Explore the vast range of titles available.

This book is devoted to efficient pairing computations and implementations, useful tools for cryptographers working on topics like identity-based cryptography and the simplification of existing protocols like signature schemes. As well as exploring the basic mathematical background of finite fields and elliptic curves, Guide to Pairing-Based Cryptography offers an overview of the most recent developments in optimizations for pairing implementation. Each chapter includes a presentation of the problem it discusses, the mathematical formulation, a discussion of implementation issues, solutions accompanied by code or pseudocode, several numerical results, and references to further reading and notes. Intended as a self-contained handbook, this book is an invaluable resource for computer scientists, applied mathematicians and security professionals interested in cryptography.

This book explores how to secure the future state of the Internet of Things. Looking at an imminent future filled with computers that also moonlight as \"things\", the guide dissect the present and future threats to assets, digital and other wise. To avoid the significant technical debt which is likely to manifest as IoT adoption increases, it's important to think ahead. To that effect, the book examines how to design IoT solutions that provide end-to-end security and privacy at scale, delves into IoT economy from the perspective of both defenders and attackers, and discusses the implications of security usability.

Cybersecurity Fundamentals: A Real-World Perspective explains detailed concepts within computer networks and computer security in an easy-to-understand way, making it the perfect introduction to the topic. This book covers fundamental issues using practical examples and real-world applications to give readers a rounded understanding of the subject and how it is applied. The first three chapters provide a deeper perspective on computer networks, cybersecurity, and different types of cyberattacks that hackers choose to unleash on cyber environments. It then goes on to cover the types of major computer malware and cybersecurity attacks that shook the cyber world in the recent years, detailing the attacks and analyzing their impact on the global economy. The details of the malware codes that help the hacker initiate the hacking attacks on networks are fully described. It then covers high-tech cybersecurity programs, devices, and mechanisms that are extensively adopted in modern security systems. Examples of those systems include intrusion detection systems (IDS), intrusion prevention systems (IPS), and security firewalls. It demonstrates how modern technologies can be used to create and manage passwords for secure data. This book also covers aspects of wireless networks and their security mechanisms. The details of the most commonly used Wi-Fi routers are provided with step-by-step procedures to configure and secure them more efficiently. Test questions are included throughout the chapters to ensure comprehension of the material. Along with this book’s step-by-step approach, this will allow undergraduate students of cybersecurity, network security, and related disciplines to gain a quick grasp of the fundamental topics in the area. No prior knowledge is needed to get the full benefit of this book.

Information professionals have been paying more attention and putting a greater focus on privacy over cybersecurity. The cybersecurity and privacy breach incidents in soaring reveal that cybersecurity risks are high. Utilizing cybersecurity awareness training in the organizations has been one of the effective tools to promote cybersecurity-conscious culture and make individuals become more cybersecurity conscious. However, it is unknown if employees’ security behavior at work can be extended to their security behavior at home and personal life. On the one hand, library and information professionals need to inherit their role as data/information gatekeeper to safeguard data/information assets in the organizations and the cyberspace. On the other hand, library and information professionals can aid in enabling effective information access and dissemination of cybersecurity knowledge to make users conscious about the cybersecurity and privacy risks that are often hidden in the cyber universe. Cybersecurity for Information Professionals: Concepts and Applications introduces the fundamental concepts in cybersecurity and addresses some of the challenges faced by information professionals, librarians, archivists, record managers, students, and professionals in related disciplines. This book is written especially for educators preparing courses in information security, cybersecurity, and the integration of privacy and cybersecurity. The chapters contained in this book represent the multiple and diverse perspectives from professionals in the field of cybersecurity. The chapters will cover the following topics: Information Governance and Cybersecurity User Privacy and Security Online: The Role of Information Professionals Cybersecurity and Social Media Healthcare Regulations, Threats, and their Impact on Cybersecurity Mobile Cybersecurity: A Socio-Technical Perspective Cybersecurity in the Software Development Life Cycle Data Security and Privacy Above all, the book addresses the ongoing challenges of cybersecurity. In particular, it explains how information professionals can contribute to long-term workforce development by designing and leading cybersecurity awareness campaigns or cybersecurity hygiene programs to change people’s security behavior.

