstract
This chapter is focused on the technology of the human brain and how that technology interfaces with other devices and operations associated with cybersecurity. Much of the human-made technology in this area does not interface with humans very well at all. The systems and methods used to protect humans need to accept and account for human errors and manipulation.
Seth James Nielson
2. Authentication Technology
Abstract
In this chapter, you will learn about how parties (typically human parties) can be identified to a computer system. This process is called authentication. For identifying a human party, there are three common approaches: something you know (like a password), something you have (like your phone), or something you are (like a fingerprint). Although it is popular to talk about passwords as “weak” and other mechanisms like biometrics as “strong,” every approach has pros and cons, strengths and weaknesses.
Seth James Nielson
3. Authorization Technology
Abstract
Building on top of authentication concepts from last chapter, this chapter presents how authenticated users are given permissions within a system. This is also known as authorization. Authorization is also a great starting point for learning about security policy models. These models are conceptual structures that provide a framework for understanding how to think about the security of a system. One of the earliest models is known as Bell-LaPadula (BLP). BLP, and a similar model named Biba, provides some good groundwork for authorization and security models. More modern policies tend to fall into a policy family, such as Domain and Type Enforcement (DTE), role-based access controls (RBAC), and attribute-based access controls (ABAC). In most computer systems, authorization policies are implemented using access controls that determine the appropriate permissions for an authenticated user and a given computing resource.
Seth James Nielson
4. Cryptography Foundations
Abstract
This chapter introduces the concept of cryptography, or mathematical codes used to protect data. It can be a tough concept. To help make this concept more comprehensible, this chapter covers some of the goals and requirements for cryptography. It then uses some historical examples to illustrate a subset of these principles. People have been using secret codes since before computers. These examples can be easier to understand but can also effectively introduce some concepts like key size, block size, brute force, block ciphers, stream ciphers, and cryptanalysis.
Seth James Nielson
5. Core Cryptography Technology
Abstract
This chapter provides an overview of modern symmetric encryption and asymmetric encryption.
Seth James Nielson
6. Cryptographic Systems Technologies
Abstract
Using the building blocks from the previous chapter, this chapter puts them together in two example systems. One of these, Transport Layer Security (TLS), is used to secure Internet communications. One key consideration for the design of a cryptographic system is protection against a man-in-the-middle, a model wherein the attacker can intercept, and potentially modify or generate, messages.
Seth James Nielson
7. Host Security Technology
Abstract
Digging into a more concrete topic, this chapter covers both attacks and defenses on host computer systems. The first half of the chapter focuses on building a robust system using isolation and access control through operating system design, hardware enforcement and software enforcement. The second half of the chapter digs into attacks on these systems through exploitation of design flaws and/or malicious software.
Seth James Nielson
8. Classical Network Security Technology
Abstract
Building on the previous chapter, I will now examine attacks and defenses for networks and how they have evolved over time as network architectures and attack vectors have evolved. Because this chapter is about classical network security, I will focus on perimeter defenses built around firewalls, proxies, and other similar devices. Intrusion detection, including defensive deception, provides a second layer of security by identifying intruders if they get past the outer walls. I also discuss how attackers bypass network security systems.
Seth James Nielson
9. World Wide Web Security
Abstract
The Internet and the World Wide Web have specific security needs and challenges, many of which relate to how applications are built on top of the original stateless HTTP protocol. We will examine these issues and the many solutions that address them.
Seth James Nielson
10. Overlay Security: Email and Social Media
Abstract
The rich infrastructure of the Internet and the World Wide Web allows us to build semantic communications networks that operate at a more abstract level. In this chapter, we’ll discuss email and social media, two kinds of overlay networks that allow communications between individuals and organizations. Similar security principles apply here, but because these networks also present unique security challenges.
Seth James Nielson
Backmatter
Metadaten
Titel
Discovering Cybersecurity
verfasst von
Seth James Nielson
Copyright-Jahr
2023
Verlag
Apress
Electronic ISBN
978-1-4842-9560-1
Print ISBN
978-1-4842-9559-5
DOI
https://doi.org/10.1007/978-1-4842-9560-1

Premium Partner

    Bildnachweise