دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
برای ارتباط با ما می توانید از طریق شماره موبایل زیر از طریق تماس و پیامک با ما در ارتباط باشید
در صورت عدم پاسخ گویی از طریق پیامک با پشتیبان در ارتباط باشید
برای کاربرانی که ثبت نام کرده اند
درصورت عدم همخوانی توضیحات با کتاب
از ساعت 7 صبح تا 10 شب
ویرایش:
نویسندگان: Hamid Jahankhani (editor)
سری:
ISBN (شابک) : 9811204454, 9789811204456
ناشر: WSPC
سال نشر: 2020
تعداد صفحات: 598
زبان: English
فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود)
حجم فایل: 8 Mb
در صورت ایرانی بودن نویسنده امکان دانلود وجود ندارد و مبلغ عودت داده خواهد شد
در صورت تبدیل فایل کتاب Cyber Security Practitioner's Guide به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب راهنمای کارشناس امنیت سایبری نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
Contents About the Editor Contributors’ Biographies Introduction: It’s Time to Make the Case for Ethics Facets of Performance The Need for a New Dimension Ethics and morals The principal ethical philosophies The Emerging Reality Ethics now The need for pragmatism What Next? Chapter 1 Attack Vectors and the Challenge of Preventing Data Theft 1.1. Cyber Attack Vectors 1.1.1. A brief look at the attack vectors in high profile leaks 1.1.2. Overview of the high-profile leaks 1.1.3. High profile leaks and insider threat 1.1.4. What exfiltration methods are possible on a corporate network? 1.2. Scope of Discussion on Data Exfiltration Methods 1.2.1. Web server attack — SQL injection 1.2.2. Cross Site Scripting 1.2.3. PowerShell exploits 1.2.4. Command and Control 1.2.5. Phishing emails 1.2.6. Documents with embedded code and other attachments 1.2.7. Business Email Compromise 1.2.8. Emerging threats: Knock-Knock and Office 365 1.3. Exfiltration Methods 1.3.1. Exfiltration using DNS aka DNS tunnelling 1.3.2. DNS tunnelling tools 1.3.3. DNS tunnelling detection 1.3.4. Malware using DNS tunnelling 1.4. The Threat Posed by Web Storage and Web Exfiltration 1.4.1. ICMP tunnelling 1.4.2. NTP tunnelling 1.4.3. The threat posed by email 1.4.4. Steganography 1.4.5. Dealing with a cyber attack 1.5. Remediation of Security Breaches 1.5.1. Detecting attacks using honeypots 1.5.2. Detecting attacks by network monitoring 1.6. Detection of Security Breaches — Overview 1.6.1. Black hat, white hat and grey hat hacking 1.6.2. Open-sourcing of security tools 1.7. Methods and Models for Security and Privacy 1.7.1. Methods for security reengineering 1.7.2. Privacy-enhancing technologies and trustworthy information systems 1.8. What Kinds of Products Are There to Prevent Data Theft? 1.9. Detect and Block Using a Firewall 1.9.1. Detect and block using an agent or app at the endpoint 1.9.2. Detect and block using a proxy 1.9.3. Detect and block using a next-generation firewall 1.9.4. Detect and alert using network traffic analysis 1.9.5. Detecting sensitive data 1.10. Recommendations to Protect Against Data Theft 1.11. The Future — STIX, TAXII and Cyber Threat Intelligence 1.12. Conclusion on How to Guard Against Attacks and Prevent Data Theft Glossary References Chapter 2 Management of a Cyber Attack 2.1. Introduction 2.1.1. What is a cyber attack? 