Discovering Cybersecurity: A Technical Introduction for the Absolute Beginner
暫譯: 發現網路安全:絕對初學者的技術入門
Nielson, Seth James
相關主題
商品描述
This book introduces major technologies that are employed in today's cybersecurity landscape and the fundamental principles and philosophies behind them. By grasping these core concepts, professionals in every organization are better equipped to know what kind of technology they need, ask the right questions of vendors, and better interface with their CISO and security organization. The book is largely directed at beginners, including non-technical professionals such as policy makers, compliance teams, and business executives.
What You Will Learn
- Authentication technologies, including secure password storage and how hackers "crack" password lists
- Access control technology, such as BLP, BIBA, and more recent models such as RBAC and ABAC
- Core cryptography technology, including AES encryption and public key signatures
- Classical host security technologies that protect against malware (viruses, trojans, ransomware)
- Classical network security technologies, such as border security (gateways, firewalls, proxies), network IDS and IPS, and modern deception systems
- Web security technologies, including cookies, state, and session defenses, and threats that try to subvert them
- Email and social media security threats such as spam, phishing, social media, and other email threats
Who This Book Is For
Professionals with no technical training in engineering, computers, or other technology; those who want to know things at a technical level but have no previous background; professionals with a background in policy, compliance, and management; technical professionals without a background in computer security who seek an introduction to security topics; those with a security background who are not familiar with this breadth of technology.商品描述(中文翻譯)
當前的資訊科技環境充斥著各種技術,供應商聲稱這些技術能夠「解決」組織的網路安全挑戰。這些技術功能強大,在適當的情境下可以非常有效。但如果被誤解或誤用,這些技術要麼無法提供有效的保護,要麼無法保護正確的事物。這導致不必要的支出、對安全的錯誤信念,以及對組織使命的干擾。
本書介紹了當今網路安全環境中使用的主要技術,以及其背後的基本原則和理念。通過掌握這些核心概念,各組織的專業人士能夠更好地了解他們需要什麼樣的技術,向供應商提出正確的問題,並更好地與其首席資訊安全官(CISO)和安全組織進行互動。本書主要針對初學者,包括政策制定者、合規團隊和商業高管等非技術專業人士。
**您將學到的內容**
- 認證技術,包括安全的密碼儲存以及駭客如何「破解」密碼列表
- 存取控制技術,如 BLP、BIBA,以及更近期的模型如 RBAC 和 ABAC
- 核心加密技術,包括 AES 加密和公鑰簽名
- 經典的主機安全技術,用於防護惡意軟體(病毒、木馬、勒索軟體)
- 經典的網路安全技術,如邊界安全(閘道器、防火牆、代理伺服器)、網路 IDS 和 IPS,以及現代的欺騙系統
- 網頁安全技術,包括 cookies、狀態和會話防禦,以及試圖顛覆它們的威脅
- 電子郵件和社交媒體安全威脅,如垃圾郵件、釣魚攻擊、社交媒體和其他電子郵件威脅
**本書適合誰閱讀**
沒有工程、計算機或其他技術背景的專業人士;希望在技術層面了解事物但沒有先前背景的人;具有政策、合規和管理背景的專業人士;尋求安全主題入門的技術專業人士,但沒有計算機安全背景;對這些技術範疇不熟悉的安全背景人士。
作者簡介
作者簡介(中文翻譯)
塞斯·詹姆斯·尼爾森 (Seth James Nielson), PhD 是 Crimson Vista 的創辦人及首席科學家,這是一家專注於網路安全工程的公司。他為從初創企業到《財富》50 強公司提供安全方面的建議。尼爾森博士還在德克薩斯州大學奧斯汀分校教授網路安全課程。他曾撰寫或共同撰寫有關物聯網安全、駭客攻擊可攜式化學製造系統以及教授學生計算機安全的方法等主題的論文。尼爾森博士還共同撰寫了 Apress 出版的書籍 Python 實用密碼學。
