Normal view MARC view ISBD view

Ten Laws for Security.

By: Diehl, Eric.
Material type: TextTextSeries: eBooks on Demand.Publisher: Cham : Springer International Publishing, 2016Copyright date: ©2016Description: 1 online resource (290 pages).Content type: text Media type: computer Carrier type: online resourceISBN: 9783319426419.Subject(s): Computer security--Law and legislationGenre/Form: Electronic books.Additional physical formats: Print version:: Ten Laws for SecurityDDC classification: 004 LOC classification: QA75.5-76.95Online resources: Click here to view this ebook.
Contents:
Foreword -- Preface -- Contents -- Abbreviations and Acronyms -- List of Figures -- Introduction -- 1 Law 1: Attackers Will Always Find Their Way -- 1.1 Examples -- 1.2 Analysis -- 1.2.1 Should Vulnerabilities Be Published? -- 1.2.2 Jailbreaking and Secure Bootloaders -- 1.2.3 Flawed Designs -- 1.2.4 Advanced Persistent Threats -- 1.3 Takeaway -- 1.3.1 Design Your System for Renewability -- 1.3.2 Design for Secure Failure -- 1.3.3 Defense in Depth -- 1.3.4 Backup -- 1.4 Summary -- 2 Law 2: Know the Assets to Protect -- 2.1 Examples -- 2.2 Analysis -- 2.2.1 Classification of Assets -- 2.2.2 Classification of Attackers -- 2.2.3 Threats -- 2.3 Takeaway -- 2.3.1 Overprotecting Can Be Bad -- 2.3.2 Know Your Enemy -- 2.4 Summary -- 3 Law 3: No Security Through Obscurity -- 3.1 Examples -- 3.2 Analysis -- 3.2.1 Designing a Secure Encryption Algorithm -- 3.2.2 Kerckhoffs' Law Does Not Mean Publish Everything -- 3.3 Takeaway -- 3.4 Summary -- 4 Law 4: Trust No One -- 4.1 Examples -- 4.2 Analysis -- 4.2.1 Supply Chain Attack -- 4.2.2 Who Can You Trust? -- 4.2.3 Is This Certificate Yours? -- 4.2.4 Is the Cloud Trustworthy? -- 4.2.5 Hardware Root of Trust -- 4.3 Takeaway -- 4.3.1 Define Your Trust Model -- 4.3.2 Minimize Attack Surface Area -- 4.3.3 Principle of Least Privilege -- 4.3.4 Simplicity -- 4.3.5 Insiders -- 4.3.6 Isolate Your Trust Space -- 4.4 Summary -- 5 Law 5: Si Vis Pacem, Para Bellum -- 5.1 Example -- 5.2 Analysis -- 5.2.1 Security Is Aging -- 5.3 Takeaway -- 5.3.1 Active Defense -- 5.3.2 Renewability -- 5.3.3 Be Vigilant -- 5.4 Summary -- 6 Law 6: Security Is no Stronger Than Its Weakest Link -- 6.1 Examples -- 6.2 Analysis -- 6.2.1 Design Issues -- 6.2.2 Side-Channel Attacks -- 6.2.3 Rollback and Backward Compatibility -- 6.3 Takeaway -- 6.3.1 Test -- 6.3.2 Fix Security Issues Adequately -- 6.3.3 Take Care of Your Keys.
6.3.4 Think Global -- 6.4 Summary -- 7 Law 7: You are the Weakest Link -- 7.1 Examples -- 7.2 Analysis -- 7.2.1 Bring Your Own Cloud -- 7.2.2 Authentication -- 7.2.3 Social Engineering -- 7.2.4 Biometrics -- 7.2.5 Do Users Care About Security Warnings? -- 7.3 Takeaway -- 7.3.1 Understand Your Users -- 7.3.2 Align the Interests of All Actors -- 7.3.3 Awareness -- 7.4 Summary -- 8 Law 8: If You Watch the Internet, the Internet Is Watching You -- 8.1 Examples -- 8.2 Analysis -- 8.2.1 Protect Your Corporate LAN -- 8.3 Takeaway -- 8.3.1 Assume External Systems Are Insecure -- 8.3.2 Privacy -- 8.3.3 Anonymity -- 8.4 Summary -- 9 Law 9: Quis Custodiet Ipsos Custodes? -- 9.1 Examples -- 9.2 Analysis -- 9.2.1 CobiT -- 9.3 Takeaway -- 9.3.1 Separation of Duties -- 9.3.2 Logfiles Are to Be Reviewed -- 9.4 Summary -- 10 Law 10: Security Is Not a Product, Security Is a Process -- 10.1 Examples -- 10.2 Analysis -- 10.2.1 The McCumber Cube -- 10.2.2 Security Mindset -- 10.2.3 ISO 27005 -- 10.3 Takeaway -- 10.3.1 What Makes a Great Hacker? -- 10.3.2 Tools -- 10.3.3 Written Policies -- 10.3.4 Communicate Risks -- 10.3.5 Think Out of the Box -- 10.4 Summary -- Conclusions -- Conclusions -- Appendix A: A Brief Introduction to Cryptography -- A.1 Symmetric Cryptography -- A.2 Asymmetric Cryptography -- A.3 Hash Functions -- Appendix B: Other Ten (or More) Laws of Security -- B.1 Microsoft -- B.2 Building Secure Software -- B.3 What Hackers Don't Want You to Know -- References.
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Call number URL Status Date due Barcode
Electronic Book UT Tyler Online
Online
QA75.5-76.95 (Browse shelf) http://ebookcentral.proquest.com/lib/uttyler/detail.action?docID=4744597 Available EBC4744597