2.1.2. Some cyber attack statistics 2.2. Security Incident Response from an Organisation’s Viewpoint 2.2.1. Creating effective security policies 2.2.1.1. Format and layout of a policy 2.2.1.2. Preparing a security policy 2.2.1.3. Exceptions to policy 2.2.2. Cyber incident response plan 2.2.2.1. Security procedures 2.2.2.2. Identification 2.2.2.3. Initial containment 2.2.2.4. Notification 2.2.2.5. Analysis 2.2.2.6. Containment 2.2.2.7. Eradication 2.2.2.8. Recovery 2.2.2.9. Post-incident actions 2.3. Business Risk and Cyber Insurance — Its Place in Your Cyber Response Toolkit 2.3.1. What is risk management? 2.3.2 Cyber insurance 2.4. Conclusion References Chapter 3 Practical Cyber Security for Digital Trains 3.1. Introduction 3.2. In Search of Solutions 3.3. Critical Infrastructure 3.4. Conclusion Glossary References Chapter 4 An Approach to Identify Risk-Based Human Behaviour Profiling Within an Office Environment 4.1. Background 4.1.1. The target organisation 4.2. Security Architecture 4.2.1. Proximity technology 4.2.2. Data source 4.2.3. Design approach 4.2.4. Insider threat 4.3. Behaviour Traits 4.4. Threat Detection Methodology 4.4.1. Roles and relationships 4.4.2. Zoning 4.4.3. Infrastructure features 4.4.4. Business areas 4.4.5. Locating beacons and aligning with risk areas 4.4.6. Mapping roles 4.4.7. Human interaction patterns 4.4.8. Hotspots 4.5. Anomaly Detection 4.5.1. Data noise 4.5.2. Detecting anomalies 4.5.3. Classification 4.5.4. Point-based anomalies 4.5.5. Contextual-based anomalies 4.5.6. Collective anomalies 4.6. Threat Model and Algorithm 4.6.1. Extracting the data 4.6.2. Threat detection application 4.6.3. Baseline behaviour 4.6.4. Analysing data 4.6.5. Entry points 4.6.6. Time of day 4.6.7. Time spent in a zone 4.6.8. Zone metrics 4.6.9. Pattern triggers 4.7. The Algorithm 4.7.1. Verification process 4.7.2. False positives 4.7.3. Experiment validation 4.8. Regulations and Legal Considerations 4.8.1. GDPR 4.8.2. Privacy laws 4.9. Conclusions and Recommendations References Chapter 5 Ransomware 5.1. Introduction 5.2. Ransomware and How It Impacts Different Platforms 5.3. Methodology of Ransomware 5.4. Latest and Most Prominent Ransomwares 5.5. Platforms Affected by Ransomware Attacks 5.6. Preventing Ransomware Attacks 5.7. Conclusion References Chapter 6 Protecting and Securing Data Through Blockchain Across Industries 6.1. Introduction 6.2. What Is Blockchain? 6.2.1. Blockchain overview: How does it work? 6.2.2. Public and private blockchains 6.2.3. Blockchain data storage 6.2.4. Benefits of blockchain 6.2.5. Potential security issues and limitations on blockchain 6.3. Threats to Mission Critical Data: Vulnerabilities and Cyber Attacks 6.3.1. Ransomware 6.3.2. Social engineering: Phishing and spear-phishing 6.4. Cyber Breaches and Client Data Theft Concerns 6.4.1. Cyber breach analysis 6.4.2. Deep web impacts to the client 6.5. Is Blockchain the Answer Industry is Looking for Regarding Securing Data? 6.6. Conclusions References Chapter 7 Bring Your Own Device: GDPR Compliant or Headache? The Human Aspect in Security and Privacy 7.1. Introduction 7.2. BYOD Architecture, Security Status and Challenges 7.2.1. Current security models 7.2.1.1. Mobile Device Management (MDM) 7.2.1.2. Mobile Application Management (MAM) 7.2.1.3. Mobile Information Management (MIM) 7.2.2. Security concerns 7.2.3. BYOD security challenges 7.3. Impact of GDPR on BYOD Architectures 7.3.1. Threats to personal data security 7.4. Guidelines to Enhance Security Posture on Mobile Devices 7.4.1. Strong passwords 7.4.2. Anti-virus software 7.4.3. Authentication mechanisms 7.4.4. Remote control 7.4.5. Importance of not rooting/jailbreaking the device 7.4.6. Virtual private networks 7.4.7. Download applications from