Bookshelf

• Learn 5 defensive programming techniques from experts

  How do you become a good programmer? Accept that you have bad programming habits. The authors of 'The Pragmatic Programmer' share tips for defensive code creation.  Continue Reading

• Try these 6 official practice questions for CCNA 200-301

  These practice questions for CCNA 200-301 lay out what readers need to know about network security best practices from 'CCNA 200-301 Official Cert Guide, Volume 2.'  Continue Reading

• A look inside 'CCNA 200-301 Official Cert Guide, Volume 2'

  Network security is a crucial skills area for network engineers, and the CCNA 200-301 reflects this. Here's a chapter excerpt on network security from the new guide.  Continue Reading

• Traditional, emerging topics unite in the new CCNA exam

  As of Feb. 24, all eyes are on the CCNA 200-301 exam -- Cisco's latest update to the CCNA track. Here's a look at what's on the exam and how it compares to previous CCNA exams.  Continue Reading

• Cryptography basics: Symmetric key encryption algorithms

  Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here.  Continue Reading

• 'Computer Security Fundamentals:' Quantum security to certifications

  New topics, from security engineering to quantum computing, are covered in 'Computer Security Fundamentals,' but the book's author suggests readers review some basic topics, too.  Continue Reading

• CISM practice questions to prep for the exam

  Risk management is at the core of being a security manager. Practice your risk management knowledge with these CISM practice questions.  Continue Reading

• The who, what, why -- and challenges -- of CISM certification

  Think you're ready for the CISM certification exam? Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, has some pointers for you.  Continue Reading

• Data breach risk factors, response model, reporting and more

  Dig into five data breach risk factors, and learn how the DRAMA data breach response model can help enterprises counter breaches in a timely and efficient manner.  Continue Reading

• The ins and outs of cyber insurance coverage

  Cyber insurance coverage can help companies successfully navigate the aftereffects of a data breach. However, choosing a policy in the first place can be confusing.  Continue Reading

• How to build a neural network from the ground floor

  Deep learning is powering the development of AI. To build your own neural network, start by understanding the basics: how neural networks learn, correlate and stack with data.  Continue Reading

• AWS SysOps certification exam guide outlines admin responsibility

  In this book excerpt from "AWS Certified SysOps Administrator Associate All-in-One Exam Guide," review the best practices for OS and application security on AWS.  Continue Reading

• Benefits of using Azure Security Center for security assessments

  Author Yuri Diogenes discusses how Azure Security Center helps admins achieve full cloud visibility, conduct security assessments and prevent potential breaches.  Continue Reading

• Use Azure Security Center to conduct a security posture assessment

  In this excerpt from Chapter 4 of Microsoft Azure Security Center, the authors outline how to use the software to determine and improve your enterprise's cloud security posture.  Continue Reading

• Mark Schwartz dives into risk management in War and Peace and IT

  Get an inside look into Mark Schwartz's new book, War and Peace and IT, with a chapter excerpt on risk and opportunity, as well as a Q&A with the author.  Continue Reading

• Learn how to master network traffic analysis with Python

  In this book excerpt, explore key components of network security and network traffic analysis with Python scripting from Packt Publishing author José Manuel Ortega.  Continue Reading

• How Python addresses security, network traffic analysis concerns

  Python can benefit key areas of an organization's network, including network security and traffic analysis. Glean critical expert advice from an author of various Python textbooks.  Continue Reading

• On a penetration tester career path, flexibility and curiosity are key

  Becoming a pen tester takes more than passing an exam. Learn the qualities ethical hackers should embrace to achieve success on their penetration tester career path.  Continue Reading

• CompTIA PenTest+ practice test questions to assess your knowledge

  Think you're ready to take the CompTIA PenTest+ certification exam? Test your skill set with some of the sample multiple-choice questions you may be facing.  Continue Reading

• Acquire best practices with this system administration handbook

  Often, books published about IT are obsolete the moment they hit the shelves: modern technology moves too fast for physical publishing. However, this particular volume aims for longevity.  Continue Reading

• Gene Kim explores DevOps transformation in 'The Unicorn Project'

  This chapter excerpt from Gene Kim's 'The Unicorn Project' touches on one of the book's core themes: Roadblocks occur when developers, ops and business leaders are misaligned.  Continue Reading

• To secure DevOps, break culture and tooling barriers

  The importance of secure DevOps initiatives can't be denied, but building security into DevOps isn't easy. Explore what needs to change and how those changes can be achieved.  Continue Reading

• The 3 pillars of a DevSecOps model

  In this excerpt from Chapter 1 of Securing DevOps: Security in the Cloud, author Julien Vehent describes three principles critical to the DevSecOps model.  Continue Reading

