“In this book, the authors adopt a refreshingly new approach to explaining the intricacies of the security and privacy challenge that is particularly well suited to today’s cybersecurity challenges. Their use of the threat–vulnerability–countermeasure paradigm combined with extensive real-world examples throughout results in a very effective learning methodology.”
—Charles C. Palmer, IBM Research The Modern Introduction to Computer Security: Understand Threats, Identify Their Causes, and Implement Effective Countermeasures
Analyzing Computer Security is a fresh, modern, and relevant introduction to computer security. Organized around today’s key attacks, vulnerabilities, and countermeasures, it helps you think critically and creatively about computer security—so you can prevent serious problems and mitigate the effects of those that still occur.
In this new book, renowned security and software engineering experts Charles P. Pfleeger and Shari Lawrence Pfleeger—authors of the classic Security in Computing—teach security the way modern security professionals approach it: by identifying the people or things that may cause harm, uncovering weaknesses that can be exploited, and choosing and applying the right protections. With this approach, not only will you study cases of attacks that have occurred, but you will also learn to apply this methodology to new situations.
The book covers “hot button” issues, such as authentication failures, network interception, and denial of service. You also gain new insight into broader themes, including risk analysis, usability, trust, privacy, ethics, and forensics. One step at a time, the book systematically helps you develop the problem-solving skills needed to protect any information infrastructure.
Coverage includes
Understanding threats, vulnerabilities, and countermeasures
Knowing when security is useful, and when it’s useless “security theater”
Implementing effective identification and authentication systems
Using modern cryptography and overcoming weaknesses in cryptographic systems
Protecting against malicious code: viruses, Trojans, worms, rootkits, keyloggers, and more
Understanding, preventing, and mitigating DOS and DDOS attacks
Architecting more secure wired and wireless networks
Building more secure application software and operating systems through more solid designs and layered protection
Protecting identities and enforcing privacy
Addressing computer threats in critical areas such as cloud computing, e-voting, cyberwarfare, and social media
