The Art of Computer and Information Security: From Apps and Networks to Cloud and Crypto

Security in Computing, Sixth Edition, is today's essential text for anyone teaching, learning, and practicing cybersecurity. It defines core principles underlying modern security policies, processes, and protection; illustrates them with up-to-date examples; and shows how to apply them in practice. Modular and flexibly organized, this book supports a wide array of courses, strengthens professionals' knowledge of foundational principles, and imparts a more expansive understanding of modern security.

This extensively updated edition adds or expands coverage of artificial intelligence and machine learning tools; app and browser security; security by design; securing cloud, IoT, and embedded systems; privacy-enhancing technologies; protecting vulnerable individuals and groups; strengthening security culture; cryptocurrencies and blockchain; cyberwarfare; post-quantum computing; and more. It contains many new diagrams, exercises, sidebars, and examples, and is suitable for use with two leading frameworks: the US NIST National Initiative for Cybersecurity Education (NICE) and the UK Cyber Security Body of Knowledge (CyBOK).

• Core security concepts: Assets, threats, vulnerabilities, controls, confidentiality, integrity, availability, attackers, and attack types
• The security practitioner's toolbox: Identification and authentication, access control, and cryptography
• Areas of practice: Securing programs, user–internet interaction, operating systems, networks, data, databases, and cloud computing
• Cross-cutting disciplines: Privacy, management, law, and ethics
• Using cryptography: Formal and mathematical underpinnings, and applications of cryptography
• Emerging topics and risks: AI and adaptive cybersecurity, blockchains and cryptocurrencies, cyberwarfare, and quantum computing

Table of Contents

Chapter 1 Introduction

Chapter 2 Toolbox: Authentication, Access Control, and Cryptography

Chapter 3 Programs and Programming

Chapter 4 The Internet-User Side

Chapter 5 Operating Systems

Chapter 6 Networks

Chapter 7 Data and Databases

Chapter 8 New Territory

Chapter 9 Privacy

Chapter 10 Management and Incidents

Chapter 11 Legal Issues and Ethics

Chapter 12 Details of Cryptography

Chapter 13 Emerging Topics

Why Read This Book?

Admit it. You know computing entails serious risks to the privacy and integrity of your personal data and communications or the operation of your devices. But risk is a fact of life in much that we do, not just those activities involving computers. For instance, crossing the street is risky, perhaps more so in some places than others, but you still cross the street. As a child you learned to stop and look both ways before crossing. As you became older you learned to gauge the speed of oncoming traffic and determine whether you had the time to cross. At some point you developed a sense of whether an oncoming car would slow down or yield. We hope you never had to practice this, but sometimes you have to decide whether darting into the street without looking is the best means of escaping danger. The point is that all these matters depend on both knowledge and experience. The concepts and examples in this book will help you develop similar knowledge with respect to the risks of computing.

About the Author

Charles P. Pfleeger is an internationally known expert on computer and communications security. He spent 14 years as professor of computer science at the University of Tennessee, before moving on to computer research and consulting company, Trusted Information Systems, where he was director of European operations and senior consultant. He was also director of research, member of the staff, and chief security officer at Cable and Wireless. He has chaired the IEEE Computer Society Technical Committee on Security and Privacy and was on the editorial board of IEEE Security & Privacy magazine.

Shari Lawrence Pfleeger is a widely known software engineering and computer security researcher. She served as president of Systems/Software and then as senior researcher with the Rand Corporation. As research director of the Institute for Information Infrastructure Protection, she oversaw large, high-impact computer security research projects for international government and industry clients. She has served as associate editor in chief of IEEE Software magazine, and as editor in chief of IEEE Security & Privacy magazine.

Lizzie Coles-Kemp is a professor of information security at the Information Security Group, Royal Holloway University of London (RHUL). Prior to joining RHUL in 2007, Lizzie work in security practice for 17 years and held several managerial and directorship roles. During this time, she worked on the design and implementation of software access control systems, taught network security to practitioners, worked as a lead assessor in security standards for a UK certification body, and was global security officer for the British Council (a UK NGO).