Electronic communication and financial transactions have assumed massive proportions today. But they come with high risks. Achieving cyber security has become a top priority, and has become one of the most crucial areas of study and research in IT. This book introduces readers to perhaps the most effective tool in achieving a secure environment, i.e. cryptography. This book offers more solved examples than most books on the subject, it includes state of the art topics and discusses the scope of future research. Preface Overview of Cryptography Introduction Goals of Cryptography Classification of Cryptosystem Practically Useful Cryptosystem Cryptanalysis Basic Algebra Group Ring Field Exercise Number Theory Introduction Prime Numbers Cardinality of Primes Extended Euclidean Algorithm Primality Testing Factorization and Algorithms for it Congruences Quadratic Congruence Exponentiation and Logarithm Discrete Logarithm Problem and Algorithms for it Exercise Probability and Perfect Secrecy Basic Concept of Probability Birthday Paradox Perfect Secrecy Vernam One Time Pad Random Number Generation Pseudo-random Number Generator Exercise Complexity Theory Running Time and Size of Input Big-O Notation Types of algorithm Complexity Classes Exercise Classical Cryptosystems Classification of Classical Cryptosystem Block Cipher Stream Cipher Cryptanalysis of Cryptosystems Exercise 　 Block Ciphers Introduction Modes of Operation Padding Design Considerations Data Encryption Standard Advanced Encryption Standard Exercise Hash Function Compression and Hash Functions Hash function for cryptography Random Oracle Model Cryptographic Hash Functions Exercise Public Key Cryptosystem Introduction Diffie-Hellman Key Exchange Protocol RSA Cryptosystem Rabin Cryptosystem ElGamal Cryptosystem Elliptic Curve Cryptosystem Exercises Digital Signature Formal Definitions Attack Goals for Digital Signature Digital Signature in Practice Some Popular Digital Signatures Exercises Research Directions in Cryptography Pairing-Based Cryptography Zero-knowledge Proof System Authenticated Group Key Exchange Attribute-Based Cryptography Homomorphic Encryption Secure Multi-party Computation Secret Sharing Post-Quantum Cryptography Side-Channel Analysis References Index Sahadeo Padhye has a doctorate in Cryptography, and currently working as Associate Professor at Department of Mathematics, Motilal Nehru National Institute of Technology Allahabad, India. His research interests include Public key Cryptography, Elliptic Curve Cryptography, Digital Signatures, Lattice Based Cryptography. He has published many research papers in reputed international journals and conferences in Cryptography. Rajeev A Sahu has a doctorate in Cryptography and currently working as a Post-Doctoral Researcher at Université Libre de Bruxelles, Belgium. He has also worked as an Assistant Professor at C.R. Rao Advanced Institute of Mathematics Statistics & Computer Science, Hyderabad, India. His research interests are Identity-Based Cryptography, Elliptic Curve Cryptography, Digital Signature, Searchable Encryption, Post-Quantum Cryptography on which he has published over two dozen research papers in reputed international journals and conferences in Computer Science and Cryptography. Vishal Saraswat received his Ph.D. in Cryptography from University of Minnesota, Minneapolis, USA and has held regular and visiting positions at a variety of institutions, including IIT Jammu, IIT Hyderabad, ISI Kolkata, Univ. of Hyderabad and AIMSCS, Hyderabad. His research interests include anonymity and privacy, searchable encryption, postquantum crypto, and active and passive cryptanalysis, topics on which he has published several papers in reputed international journals and conferences.

Providing comprehensive coverage of cyberspace and cybersecurity, this textbook not only focuses on technologies but also explores human factors and organizational perspectives and emphasizes why asset identification should be the cornerstone of any information security strategy. Topics include addressing vulnerabilities, building a secure enterprise, blocking intrusions, ethical and legal issues, and business continuity. Updates include topics such as cyber risks in mobile telephony, steganography, cybersecurity as an added value, ransomware defense, review of recent cyber laws, new types of cybercrime, plus new chapters on digital currencies and encryption key management. Vulnerabilities in Information Systems Vulnerabilities in the Organization Risk in Information System Infrastructure Secure Information Systems Cybersecurity and the CIO Building a Secure Organization Cyberspace Intrusions Cyberspace Defence Cyberspace and the Law Cyber Warfare and Homeland Security Digital Currencies Dr. George K. Kostopoulos is a faculty member at the University of Maryland University College, where he serves and teaches as a faculty mentor in the master’s degree programs in cybersecurity and information assurance. Dr. Kostopoulos has an extensive international academic career, having taught in seventeen universities around the world, including Boston University, Texas A&M International University, Florida Atlantic University, the University of Heidelberg (Germany), and the American University of Sharjah (UAE). He is the author of numerous scholarly papers and two other books, \"Digital Engineering\" and \"Greece and the European Economic Community.\" Dr. Kostopoulos received his master’s and PhD degrees in electrical and computer engineering from the Arizona State University, and a master’s in economics from California State Polytechnic University. He is the founder and editor-in-chief of the Journal of Cybersecurity and Information Assurance and a reviewer of numerous scientific conferences.

