商品描述
Most organizations place a high priority on keeping data secure, but not every organization invests in training its engineers or employees in understanding the security risks involved when using or developing technology. Designed for the non-security professional, What Every Engineer Should Know About Cyber Security and Digital Forensics is an overview of the field of cyber security.
The Second Edition updates content to address the most recent cyber security concerns and introduces new topics such as business changes and outsourcing. It includes new cyber security risks such as Internet of Things and Distributed Networks (i.e., blockchain) and adds new sections on strategy based on the OODA (observe-orient-decide-act) loop in the cycle. It also includes an entire chapter on tools used by the professionals in the field. Exploring the cyber security topics that every engineer should understand, the book discusses network and personal data security, cloud and mobile computing, preparing for an incident and incident response, evidence handling, internet usage, law and compliance, and security forensic certifications. Application of the concepts is demonstrated through short case studies of real-world incidents chronologically delineating related events. The book also discusses certifications and reference manuals in the areas of cyber security and digital forensics.
By mastering the principles in this volume, engineering professionals will not only better understand how to mitigate the risk of security incidents and keep their data secure, but also understand how to break into this expanding profession.
商品描述(中文翻譯)
大多數組織都非常重視保護數據的安全性,但並非每個組織都會投資培訓工程師或員工,使其了解在使用或開發技術時所涉及的安全風險。《每位工程師都應該了解的網絡安全和數字取證》(What Every Engineer Should Know About Cyber Security and Digital Forensics)是專為非安全專業人士設計的網絡安全領域概述。
第二版更新了內容,以應對最近的網絡安全問題,並引入了新的主題,如業務變化和外包。它包括了新的網絡安全風險,如物聯網和分散式網絡(即區塊鏈),並增加了基於OODA(觀察-定位-決策-行動)循環的策略新章節。它還包括了一整章關於該領域專業人員使用的工具。本書探討了每位工程師應該了解的網絡和個人數據安全、雲端和移動計算、應對事件和事件響應、證據處理、網絡使用、法律和合規性以及安全取證認證等網絡安全主題。通過短篇實際案例研究,按時間順序描述相關事件,展示了這些概念的應用。本書還討論了網絡安全和數字取證領域的認證和參考手冊。
通過掌握本書中的原則,工程專業人員不僅能更好地了解如何減輕安全事件的風險並保護數據安全,還能了解如何進入這個不斷擴大的專業領域。
作者簡介
Joanna F. DeFranco, earned her Ph.D. in computer and information science from New Jersey Institute of Technology, M.S. in computer engineering from Villanova University, and a B.S. in Electrical Engineering and Math from Penn State University. She is an Associate Professor of Software Engineering with the Pennsylvania State University. She has worked as an Electronics Engineer for the Navy as well as a Software Engineer at Motorola. Dr. DeFranco is also a researcher for the National Institute of Standards and Technology (NIST) working with the Secure Systems and Applications group. She is a senior member of the IEEE and an area and column editor for IEEE Computer Magazine. Her research interests include software engineering, Software Security, Distributed Networks, and Internet of Things.
Bob Maley, Inventor, CISO, Author, Futurist, and OODA Loop Fanatic, is the Chief Security Officer at Black Kite, the leader in third-party cyber risk intelligence. Bob has previously worked in physical security as a law enforcement officer. He also worked as the head of PayPal's Global Third-Party Security & Inspections team and as Chief Information Security Officer for the Commonwealth of Pennsylvania. Bob led the Pennsylvania Information Security Architecture program to win the 2007 award for outstanding achievement in information technology by the National Association of State Chief Information Officers (NASCIO). He has been named a CSO of the Year finalist for the SC Magazine Awards and was nominated as the Information Security Executive of the Year, North America. Bob's certifications include CRISC, CTPRP, OpenFAIR, and CCSK.
作者簡介(中文翻譯)
Joanna F. DeFranco博士在新澤西理工學院獲得計算機與資訊科學博士學位,並在維拉諾瓦大學獲得計算機工程碩士學位,以及在賓夕法尼亞州立大學獲得電機工程和數學學士學位。她是賓夕法尼亞州立大學的軟體工程副教授。她曾在海軍擔任電子工程師,並在摩托羅拉擔任軟體工程師。DeFranco博士還是國家標準與技術研究所(NIST)的研究員,與安全系統和應用組合作。她是IEEE的高級會員,也是IEEE計算機雜誌的區域和專欄編輯。她的研究興趣包括軟體工程、軟體安全、分散式網絡和物聯網。
Bob Maley是Black Kite的首席安全官,Black Kite是第三方網絡風險情報的領導者。Bob曾在執法部門擔任物理安全人員。他還曾擔任PayPal全球第三方安全與檢查團隊的負責人,以及賓夕法尼亞州的首席信息安全官。Bob領導賓夕法尼亞州信息安全架構計劃獲得了2007年全國州首席信息官協會(NASCIO)的傑出成就獎。他曾入圍SC Magazine Awards的年度CSO決賽,並被提名為北美年度信息安全執行官。Bob的認證包括CRISC、CTPRP、OpenFAIR和CCSK。