trusted sources 7.4.8. Update systems to latest patches 7.5. Integration of a Multi-Layer Policy and the Information Governance Framework for a BYOD Security Framework 7.6. Conclusion References Chapter 8 GDPR Compliance: Incident Response and Breach Notification Challenges 8.1. Introduction 8.1.1. Background 8.1.2. Aims 8.2. Literature Review 8.2.1. Changes in the legal and regulatory landscape 8.2.2. Exploration of a data breach and its wider impact 8.2.3. Privacy risks in IoT and third-party apps 8.2.4. Establishing privacy by design and default 8.2.5. Encryption and pseudonymisation 8.2.6. Comparison of incident response frameworks 8.2.7. Security culture and leadership within incident response programs 8.2.8. Summary of literature 8.3. Development of Decision Support System 8.3.1. Pre-GDPR incident response frameworks 8.3.2. Compliant GDPR framework design 8.3.3. Justification for component selection 8.4. Focus Group 8.4.1. Recruitment of participants 8.4.2. Ethical consideration 8.5. Results and Analysis 8.5.1. Results 8.5.2. Usability of DSS for addressing privacy by design and default 8.5.3. Feedback and recommendations for improving design 8.5.4. Feasibility of DSS for implementation 8.5.5. Summary of results and analysis 8.6. Evaluation of Research Process and Methods 8.6.1. Research limitations 8.7. Conclusion and Recommendation 8.7.1. Recommendations for future work References Chapter 9 Evaluation of the Standardised Digital Forensic Investigation Process Model (SDFIPM) 9.1. Introduction 9.1.1. Research problem 9.1.2. Structure of the paper 9.2. Background to the Previous DFIPMs 9.3. Research Methodology 9.4. Overview of the SDFIPM 9.4.1. Examination process 9.4.2. Analysis process 9.4.3. Interpretation process 9.4.4. Event reconstruction process 9.4.5. Reporting process 9.4.6. Presentation process 9.4.7. Investigation closure process 9.5. Demonstration of the SDFIPM 9.5.1. Case study 9.6. Evaluation of the SDFIPM 9.6.1. Methods of validation 9.6.2. Expert selection process 9.6.3. Feedback formats and analysis 9.6.4. General feedback 9.6.5. Detailed feedback and responses 9.6.6. Analysis of the results 9.6.7. Alterations made to the SDFIPM 9.7. Conclusion 9.7.1. Research problem addressed 9.7.2. Research contribution 9.7.3. Future work References Appendix A Appendix B Appendix C Chapter 10 Blockchain of Custody, BoC 10.1. Introduction 10.2. Background 10.3. Blockchain of Custody, BoC 10.3.1. Scope 10.3.2. Transactions 10.3.3. No Wi-Fi, no reception 10.3.4. Incentives 10.3.5. Permissioned blockchain 10.3.6. Tokens 10.3.7. Hyperledger 10.4. Design 10.4.1. User modelling 10.4.2. Data modelling 10.4.3. Access control 10.4.4. Operational Logic 10.4.5. Summary 10.5. Results 10.5.1. Creating a new investigation 10.5.2. Adding a new member to the First Response Team (FRT) 10.5.3. Seizure 10.5.4. Exchange of artefact 10.6. Conclusions 10.6.1. Recommendations 10.6.2. Future work 10.6.3. Summary References Chapter 11 New Issues in Cyber Security Forensics 11.1. Introduction 11.1.1. Computer networks 11.2. Cyber Security on Mobile Devices 11.2.1. Security and information protection 11.2.2. Voice over wireless networks 11.3. Wi-Fi Vulnerabilities 11.3.1. Threats and attacks 11.3.2. Wireless sensor networks 11.4. Security and Privacy Adaptation 11.4.1. Network security challenges 11.5. Security in Mobile Operating Environments 11.5.1. Mobile security vulnerabilities 11.5.2. Power in wireless devices 