Developing secure software requires the integration of numerous methods and tools into the development process, and software design is based on shared expert knowledge, claims, and opinions. Empirical methods, including data analytics, allow extracting knowledge and insights from the data that organizations collect from their processes and tools, and from the opinions of the experts who practice these processes and methods. This book introduces the reader to the fundamentals of empirical research methods, and demonstrates how these methods can be used to hone a secure software development lifecycle based on empirical data and published best practices. 1. Empirical Research on Security and Privacy by Design, Koen Yskout, Kim Wuyts, Dimitri Van Landuyt, Riccardo Scandariato, and Wouter Joosen 2. Guidelines for Systematic Mapping Studies in Security Engineering, Michael Felderer and Jeffrey C. Carver 3. An Introduction to Data Analytics for Software Security, Lotfi ben Othmane, Achim D. Brucker, Stanislav Dashevskyi, and Peter Tsalovski 4. Generating Software Security Knowledge Through Empirical Methods, Rene Noel, Santiago Matalonga, Gilberto Pedraza, Hernan Astudillo, and Eduardo B. Fernandez 5. Visual Analytics: Foundations and Experiences in Malware Analysis, Markus Wagner, Dominik Sacha, Alexander Rind, Fabian Fischer, Robert Luh, Sebastian Schrittwieser, Daniel A. Keim, and Wolfgang Aigner 6. Analysis of Metrics for Classification Accuracy in Intrusion Detection, Natalia Stakhanova and Alvaro A. Cardenas 7. The Building Security in Maturity Model as a Research Tool, Martin Gilje Jaatun 8. Agile Test Automation for Web Applications: A Security Perspective, Sandra Domenique Ringmann and Hanno Langweg 9. Benchmark for Empirical Evaluation of Web Application Anomaly Detectors, Robert Bronte, Hossain Shahriar, and Hisham Haddad 10. Threats to Validity in Empirical Software Security Research, Daniela S. Cruzes and Lotfi ben Othmane Dr. Lotfi ben Othmane is on the faculty at the Department of Electrical and Computer Engineering, Iowa State University, USA. Previously, he was a Research Scientist and then Head of the Secure Software Engineering department at Fraunhofer SIT, Germany. Lotfi received his Ph.D. from Western Michigan University (WMU), USA, in 2010; the M.S. in computer science from University of Sherbrooke, Canada, in 2000; and the B.S 　in information systems from University of Sfax, Tunisia, in 1995. He works currently on software security, specifically on (1) the application of empirical methods to address software security challenges and (2) the impact of incremental development on the security of software. Dr. Martin Gilje Jaatun is a Senior Scientist at SINTEF ICT, where he has been employed since 2004. He received his Sivilingeniør degree in Telematics from the Norwegian Institute of Technology (NTH) in 1992, and the Dr.Philos. degree from the University of Stavanger in 2015. Previous positions include scientist at the Norwegian Defence Research Establishment (FFI), and Senior Lecturer in information security at the Bodø Graduate School of Business. His research interests include software security, security in cloud computing, and security of critical information infrastructures. Dr. Jaatun is an associate editor of the International Journal of Secure Software engineering. He is vice chairman of the Cloud Computing Association (cloudcom.org), vice chairman of Cloud Security Alliance Norway, and a Senior Member of the IEEE. Dr. Edgar Weippl is Research Director of SBA Research and Associate Professor at the Vienna University of Technology. His research focuses on applied concepts of IT security. He has published numerous articles in journals and more than 100 papers in peer-reviewed conferences. After graduating with a Ph.D. from the Vienna University of Technology, he worked in a research startup for two years. He then spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, he was a Consultant for a Health Maintenance Organization (HMO) in New York and Albany, NY, and for Deutsche Bank, Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and co-founded SBA Research. Dr. Weippl has edited a large number of special issues in journals such as Information Security Technical Report and Computers & Security.

