The New State-of-the-Art in Information Security: Now Covers the Economics of Cyber Security and the Intersection of Privacy and Information SecurityFor years, IT and security professionals and students have turned to Security in Computing as the definitive guide to information about computer security attacks and countermeasures. In their new fourth edition, Charles P. Pfleeger and Shari Lawrence Pfleeger have thoroughly updated their classic guide to reflect today's newest technologies, standards, and trends.The authors first introduce the core concepts and vocabulary of computer security, including attacks and controls. Next, the authors systematically identify and assess threats now facing programs, operating systems, database systems, and networks. For each threat, they offer best-practice responses.Security in Computing, Fourth Edition, goes beyond technology, covering crucial management issues faced in protecting infrastructure and information. This edition contains an all-new chapter on the economics of cybersecurity, explaining ways to make a business case for security investments. Another new chapter addresses privacy--from data mining and identity theft, to RFID and e-voting.New coverage also includes Programming mistakes that compromise security: man-in-the-middle, timing, and privilege escalation attacks Web application threats and vulnerabilities Networks of compromised systems: bots, botnets, and drones Rootkits--including the notorious Sony XCP Wi-Fi network security challenges, standards, and techniques New malicious code attacks, including false interfaces and keystroke loggers Improving code quality: software engineering, testing, and liability approaches Biometric authentication: capabilities and limitations Using the Advanced Encryption System (AES) more effectively Balancing dissemination with piracy control in music and other digital content Countering new cryptanalytic attacks against RSA, DES, and SHA Responding to the emergence of organized attacker groups pursuing profit
Cited By
- Moeckel C Examining and Constructing Attacker Categorisations Proceedings of the 14th International Conference on Availability, Reliability and Security, (1-6)
- Basak A, Bhunia S, Tkacik T and Ray S (2017). Security Assurance for System-on-Chip Designs With Untrusted IPs, IEEE Transactions on Information Forensics and Security, 12:7, (1515-1528), Online publication date: 1-Jul-2017.
- Yaseen Q, Jararweh Y, Panda B and Althebyan Q (2017). An insider threat aware access control for cloud relational databases, Cluster Computing, 20:3, (2669-2685), Online publication date: 1-Sep-2017.
- Mohammed N, Niazi M, Alshayeb M and Mahmood S (2017). Exploring software security approaches in software development lifecycle, Computer Standards & Interfaces, 50:C, (107-115), Online publication date: 1-Feb-2017.
- Giboney J, Proudfoot J, Goel S and Valacich J (2016). The Security Expertise Assessment Measure (SEAM), Computers and Security, 60:C, (37-51), Online publication date: 1-Jul-2016.
- Humayed A and Luo B Cyber-physical security for smart cars Proceedings of the ACM/IEEE Sixth International Conference on Cyber-Physical Systems, (252-253)
- Hausawi Y and Allen W Usable-Security Evaluation Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190, (335-346)
- Pereira T and Santos H Insider Threats Proceedings of the Third International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 9190, (654-663)
- Lutz C and Tamò A RoboCode-Ethicists Proceedings of the ACM Web Science Conference, (1-12)
- Wu P (2015). Teaching the RSA algorithm with a hands-on C++ coding project, Journal of Computing Sciences in Colleges, 30:4, (57-64), Online publication date: 1-Apr-2015.
- Hausawi Y and Allen W Usablity and security trade-off Proceedings of the 2014 ACM Southeast Regional Conference, (1-6)
- Han G, Zeng H, Li Y and Dou W SAFE Proceedings of the conference on Design, Automation & Test in Europe, (1-4)
- Hausawi Y and Allen W An Assessment Framework for Usable-Security Based on Decision Science Proceedings of the Second International Conference on Human Aspects of Information Security, Privacy, and Trust - Volume 8533, (33-44)
- Myers J (2014). The cheat sheet as pedagogical tool, Journal of Computing Sciences in Colleges, 30:2, (44-51), Online publication date: 1-Dec-2014.
- Hallgren P, Mauritzson D and Sabelfeld A GlassTube Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security, (71-82)
- Liver B and Kaufmann H Integrity in very large information systems Proceedings of the 25th international conference on Advanced Information Systems Engineering, (641-656)
- Mayron L, Hausawi Y and Bahr G Secure, usable biometric authentication systems Proceedings of the 7th international conference on Universal Access in Human-Computer Interaction: design methods, tools, and interaction techniques for eInclusion - Volume Part I, (195-204)
- Zhang G, Yang Y, Liu X and Chen J A Time-Series Pattern Based Noise Generation Strategy for Privacy Protection in Cloud Computing Proceedings of the 2012 12th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing (ccgrid 2012), (458-465)
- Yakovets N, Gryz J, Hazlewood S and van Run P From MDM to DB2 Proceedings of the 26th Annual IFIP WG 11.3 conference on Data and Applications Security and Privacy, (207-222)
- Liao L, Chen M, Rodrigues J, Lai X and Vuong S (2012). A Novel Web-enabled Healthcare Solution on HealthVault System, Journal of Medical Systems, 36:3, (1095-1105), Online publication date: 1-Jun-2012.