11.5.3. Limitations caused by energy consumption in encryption 11.5.4. Current state of security 11.5.5. Secure access to applications 11.5.6. Social media sites 11.6. Cross Border Security References Chapter 12 Ethical Considerations and a Proposed Support Process When Employing People With Autistic Spectrum Disorder in Cyber Security Roles 12.1. Literature Review 12.1.1. Autistic Spectrum Disorder 12.1.1.1. Basic brain anatomy 12.1.1.2. Support processes 12.1.2. TEACCH (Treatment and Education of Autistic and related Communication-handicapped Children) 12.1.3. Project SEARCH 12.1.4. Transition 12.1.5. Assistive technology 12.1.6. Cyber security 12.1.7. Laws and ethics 12.1.7.1. Relevant UK laws 12.1.7.2. Ethics 12.2. Methodology 12.2.1. Qualitive review 12.2.2. Questionnaires 12.2.3. Case studies 12.2.4. Autistic savantism 12.3. Analysis and Critical Discussion 12.3.1. Matching traits with opportunities 12.3.1.1. Traits and strengths 12.3.1.2. Opportunities 12.3.2. Potential issues 12.3.2.1. Social communication 12.3.2.2. Social interaction 12.3.2.3. Honesty 12.3.2.4. Routines and repetitive behaviour 12.3.2.5. Focussed interests 12.3.2.6. Sensory perception 12.3.3. Questionnaire response analysis 12.3.3.1. National Autistic Society questionnaire 12.3.3.2. Employer questionnaire 12.3.4. Autistic brain structural anomalies 12.4. Conclusions References Chapter 13 An Ethical Approach to Understanding Cyber Security 13.1. Introduction 13.2. A Working Definition of Ethics 13.3. Computers and Ethics in Cyber Security 13.3.1. Information governance and policy vacuum 13.3.2. Cyber security in unknown waters 13.4. The Ethical Significance of Cyber Security 13.5. The Undermining of Ethical Issues in Cyber Security 13.5.1. Hacking and computer wrongdoing 13.6. Cyber and Information Conflict 13.7. Ethical View of the GDPR’s Cyber Security 13.7.1. Record keeping 13.7.2. The “security of processing” 13.7.3. Data ruptures 13.7.4. Data protection impact assessment 13.7.5. Staff mindfulness program 13.8. Ethical Issues and Data Privacy 13.8.1. Privacy and its significance 13.8.2. Threats to privacy 13.9. Ethics and Research in Cybersecurity 13.10. Concluding Remark Suggested Reading References Chapter 14 An Analysis of Data Mining Metrics to Identify and Evaluate Potential Radicalisation Utilising Social Media 14.1. Introduction 14.2. Literature Review 14.2.1. Psychological traits and linguistic theory 14.2.2. Social media and current events 14.2.3. Wider relative research 14.3. Research Methodology 14.3.1. Datasets 14.4. Keyword Analysis 14.4.1. Word count 14.4.2. Keyword-in-context 14.4.3. Data analysis 14.5. Keyword Metric Results of the Data Analysis 14.5.1. Analytical comparison of the keyword metrics 14.5.2. Legislative and jurisdiction factors interconnected with the definitions of radicalisation and extremism 14.5.3. Analysis of the social media platform and policies, and their effect on current and future data capturing 14.5.4. Review of the collated analytic data, psychological, social and legislative research 14.6. Conclusions References Chapter 15 The European Union’s General Data Protection Regulation (GDPR) 15.1. Introduction 15.2. Legislative Background 15.3. Personal Data Under GDPR 15.4. Data Processing 15.5. General Principles 15.6. The Data Protection Officer 15.7. Data Protection Impact Assessment 15.8. The Fines and the Press 15.9. Information Technology and the GDPR 15.10. Conclusions References Index