SHELVING GUIDE: Finance/E-Commerce “A systematic review of the structure and context of the blockchain-derived economic model... (the book) describes cryptoeconomics in connection with the game theory, behavioral economics and others in simple understandable language” – Wang Feng, the founder of Linekong Interactive Group and Mars Finance, and a partner of Geekbang Venture Capital. Blockchain technology has subverted existing perceptions, and it is the start of an economic revolution, which is the subject of this book, i.e., cryptoeconomics. It is a key component of cryptoeconomics. Vlad Zamfir, a developer of Ethereum, explained this term as “a formal discipline that studies protocols that governs the production, distribution, and consumption of goods and services in a decentralized digital economy. Cryptoeconomics is a practical science that focuses on the design and characterization of these protocols”. This book explains the structures of blockchain-derived economic models, their history, and their application. It uses real-world cases to illustrate the relationship between cryptoeconomics and blockchain. Blockchain technology solves trust issues. A blockchain application can restrict behavior on the blockchain through a reward and punishment system that enables consensus in an innovative way. The greatest significance of cryptoeconomics lies in guaranteeing safety, stability, activity, and order in a decentralized consensus system. Security and stability are achieved mainly by cryptographical mechanisms. Activity and order are achieved through economic mechanisms. “Cryptoeconomics and Blockchain: The Perspective from China” discusses the most popular consensus algorithms and optimization mechanisms. With examples explained in clear and simple terms that are easy to understand, this book also explores economic mechanisms of blockchain such as game theory and behavioral economics.