• Try a CCNA 200-301 practice quiz from the official cert guide

  This practice quiz provides a sneak peek into the new 'CCNA 200-301 Official Cert Guide, Volume 1,' which reflects Cisco's CCNA certification and exam redesigns.  Continue Reading

• Prepare for the CCNA 200-301 exam with this guide preview

  Here's a sneak peek at what to expect from Cisco's redesigned CCNA exam directly from 'CCNA 200-301 Official Cert Guide, Volume 1' by author Wendell Odom.  Continue Reading

• Cisco author says new CCNA exam undergoes largest change ever

  Cisco said goodbye to most CCNA tracks, and hello to a consolidated exam. Here's what you need to know about the new CCNA, from the author of every official CCNA guidebook.  Continue Reading

• Book excerpt: Communication structures of an organization

  The following is an excerpt from 'Team Topologies: Organizing Business and Technology Teams for Fast Flow,' by Matthew Skelton and Manuel Pais, as well as a Q&A with the authors.  Continue Reading

• Book excerpt: Building blocks of an IIoT security architecture

  The following is an excerpt from 'Practical Industrial Internet of Things Security: A practitioner's guide to securing connected industries' by author Sravani Bhattacharjee and published by Packt.  Continue Reading

• Security in Network Functions Virtualization

  In this excerpt of chapter 4 of Security in Network Functions Virtualization, authors Zonghua Zhang and Ahmed Meddahi discuss Identity and Access Management in NFV.  Continue Reading

• Port Cybersecurity

  In this excerpt from chapter 3 of Port Cybersecurity, author Nineta Polemi discusses Security of Ports' Critical Information Infrastructures.  Continue Reading

• Seeking the Truth from Mobile Evidence

  In this excerpt from chapter 19 of Seeking the Truth from Mobile Evidence, author John Bair discusses Android user enabled security in terms of passwords and gestures.  Continue Reading

• Book excerpt: Use IoT to win in the outcome economy

  The following is an excerpt from 'IoT Inc: How Your Company Can Use the Internet of Things to Win in the Outcome Economy' by author Bruce Sinclair and published by McGraw-Hill.  Continue Reading

• Thor's OS Xodus

  In this excerpt from chapter one of Thor's OS Xodus, author Timothy "Thor" Mullen discusses OS X, privacy, and online safety.  Continue Reading

• Threat Forecasting

  In this excerpt from chapter 1 of Threat Forecasting, authors John Pirc, David DeSanto, Iain Davison, and Will Gragido discuss how to navigate today's threat landscape.  Continue Reading

• The Cloud Security Ecosystem

  In this excerpt from chapter seven of The Cloud Security Ecosystem, authors Ryan Ko and Kim-Kwang Raymond Choo discuss protecting digital identity in the cloud.  Continue Reading

• Security Controls Evaluation, Testing, and Assessment Handbook

  In this excerpt from chapter 11 of Security Controls Evaluation, Testing, and Assessment Handbook, author Leighton Johnson discusses access control.  Continue Reading

• The Basics of Cyber Safety

  In this excerpt from chapter four of The Basics of Cyber Safety, authors John Sammons and Michael Cross discuss basic email security.  Continue Reading

• Deception in the Digital Age

  In this excerpt from chapter five of Deception in the Digital Age, authors Cameron H. Malin, Terry Gudaitis, Thomas J. Holt and Max Kilger discuss phishing and watering hole attacks.  Continue Reading

• Securing SQL Server: Protecting Your Database from Attackers

  In this excerpt from chapter nine of Securing SQL Server, author Denny Cherry discusses why SQL injection attacks are so successful.  Continue Reading

• Safety of Web Applications

  In this excerpt from chapter three of Safety of Web Applications, author Eric Quinton discusses symmetric and asymmetric encryption.  Continue Reading

• Research Methods for Cyber Security

  In this excerpt from chapter six of Research Methods for Cyber Security, authors Thomas W. Edgar and David O. Manz discuss the different types of machine learning.  Continue Reading

• Cybercrime and Business: Strategies for Global Corporate Security

  In this excerpt from chapter three of Cybercrime and Business, author Sanford L. Moskowitz discusses the effects cybercrime can have on small- and medium-sized businesses.  Continue Reading

• Computer and Information Security Handbook

  In this excerpt from chapter three of Computer and Information Security Handbook, author John R. Vacca reviews the basics of cryptography.  Continue Reading

• Passive Python Network Mapping

  In this excerpt from chapter two of Passive Python Network Mapping, author Chet Hosmer discusses securing your devices against network security threats.  Continue Reading

