What Every Engineer Should Know About Cyber Security and Digital Forensics
暫譯: 每位工程師應該知道的網路安全與數位取證知識
Defranco, Joanna F., Maley, Bob
相關主題
商品描述
Most organizations place a high priority on keeping data secure, but not every organization invests in training its engineers or employees in understanding the security risks involved when using or developing technology. Designed for the non-security professional, What Every Engineer Should Know About Cyber Security and Digital Forensics is an overview of the field of cyber security.
The Second Edition updates content to address the most recent cyber security concerns and introduces new topics such as business changes and outsourcing. It includes new cyber security risks such as Internet of Things and Distributed Networks (i.e., blockchain) and adds new sections on strategy based on the OODA (observe-orient-decide-act) loop in the cycle. It also includes an entire chapter on tools used by the professionals in the field. Exploring the cyber security topics that every engineer should understand, the book discusses network and personal data security, cloud and mobile computing, preparing for an incident and incident response, evidence handling, internet usage, law and compliance, and security forensic certifications. Application of the concepts is demonstrated through short case studies of real-world incidents chronologically delineating related events. The book also discusses certifications and reference manuals in the areas of cyber security and digital forensics.
By mastering the principles in this volume, engineering professionals will not only better understand how to mitigate the risk of security incidents and keep their data secure, but also understand how to break into this expanding profession.
商品描述(中文翻譯)
大多數組織都非常重視數據安全,但並非每個組織都會投資於培訓其工程師或員工,以了解在使用或開發技術時所涉及的安全風險。針對非安全專業人士設計的《每位工程師應該知道的網路安全與數位取證》是網路安全領域的概述。
第二版更新了內容,以應對最新的網路安全問題,並引入了新的主題,如業務變化和外包。它包括新的網路安全風險,例如物聯網和分散式網路(即區塊鏈),並新增了基於OODA(觀察-定位-決策-行動)循環的策略部分。書中還包含了一整章專門介紹該領域專業人士使用的工具。這本書探討了每位工程師應該理解的網路安全主題,包括網路和個人數據安全、雲端和行動計算、事件準備和事件響應、證據處理、網際網路使用、法律和合規性,以及安全取證認證。通過短小的案例研究,按時間順序描述相關事件,展示了這些概念的應用。書中還討論了網路安全和數位取證領域的認證和參考手冊。
通過掌握本書中的原則,工程專業人士不僅能更好地理解如何減輕安全事件的風險並保持數據安全,還能了解如何進入這個不斷擴展的職業領域。
作者簡介
Joanna F. DeFranco, earned her Ph.D. in computer and information science from New Jersey Institute of Technology, M.S. in computer engineering from Villanova University, and a B.S. in Electrical Engineering and Math from Penn State University. She is an Associate Professor of Software Engineering with the Pennsylvania State University. She has worked as an Electronics Engineer for the Navy as well as a Software Engineer at Motorola. Dr. DeFranco is also a researcher for the National Institute of Standards and Technology (NIST) working with the Secure Systems and Applications group. She is a senior member of the IEEE and an area and column editor for IEEE Computer Magazine. Her research interests include software engineering, Software Security, Distributed Networks, and Internet of Things.
Bob Maley, Inventor, CISO, Author, Futurist, and OODA Loop Fanatic, is the Chief Security Officer at Black Kite, the leader in third-party cyber risk intelligence. Bob has previously worked in physical security as a law enforcement officer. He also worked as the head of PayPal's Global Third-Party Security & Inspections team and as Chief Information Security Officer for the Commonwealth of Pennsylvania. Bob led the Pennsylvania Information Security Architecture program to win the 2007 award for outstanding achievement in information technology by the National Association of State Chief Information Officers (NASCIO). He has been named a CSO of the Year finalist for the SC Magazine Awards and was nominated as the Information Security Executive of the Year, North America. Bob's certifications include CRISC, CTPRP, OpenFAIR, and CCSK.
作者簡介(中文翻譯)
Joanna F. DeFranco 獲得新澤西理工學院的計算機與資訊科學博士學位,維拉諾瓦大學的計算機工程碩士學位,以及賓州州立大學的電機工程與數學學士學位。她是賓州州立大學的軟體工程副教授。她曾擔任海軍的電子工程師以及摩托羅拉的軟體工程師。DeFranco 博士也是美國國家標準與技術研究所 (NIST) 的研究員,與安全系統與應用組合作。她是 IEEE 的資深會員,並擔任 IEEE Computer Magazine 的區域與專欄編輯。她的研究興趣包括軟體工程、軟體安全、分散式網路和物聯網。
Bob Maley 是發明家、首席資訊安全官 (CISO)、作者、未來學家以及 OODA Loop 愛好者,目前擔任 Black Kite 的首席安全官,該公司是第三方網路風險情報的領導者。Bob 之前在實體安全領域擔任執法官。他還曾擔任 PayPal 全球第三方安全與檢查團隊的負責人,以及賓夕法尼亞州的首席資訊安全官。Bob 領導賓夕法尼亞州資訊安全架構計畫,獲得 2007 年全國州首席資訊官協會 (NASCIO) 的資訊科技卓越成就獎。他曾被提名為 SC Magazine Awards 的年度首席安全官決賽入圍者,並被提名為北美年度資訊安全執行官。Bob 的認證包括 CRISC、CTPRP、OpenFAIR 和 CCSK。
