Explore the vast range of titles available.

\"Despite the increase of high-profile hacks, record-breaking data leaks, and ransomware attacks, many organizations don't have the budget to establish or outsource an information security (InfoSec) program, forcing them to learn on the job. For companies obliged to improvise, this pragmatic guide provides a security-101 handbook with steps, tools, processes, and ideas to help you drive maximum-security improvement at little or no cost. Each chapter in this book provides step-by-step instructions for dealing with a specific issue, including breaches and disasters, compliance, network infrastructure and password management, vulnerability scanning, and penetration testing, among others. Network engineers, system adminstrators, and security professionals will learn tools and techniques to help improve security in sensible, manageable chunks.\" --Back cover.

In Cybersecurity and CyberWar: What Everyone Needs to Know®, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do?.

The United States is increasingly dependent on information and information technology for both civilian and military purposes, as are many other nations. Although there is a substantial literature on the potential impact of a cyberattack on the societal infrastructure of the United States, little has been written about the use of cyberattack as an instrument of U.S. policy. Cyberattacks-actions intended to damage adversary computer systems or networks-can be used for a variety of military purposes. But they also have application to certain missions of the intelligence community, such as covert action. They may be useful for certain domestic law enforcement purposes, and some analysts believe that they might be useful for certain private sector entities who are themselves under cyberattack. This report considers all of these applications from an integrated perspective that ties together technology, policy, legal, and ethical issues. Focusing on the use of cyberattack as an instrument of U.S. national policy, Technology, Policy, Law and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities explores important characteristics of cyberattack. It describes the current international and domestic legal structure as it might apply to cyberattack, and considers analogies to other domains of conflict to develop relevant insights. Of special interest to the military, intelligence, law enforcement, and homeland security communities, this report is also an essential point of departure for nongovernmental researchers interested in this rarely discussed topic.

\"...excellent for use as a text in information assurance or cyber-security courses...I strongly advocate that professors...examine this book with the intention of using it in their programs.\" (Computing Reviews.com, March 22, 2007) \"The book is written as a student textbook, but it should be equally valuable for current practitioners...this book is a very worthwhile investment.\" (Homeland Security Watch, August 17, 2006) While the emphasis is on the development of policies that lead to successful prevention of terrorist attacks on the nation's infrastructure, this book is the first scientific study of critical infrastructures and their protection. The book models the nation's most valuable physical assets and infrastructure sectors as networks of nodes and links. It then analyzes the network to identify vulnerabilities and risks in the sector combining network science, complexity theory, modeling and simulation, and risk analysis. The most critical components become the focus of deeper analysis and protection. This approach reduces the complex problem of protecting water supplies, energy pipelines, telecommunication stations, Internet and Web networks, and power grids to a much simpler problem of protecting a few critical nodes. The new edition incorporates a broader selection of ideas and sectors and moves the mathematical topics into several appendices.

It has become clear that Stuxnet-like worms pose a serious threat even to critical U.S. infrastructure and computer systems that are not connected to the Internet. However, defending against such attacks involves complex technological and legal issues. In particular, at the federal level, different organizations have different responsibilities and levels of authority when it comes to investigating or defending against intrusions.

The U.S. Army is studying ways to apply its cyber power and is reconsidering doctrinally defined areas that are integral to cyberspace operations. An examination of network operations, information operations, and several other, more focused areas across the U.S. military found significant overlap and potential boundary progression that could inform the development of future Army doctrine.

Information technology (IT) is essential to virtually all of the nation's critical infrastructures making them vulnerable by a terrorist attack on their IT system. An attack could be on the system itself or use the IT system to launch or exacerbate another type of attack. IT can also be used as a counterterrorism tool. The report concludes that the most devastating consequences of a terrorist attack would occur if it were on or used IT as part of a broader attack. The report presents two recommendations on what can be done in the short term to protect the nation's communications and information systems and several recommendations about what can be done over the longer term. The report also notes the importance of considering how an IT system will be deployed to maximize protection against and usefulness in responding to attacks.

Key Features ? Learn how to defend industrial control systems from an attacking standpoint. ? Learn about industrial network protocols and threat hunting. ? Handling of tackle industrial cyber risks ? Develop offensive and defensive skills. Description In recent years, the industrial cybersecurity arena has risen dramatically. Red teams must be used to continually test and exploit the security integrity of a company's people, processes, and products in order to completely safeguard critical infrastructure. This pen testing book takes a different approach than most by assisting you in gaining hands-on experience with equipment you'll encounter in the field. This will allow you to comprehend how industrial equipment interacts and functions in a real-world setting.This book begins by covering the fundamentals of industrial processes, then goes on to learn how to design and break them. It also includes obtaining open-source intelligence to develop a dangerous environment for your potential customer. You'll learn how to install and employ offensive tactics used by skilled hackers as you go. Before eventually launching assaults against systems in an industrial network, you'll learn about industrial equipment, port, and service discovery, pivoting, and much more.You'll not only know how to evaluate and navigate the nuances of an industrial control system (ICS) by the conclusion of this penetration testing book, but you'll also have gained crucial offensive and defensive skills to proactively safeguard industrial networks from current assaults. What you will learn ? Set up an ICS lab with both physical and virtual equipment using a beginning kit. ? Perform pre-engagement open-source intel collection to aid in the mapping of your attack landscape. ? Learn how to do penetration testing on industrial equipment using Standard Operating Procedures (SOPs). ? Recognize the necessity of listening to customer networks and the concepts of traffic stretching. ? Learn the fundamentals of ICS communication. ? Connect engineering workstations and supervisory control ? Connect data acquisition (SCADA) software to physical operational technologies. ? Learn how to map web-based SCADA solutions using directory scanning tools. Who this book is for This book is intended for an ethical hacker, penetration tester, automation engineer, or IT security expert who wants to keep industrial networks safe from intruders. You'll get the most out of this book if you have a basic grasp of cybersecurity and recent cyber incidents. Table of Contents 1. Using Virtualization 2. Route the Hardware 3. I Love My Bits: Lab Setup 4. Open-Source Ninja 5. Span Me If You Can 6. Packet Deep Dive 7. Scanning 101 8. Protocols 202 9. Ninja 308 10. I Can Do It 420 11. Whoot… I Have To Go Deep