• Protecting Patient Information

  In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data breaches in healthcare.  Continue Reading

• Mobile Security and Privacy

  In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity in terms of mathematics.  Continue Reading

• Federal Cloud Computing

  In this excerpt from chapter three of Federal Cloud Computing, author Matthew Metheny discusses open source software and its use in the U.S. federal government.  Continue Reading

• Advanced Persistent Security

  In this excerpt from chapter seven of Advanced Persistent Security, authors Araceli Treu Gomes and Ira Winkler discuss the different threats facing organizations.  Continue Reading

• Book excerpt: 'Securing the Internet of Things'

  In this excerpt from chapter four of 'Securing the Internet of Things,' authors Shancang Li and Li Da Xu explain how authentication, digital signatures, RPK and digital certificates fit into IoT.  Continue Reading

• Blockchain for Dummies

  In this excerpt from chapter five of 'Blockchain for Dummies,' author Tiana Laurence covers Ethereum, decentralized autonomous organizations and smart contracts.  Continue Reading

• RIoT Control: Understanding and Managing Risks and the Internet of Things

  In this excerpt from chapter six of RIoT Control, author Tyson Macaulay discusses how the safety risks requirements of IoT are related to security requirements.  Continue Reading

• Measuring and Managing Information Risk: A FAIR Approach

  In this excerpt from chapter 13 of Measuring and Managing Information Risk, authors Jack Freund and Jack Jones discuss information security metrics.  Continue Reading

• Handbook of System Safety and Security

  In this excerpt from chapter 10 of Handbook of System Safety and Security, editor Edward Griffor discusses cloud and mobile cloud architecture and security.  Continue Reading

• Mobile Data Loss: Threats and Countermeasures

  In this excerpt from chapter three of Mobile Data Loss, author Michael T. Raggo discusses mobile security countermeasures.  Continue Reading

• Building a Practical Information Security Program

  In this excerpt from chapter nine of Building a Practical Information Security Program, authors Jason Andress and Mark Leary discuss deploying a security compliance process.  Continue Reading

• Information Security Science

  In this excerpt from chapter 1 of Information Security Science, author Carl Young discusses information security threats and risk.  Continue Reading

• Information Security Analytics

  In this excerpt from chapter Z of Information Security Analytics, authors Mark Ryan Talabis, Robert McPherson, Inez Miyamoto and Jason L. Martin discuss security intelligence.  Continue Reading

• Industrial Network Security

  In this excerpt from chapter 3 of Industrial Network Security, authors Eric D. Knapp and Joel Langill discuss the history and trends of industrial cybersecurity.  Continue Reading

• Hiding Behind the Keyboard

  In this excerpt from chapter 2 of Hiding Behind the Keyboard, authors Brett Shavers and John Bair discuss the Tor Browser.  Continue Reading

• Hacking Web Intelligence

  In this excerpt from chapter 8 of Hacking Web Intelligence, authors Sudhanshu Chauhan and Nutan Panda discuss how to be anonymous on the internet using proxy.  Continue Reading

• DNS Security: Defending the Domain Name System

  In this excerpt from chapter two of DNS Security: Defending the Domain Name System, authors Allan Liska and Geoffrey Stowe discuss why DNS security is important.  Continue Reading

• Data Breach Preparation and Response: Breaches are Certain, Impact is Not

  In this excerpt from chapter five of Data Breach Preparation and Response: Breaches are Certain, Impact is Not, author Kevvie Fowler discusses the key step to contain a data breach.  Continue Reading

• Cybersecurity and Applied Mathematics

  In this excerpt of Cybersecurity and Applied Mathematics, authors Leigh Metcalf and William Casey explain string analysis and how it can be applied to cyber data.  Continue Reading

• Cyber Guerilla

  In this excerpt of Cyber Guerilla, authors Jelle van Haaster, Ricky Gevers and Martijn Sprengers discuss the various roles hackers play.  Continue Reading

• Google Earth Forensics: Using Google Earth Geo-Location in Digital Forensic Investigations

  In this excerpt from chapter five of Google Earth Forensics, authors Michael Harrington and Michael Cross discuss the process of digital forensics.  Continue Reading

• 'Building the Internet of Things'

  In this excerpt from chapter 10 of 'Building the Internet of Things,' author Maciej Kranz discusses why a common IoT framework is critical to the current and future success of a connected world.  Continue Reading

• The Amazon Way on IoT

  In this excerpt from chapter seven of The Amazon Way on IoT, author John Rossman describes the seventh principle of IoT: the outcome-based business model.  Continue Reading

• Dissecting the Hack

  In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian Baskin discuss Bitcoin and digital currency.  Continue Reading