\"... an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. ... Readers are armed with firm solutions for the fight against cyber threats.\" —Dr. Dena Haritos Tsamitis. Carnegie Mellon University \"... a must read for security specialists, software developers and software engineers. ... should be part of every security professional’s library . \" —Dr. Larry Ponemon, Ponemon Institute \"... the definitive how-to guide for software security professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield deftly outline the procedures and policies needed to integrate real security into the software development process. ...A must-have for anyone on the front lines of the Cyber War ...\" —Cedric Leighton, Colonel, USAF (Ret.), Cedric Leighton Associates \"Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a magic formula in this book - the methodology and process to build security into the entire software development life cycle so that the software is secured at the source! \" —Eric S. Yuan, Zoom Video Communications There is much publicity regarding network security, but the real cyber Achilles’ heel is insecure software. Millions of software vulnerabilities create a cyber house of cards, in which we conduct our digital lives. In response, security people build ever more elaborate cyber fortresses to protect this vulnerable software. Despite their efforts, cyber fortifications consistently fail to protect our digital treasures. Why? The security industry has failed to engage fully with the creative, innovative people who write software. Core Software Security expounds developer-centric software security, a holistic process to engage creativity for security. As long as software is developed by humans, it requires the human element to fix it. Developer-centric security is not only feasible but also cost effective and operationally relevant. The methodology builds security into software development, which lies at the heart of our cyber infrastructure. Whatever development method is employed, software must be secured at the source . Book Highlights: Supplies a practitioner's view of the SDL Considers Agile as a security enabler Covers the privacy elements in an SDL Outlines a holistic business-savvy SDL framework that includes people, process, and technology Highlights the key success factors, deliverables, and metrics for each phase of the SDL Examines cost efficiencies, optimized performance, and organizational structure of a developer-centric software security program and PSIRT Includes a chapter by noted security architect Brook Schoenfield who shares his insights and experiences in applying the book’s SDL framework View the authors' website at http://www.androidinsecurity.com/ Introduction The Importance and Relevance of Software Security Software Security and the Software Development Lifecycle Quality Versus Secure Code The Three Most Important SDL Security Goals Threat Modeling and Attack Surface Validation Chapter Summary—What to Expect from This Book References The Secure Development Lifecycle Overcoming Challenges in Making Software Secure Software Security Maturity Models ISO/IEC 27034—Information Technology—Security Techniques—Application Security Other Resources for SDL Best Practices SAFECode U.S. Department of Homeland Security Software Assurance Program National Institute of Standards and Technology MITRE Corporation Common Computer Vulnerabilities and Exposures SANS Institute Top Cyber Security Risks U.S. Department of Defense Cyber Security and Information Systems Information Analysis Center (CSIAC) CERT, Bugtraq, and SecurityFocus Critical Tools and Talent The Tools The Talent Principles of Least Privilege Privacy The Importance of Metrics Mapping the Security Development Lifecycle to the Software Development Lifecycle Software Development Methodologies Waterfall Development Agile Development Chapter Summary References Security Assessment (A1): SDL Activities and Best Practices Software Security Team Is Looped in Early Software Security Hosts a Discovery Meeting Software Security Team Creates an SDL Project Plan Privacy Impact Assessment (PIA) Plan Initiated Security Assessment (A1) Key Success Factors and Metrics Key Success Factors Deliverables Metrics Chapter Summary References Architecture (A2): SDL Activities and Best Practices A2 Policy Compliance Analysis SDL Policy Assessment and Scoping Threat Modeling/Architecture Security Analysis Threat Modeling Data Flow Diagrams Architectural Threat Analysis and Ranking of Threats Risk Mitigation Open-Source Selection Privacy Information Gathering and Analysis Key Success Factors and Metrics Key Success Factors Deliverables Metrics Chapter Summary References Design and Development (A3): SDL Activities and Best Practices A3 Policy Compliance Analysis Security Test Plan Composition Threat Model Updating Design Security Analysis and Review Privacy Implementation Assessment Key Success Factors and Metrics Key Success Factors Deliverables Metrics Chapter Summary References Design and Development (A4): SDL Activities and Best Practices A4 Policy Compliance Analysis Security Test Case Execution Code Review in the SDLC/SDL Process Security Analysis Tools Static Analysis Dynamic Analysis Fuzz Testing Manual Code Review Key Success Factors Deliverables Metrics Chapter Summary References Ship (A5): SDL Activities and Best Practices A5 Policy Compliance Analysis Vulnerability Scan Penetration Testing Open-Source Licensing Review Final Security Review Final Privacy Review Key Success Factors Deliverables Metrics Chapter Summary References Post-Release Support (PRSA1–5) Right-Sizing Your Software Security Group The Right Organizational Location The Right People The Right Process PRSA1: External Vulnerability Disclosure Response Post-Release PSIRT Response Post-Release Privacy Response Optimizing Post-Release Third-Party Response PRSA2: Third-Party Reviews PRSA3: Post-Release Certifications PRSA4: Internal Review for New Product Combinations or Cloud Deployments PRSA5: Security Architectural Reviews and Tool-Based Assessments of Current, Legacy, and M&A Products and Solutions Legacy Code Mergers and Acquisitions (M&As) Key Success Factors Deliverables Metrics Chapter Summary References Applying the SDL Framework to the Real World Introduction Build Software Securely Produce Secure Code Manual Code Review Static Analysis Determining the Right Activities for Each Project The Seven Determining Questions Architecture and Design Testing Functional Testing Dynamic Testing Attack and Penetration Testing Independent Testing Agile: Sprints Key Success Factors and Metrics Secure Coding Training Program Secure Coding Frameworks (APIs) Manual Code Review Independent Code Review and Testing (by Experts or Third Parties) Static Analysis Risk Assessment Methodology Integration of SDL with SDLC Development of Architecture Talent Metrics Chapter Summary References Pulling It All Together: Using the SDL to Prevent Real-World Threats Strategic, Tactical, and User-Specific Software Attacks Strategic Attacks Tactical Attacks User-Specific Attacks Overcoming Organizational and Business Challenges with a Properly Designed, Managed, and Focused SDL Software Security Organizational Realities and Leverage Overcoming SDL Audit and Regulatory Challenges with Proper Governance Management Future Predications for Software Security The Bad News The Good News Conclusion References Appendix Index First and foremost, Ransome and Misra have made an engaging book that will empower readers in both large and small software development and engineering organizations to build security into their products. This book clarifies to executives the decisions to be made on software security and then provides guidance to managers and developers on process and procedure. Readers are armed with firm solutions for the fight against cyber threats. —Dr. Dena Haritos Tsamitis, Director, Information Networking Institute and Director of Education, CyLab Carnegie Mellon University Finally, the definitive how-to guide for software security professionals. Dr. Ransome, Anmol Misra, and Brook Schoenfield deftly outline the procedures and policies needed to integrate real security into the software development process and why security needs to be software and developer-centric if it is to be relevant. A must-have for anyone on the front lines of the Cyber War - especially software developers and those who work with them. —Cedric Leighton, Colonel, USAF (Ret); Founder & President, Cedric Leighton Associates In the wake of cloud computing and mobile apps, the issue of software security has never been more important than today. This book is a must read for security specialists, software developers and software engineers. The authors do a brilliant job providing common sense approaches to achieving a strong software security posture. —Dr. Larry Ponemon, Chairman & Founder, Ponemon Institute The root of software security lies within the source code developed by software developers. Therefore, security should be developer-centric, focused on the secure development of the source code. Dr. Ransome, Anmol Misra, and Brook Schoenfield give you a magic formula in this book - the methodology and process to build security into the entire software development life cycle so that the software is secured at the source ! —Eric S. Yuan, Founder and CEO, Zoom Video Communications, Inc Misra and his co-author James Ransome, senior director of product security at McAfee, an Intel Company, reflected on years of lessons learned and experiences with Fortune 500 clients and devised a methodology that builds security into software development. The newly published book Core Software Security, Security at the Source takes an innovative approach that engages the creativity of the developer. ... The book covers embedding security as a part of existing software d