Foreword -- Preface -- Contents -- Abbreviations and Acronyms -- List of Figures -- Introduction -- 1 Law 1: Attackers Will Always Find Their Way -- 1.1 Examples -- 1.2 Analysis -- 1.2.1 Should Vulnerabilities Be Published? -- 1.2.2 Jailbreaking and Secure Bootloaders -- 1.2.3 Flawed Designs -- 1.2.4 Advanced Persistent Threats -- 1.3 Takeaway -- 1.3.1 Design Your System for Renewability -- 1.3.2 Design for Secure Failure -- 1.3.3 Defense in Depth -- 1.3.4 Backup -- 1.4 Summary -- 2 Law 2: Know the Assets to Protect -- 2.1 Examples -- 2.2 Analysis -- 2.2.1 Classification of Assets -- 2.2.2 Classification of Attackers -- 2.2.3 Threats -- 2.3 Takeaway -- 2.3.1 Overprotecting Can Be Bad -- 2.3.2 Know Your Enemy -- 2.4 Summary -- 3 Law 3: No Security Through Obscurity -- 3.1 Examples -- 3.2 Analysis -- 3.2.1 Designing a Secure Encryption Algorithm -- 3.2.2 Kerckhoffs' Law Does Not Mean Publish Everything -- 3.3 Takeaway -- 3.4 Summary -- 4 Law 4: Trust No One -- 4.1 Examples -- 4.2 Analysis -- 4.2.1 Supply Chain Attack -- 4.2.2 Who Can You Trust? -- 4.2.3 Is This Certificate Yours? -- 4.2.4 Is the Cloud Trustworthy? -- 4.2.5 Hardware Root of Trust -- 4.3 Takeaway -- 4.3.1 Define Your Trust Model -- 4.3.2 Minimize Attack Surface Area -- 4.3.3 Principle of Least Privilege -- 4.3.4 Simplicity -- 4.3.5 Insiders -- 4.3.6 Isolate Your Trust Space -- 4.4 Summary -- 5 Law 5: Si Vis Pacem, Para Bellum -- 5.1 Example -- 5.2 Analysis -- 5.2.1 Security Is Aging -- 5.3 Takeaway -- 5.3.1 Active Defense -- 5.3.2 Renewability -- 5.3.3 Be Vigilant -- 5.4 Summary -- 6 Law 6: Security Is no Stronger Than Its Weakest Link -- 6.1 Examples -- 6.2 Analysis -- 6.2.1 Design Issues -- 6.2.2 Side-Channel Attacks -- 6.2.3 Rollback and Backward Compatibility -- 6.3 Takeaway -- 6.3.1 Test -- 6.3.2 Fix Security Issues Adequately -- 6.3.3 Take Care of Your Keys.

6.3.4 Think Global -- 6.4 Summary -- 7 Law 7: You are the Weakest Link -- 7.1 Examples -- 7.2 Analysis -- 7.2.1 Bring Your Own Cloud -- 7.2.2 Authentication -- 7.2.3 Social Engineering -- 7.2.4 Biometrics -- 7.2.5 Do Users Care About Security Warnings? -- 7.3 Takeaway -- 7.3.1 Understand Your Users -- 7.3.2 Align the Interests of All Actors -- 7.3.3 Awareness -- 7.4 Summary -- 8 Law 8: If You Watch the Internet, the Internet Is Watching You -- 8.1 Examples -- 8.2 Analysis -- 8.2.1 Protect Your Corporate LAN -- 8.3 Takeaway -- 8.3.1 Assume External Systems Are Insecure -- 8.3.2 Privacy -- 8.3.3 Anonymity -- 8.4 Summary -- 9 Law 9: Quis Custodiet Ipsos Custodes? -- 9.1 Examples -- 9.2 Analysis -- 9.2.1 CobiT -- 9.3 Takeaway -- 9.3.1 Separation of Duties -- 9.3.2 Logfiles Are to Be Reviewed -- 9.4 Summary -- 10 Law 10: Security Is Not a Product, Security Is a Process -- 10.1 Examples -- 10.2 Analysis -- 10.2.1 The McCumber Cube -- 10.2.2 Security Mindset -- 10.2.3 ISO 27005 -- 10.3 Takeaway -- 10.3.1 What Makes a Great Hacker? -- 10.3.2 Tools -- 10.3.3 Written Policies -- 10.3.4 Communicate Risks -- 10.3.5 Think Out of the Box -- 10.4 Summary -- Conclusions -- Conclusions -- Appendix A: A Brief Introduction to Cryptography -- A.1 Symmetric Cryptography -- A.2 Asymmetric Cryptography -- A.3 Hash Functions -- Appendix B: Other Ten (or More) Laws of Security -- B.1 Microsoft -- B.2 Building Secure Software -- B.3 What Hackers Don't Want You to Know -- References.

Description based on publisher supplied metadata and other sources.

Author notes provided by Syndetics

The author is the Vice President of Media and Security Technologies at Sony Pictures Entertainment. He was formerly the Vice President of the Security and Content Protection Labs at Technicolor. His main research topics are DRM for professional applications, audio and video watermarking, video fingerprinting, secure distribution of multimedia content, and copy protection. He has more than 25 years of research experience, he has filed more than 95 patents in the field, and he is involved with the main related academic conferences as an organizer and contributor.

There are no comments for this item.

Log in to your account to post a comment.