• Digital Identity Management

  In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics and the TLS protocol.  Continue Reading

• Becoming a Global Chief Security Executive Officer

  In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, author Roland Cloutier discusses the primary role of the chief security officer.  Continue Reading

• Automated Security Analysis of Android and iOS Applications

  In this excerpt of Automated Security Analysis of Android and iOS Applications with Mobile Security Framework, authors Ajin Abraham and Henry Dalziel discuss mobile application penetration testing.  Continue Reading

• Augmented Reality Law, Privacy, and Ethics

  In this excerpt of Augmented Reality Law, Privacy, and Ethics: Law, Society, and Emerging AR Technologies, author Brian D. Wassom discusses privacy concerns in the internet of things.  Continue Reading

• Managing Online Risk

  In this excerpt of Managing Online Risk, author Deborah Gonzalez outlines the main steps of a risk management model.  Continue Reading

• Information Governance and Security: Protecting and Managing Your Company's Proprietary

  In this excerpt of Information Governance and Security, authors John G. Iannarelli and Michael O'Shaughnessy offer tips for establishing guidelines for all departments or sectors of a business.  Continue Reading

• Integrated Security Systems Design

  In this excerpt of Integrated Security Systems Design, author Thomas L. Norman explains the tools of security system design, the place of electronics in the process, how to establish electronic security program objectives and the types of design efforts.  Continue Reading

• Securing VoIP: Keeping Your VoIP Networks Safe

  In this excerpt of Securing VoIP: Keeping your VoIP Network Safe, author Regis (Bud) Bates outlines different approaches to VoIP security and offers best practices to ensure infrastructure security is intact.  Continue Reading

• Detecting and Combating Malicious Email

  In this excerpt of Detecting and Combating Malicious Email, authors Julie JCH Ryan and Cade Kamachi discuss the elements of an email structure and touch on how attackers can use these elements to trick unwitting victims.  Continue Reading

• Designing and Building Security Operations center

  In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading

• Hacking and Penetration Testing with Low Power Devices

  In this excerpt of Hacking and Penetration Testing with Low Power Devices, author Philip Polstra describes "The Deck" -- a custom Linux distribution -- that breaks the traditional penetration model by providing pen testers an OS that runs on low-power ARM-based systems.  Continue Reading

• Cyber Reconnaissance, Surveillance and Defense

  In this excerpt of Cyber Reconnaissance, Surveillance and Defense, author Robert Shimonski describes commonly used mobile technology and how phone tracking works.  Continue Reading

• Cyber Crime and Cyber Terrorism Investigator's Handbook

  In this excerpt of Cyber Crime and Cyber Terrorism Investigator's Handbook, authors Babak Akhgar, Andrew Staniforth and Francesca Bosco outline the classification, types and categories of cybercrime.  Continue Reading

• CSA Guide to Cloud Computing

  In this excerpt of CSA Guide to Cloud Computing, authors Rai Samani, Brian Honan and Jim Reavis review cloud security threats based on research by the CSA's Top Threats Working Group.  Continue Reading

• Building an Information Security Awareness Program

  In this excerpt of Building an Information Security Awareness Program, authors Bill Gardner and Valerie Thomas discuss why lecturing is an ineffective method of security awareness programs and offer alternative measures enterprises should consider.  Continue Reading

• Collaboration with Cloud Computing

  In this excerpt of Collaboration with Cloud Computing, author Ric Messier outlines how enterprises can evaluate risk management in the cloud.  Continue Reading

• Windows Forensic Analysis Toolkit: Advanced Analysis Techniques for Windows 8, Fourth Edition

  In this excerpt of Windows Forensic Analysis Toolkit, author Harlan Carvey discusses what Volume Shadow Copies are and how they affect forensic analysis in Windows 8.  Continue Reading

• Targeted Cyber Attacks

  In this excerpt of Targeted Cyber Attacks, authors Aditya Sood and Richard Enbody outline the cyberattack model and different vectors used to attack targets.  Continue Reading

• Social Engineering Penetration Testing

  In this excerpt of Social Engineering Penetration Testing, the authors outline what phishing attacks are and outline how these attacks work using multiple real-world examples.  Continue Reading

• Python Forensics: A Workbench for Inventing and Sharing Digital Forensic Technology

  In this excerpt of Python Forensics, author Chet Hosmer offers some ground rules for using the Python programming language in forensic applications.  Continue Reading

• The Basics of Information Security

  In this excerpt of The Basics of Information Security, author Jason Andress outlines methods for improving operating systems security.  Continue Reading

• Introduction to Information Security: A Strategic-Based Approach

  In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention.  Continue Reading

• 1
• 2