- Cavalcante R, Bittencourt I, da Silva A, Silva M, Costa E and Santos R (2012). A survey of security in multi-agent systems, Expert Systems with Applications: An International Journal, 39:5, (4835-4846), Online publication date: 1-Apr-2012.
- Costa M A solace in quantum Proceedings of the 2011 conference on Information technology education, (263-268)
- Fuchs L, Pernul G and Sandhu R (2011). Roles in information security - A survey and classification of the research area, Computers and Security, 30:8, (748-769), Online publication date: 1-Nov-2011.
- Seale R and Hargiss K (2011). A Proposed Architecture for Autonomous Mobile Agent Intrusion Prevention and Malware Defense in Heterogeneous Networks, International Journal of Strategic Information Technology and Applications, 2:4, (44-54), Online publication date: 1-Oct-2011.
- Bahr G, Mayron L and Gacey H Cyber risks to secure and private universal access Proceedings of the 6th international conference on Universal access in human-computer interaction: design for all and eInclusion - Volume Part I, (433-442)
- Asnar Y and Massacci F A method for security governance, risk, and compliance (GRC) Foundations of security analysis and design VI, (152-184)
- Lilien L, Al-Alawneh A and Ben Othmane L The pervasive trust foundation for security in next generation networks Proceedings of the 2010 New Security Paradigms Workshop, (129-142)
- Edge C and Stamey J Security education on a budget 2010 Information Security Curriculum Development Conference, (29-35)
- Ling M and Hassan W Harnessing ANN for a secure environment Proceedings of the 7th international conference on Advances in Neural Networks - Volume Part II, (540-547)
- Gordon D (2010). Forty years of movie hacking: considering the potential implications of the popular media representation of computer hackers from 1968 to 2008, International Journal of Internet Technology and Secured Transactions, 2:1/2, (59-87), Online publication date: 1-Feb-2010.
- Granzer W and Kastner W Security analysis of open building automation systems Proceedings of the 29th international conference on Computer safety, reliability, and security, (303-316)
- Birgisson A, Russo A and Sabelfeld A Unifying facets of information integrity Proceedings of the 6th international conference on Information systems security, (48-65)
- Onwubiko C and Lenaghan A (2009). Challenges and complexities of managing information security, International Journal of Electronic Security and Digital Forensics, 2:3, (306-321), Online publication date: 1-Jul-2009.
- Dlamini M, Eloff J and Eloff M (2009). Information security, Computers and Security, 28:3-4, (189-198), Online publication date: 1-May-2009.
- Schaefer R (2009). The epistemology of computer security, ACM SIGSOFT Software Engineering Notes, 34:6, (8-10), Online publication date: 3-Dec-2009.
- Said H, Guimaraes M, Maamar Z and Jololian L Database and database application security Proceedings of the 14th annual ACM SIGCSE conference on Innovation and technology in computer science education, (90-93)
- Said H, Guimaraes M, Maamar Z and Jololian L (2009). Database and database application security, ACM SIGCSE Bulletin, 41:3, (90-93), Online publication date: 25-Aug-2009.
- Loo A (2008). The myths and truths of wireless security, Communications of the ACM, 51:2, (66-71), Online publication date: 1-Feb-2008.
- Li H, Huang J, Sweany P and Huang D (2008). FPGA implementations of elliptic curve cryptography and Tate pairing over a binary field, Journal of Systems Architecture: the EUROMICRO Journal, 54:12, (1077-1088), Online publication date: 1-Dec-2008.
- Myers J and Riela S (2008). Taming the diversity of information assurance & security, Journal of Computing Sciences in Colleges, 23:4, (173-179), Online publication date: 1-Apr-2008.
- Duffany J Optimal resource allocation for securing an enterprise information infrastructure Proceedings of the 4th international IFIP/ACM Latin American conference on Networking, (35-42)
- Fernandez E, Sorgente T and Larrondo-Petrie M Even more patterns for secure operating systems Proceedings of the 2006 conference on Pattern languages of programs, (1-9)
- Tsai W, Liu X, Chen Y and Paul R Simulation Verification and Validation by Dynamic Policy Enforcement Proceedings of the 38th annual Symposium on Simulation, (91-98)
- Ho Y, Pepyne D, Zhao Q, Liu H, Yu Q and Dukes B (2004). ProgramID, Discrete Event Dynamic Systems, 14:4, (381-393), Online publication date: 1-Oct-2004.
Index Terms
- Security in Computing (4th Edition)