Discovering Cybersecurity: A Technical Introduction for the Absolute Beginner

The contemporary IT landscape is littered with various technologies that vendors claim will "solve" an organization's cybersecurity challenges. These technologies are powerful and, in the right context, can be very effective. But misunderstood and misused, they either do not provide effective protection or do not protect the right things. This results in unnecessary expenditures, false beliefs of security, and interference with an organization's mission.

This book introduces major technologies that are employed in today's cybersecurity landscape and the fundamental principles and philosophies behind them. By grasping these core concepts, professionals in every organization are better equipped to know what kind of technology they need, ask the right questions of vendors, and better interface with their CISO and security organization. The book is largely directed at beginners, including non-technical professionals such as policy makers, compliance teams, and business executives.

What You Will Learn

• Authentication technologies, including secure password storage and how hackers "crack" password lists
• Access control technology, such as BLP, BIBA, and more recent models such as RBAC and ABAC
• Core cryptography technology, including AES encryption and public key signatures
• Classical host security technologies that protect against malware (viruses, trojans, ransomware)
• Classical network security technologies, such as border security (gateways, firewalls, proxies), network IDS and IPS, and modern deception systems
• Web security technologies, including cookies, state, and session defenses, and threats that try to subvert them
• Email and social media security threats such as spam, phishing, social media, and other email threats

Who This Book Is For

Professionals with no technical training in engineering, computers, or other technology; those who want to know things at a technical level but have no previous background; professionals with a background in policy, compliance, and management; technical professionals without a background in computer security who seek an introduction to security topics; those with a security background who are not familiar with this breadth of technology.

當代的IT風景中充斥著各種技術，供應商聲稱這些技術將「解決」組織的資訊安全挑戰。這些技術在適當的情境下非常強大且有效。但是，如果誤解和誤用，它們要麼無法提供有效的保護，要麼無法保護正確的事物。這導致不必要的支出、對安全的虛假信念以及對組織使命的干擾。

本書介紹了當今資訊安全領域中使用的主要技術，以及背後的基本原則和理念。通過掌握這些核心概念，每個組織的專業人員能夠更好地了解他們需要哪種技術，向供應商提出正確的問題，並更好地與他們的CISO和安全組織進行交流。本書主要針對初學者，包括非技術專業人士，如政策制定者、合規團隊和業務執行人員。

你將學到什麼：
- 認證技術，包括安全密碼存儲和黑客如何破解密碼列表
- 存取控制技術，如BLP、BIBA以及最新的模型如RBAC和ABAC
- 核心加密技術，包括AES加密和公鑰簽名
- 保護免受惡意軟件（病毒、木馬、勒索軟件）侵害的傳統主機安全技術
- 傳統網絡安全技術，如邊界安全（閘道、防火牆、代理）、網絡入侵檢測和防禦系統，以及現代欺騙系統
- 網絡安全技術，包括Cookie、狀態和會話防禦，以及試圖破壞它們的威脅
- 電子郵件和社交媒體安全威脅，如垃圾郵件、釣魚、社交媒體和其他電子郵件威脅

本書適合對工程、計算機或其他技術沒有技術培訓的專業人士；那些想以技術層面了解事物但沒有先前背景的人；具有政策、合規和管理背景的專業人士；沒有計算機安全背景但希望介紹安全主題的技術專業人士；以及對這種廣度的技術不熟悉的安全背景人士。

Seth James Nielson, PhD is the founder and chief scientist of Crimson Vista, a cybersecurity engineering company. He advises clients from startups to Fortune 50 companies on security matters. Dr. Nielson also teaches cybersecurity courses at the University of Texas at Austin. He has authored or co-authored papers on topics such as IoT security, hacking portable chemical manufacturing systems, and methods for teaching computer security to students. Dr. Nielson also co-authored the Apress book, Practical Cryptography in Python.

Seth James Nielson博士是Crimson Vista的創辦人和首席科學家，該公司是一家專注於網絡安全工程的公司。他為初創企業到財富50強企業的客戶提供安全事務咨詢。Nielson博士還在德克薩斯大學奧斯汀分校教授網絡安全課程。他撰寫或合著了有關物聯網安全、攜帶式化學製造系統的黑客攻擊以及教授學生計算機安全的方法等主題的論文。Nielson博士還與其他人合著了Apress出版的書籍《Python實用加密學》。