API Security for White Hat Hackers. Uncover offensive defense strategies and get up to speed with secure API implementation

Confidence Staveley, Christopher Romeo

APIs have evolved into an essential part of modern applications, making them an attractive target for cybercriminals. Written by a multi-award-winning cybersecurity leader , this comprehensive guide offers practical insights into testing APIs, identifying vulnerabilities, and fixing them.With a focus on hands-on learning, this book guides you through securing your APIs in a step-by-step manner. You'll learn how to bypass authentication controls, circumvent authorization controls, and identify vulnerabilities in APIs using open-source and commercial tools. Moreover, you'll gain the skills you need to write comprehensive vulnerability reports and recommend and implement effective mitigation strategies to address the identified vulnerabilities. This book isn't just about hacking APIs; it's also about understanding how to defend them. You'll explore various API security management strategies and understand how to use them to safeguard APIs against emerging threats.By the end of this book, you'll have a profound understanding of API security and how to defend against the latest threats. Whether you're a developer, security professional, or ethical hacker, this book will ensure that your APIs are secure and your organization's data is protected.

ChatGPT for Cybersecurity Cookbook. Learn practical generative AI recipes to supercharge your cybersecurity skills

Clint Bodungen, Aaron Crow

Are you ready to unleash the potential of AI-driven cybersecurity? This cookbook takes you on a journey toward enhancing your cybersecurity skills, whether you’re a novice or a seasoned professional. By leveraging cutting-edge generative AI and large language models such as ChatGPT, you'll gain a competitive advantage in the ever-evolving cybersecurity landscape.ChatGPT for Cybersecurity Cookbook shows you how to automate and optimize various cybersecurity tasks, including penetration testing, vulnerability assessments, risk assessment, and threat detection. Each recipe demonstrates step by step how to utilize ChatGPT and the OpenAI API to generate complex commands, write code, and even create complete tools. You’ll discover how AI-powered cybersecurity can revolutionize your approach to security, providing you with new strategies and techniques for tackling challenges. As you progress, you’ll dive into detailed recipes covering attack vector automation, vulnerability scanning, GPT-assisted code analysis, and more. By learning to harness the power of generative AI, you'll not only expand your skillset but also increase your efficiency.By the end of this cybersecurity book, you’ll have the confidence and knowledge you need to stay ahead of the curve, mastering the latest generative AI tools and techniques in cybersecurity.

CISA - Certified Information Systems Auditor Study Guide. Aligned with the CISA Review Manual 2024 with over 1000 practice questions to ace the exam - Third Edition

Hemang Doshi, Javen Khoo Ai Wee

Following on from the success of its bestselling predecessor, this third edition of the CISA - Certified Information Systems Auditor Study Guide serves as your go-to resource for acing the CISA exam. Written by renowned CISA expert Hemang Doshi, this guide equips you with practical skills and in-depth knowledge to excel in information systems auditing, setting the foundation for a thriving career.Fully updated to align with the 28th edition of the CISA Official Review Manual, this guide covers the latest exam objectives and provides a deep dive into essential IT auditing areas, including IT governance, systems development, and asset protection. The book follows a structured, three-step approach to solidify your understanding. First, it breaks down the fundamentals with clear, concise explanations. Then, it highlights critical exam-focused points to ensure you concentrate on key areas. Finally, it challenges you with self-assessment questions that reflect the exam format, helping you assess your knowledge.Additionally, you’ll gain access to online resources, including mock exams, interactive flashcards, and invaluable exam tips, ensuring you’re fully prepared for the exam with unlimited practice opportunities.By the end of this guide, you’ll be ready to pass the CISA exam with confidence and advance your career in auditing.

Cyber Resilience. A Comprehensive Guide to Understanding and Implementing Cybersecurity Principles

IT Governance Publishing, Alan Calder

In today’s rapidly evolving digital landscape, cybersecurity is essential for protecting organizations from cyber threats. This book provides a thorough guide to building cyber resilience, starting with an in-depth understanding of the ever-changing cyber threat landscape. It covers foundational principles such as risk management, security controls, and defense-in-depth strategies, giving readers the knowledge needed to secure digital systems effectively.The book then delves into actionable cybersecurity controls, offering insights on asset management, identity and access control, encryption, and incident response management. Each section includes practical tips for implementation, ensuring that readers can apply these strategies in real-world scenarios. The goal is to help organizations not only understand cybersecurity but also to establish robust security policies and protocols to prevent and mitigate potential risks.Finally, the book emphasizes the importance of continual improvement and monitoring to maintain a resilient cybersecurity framework. It highlights the need for regular audits, vulnerability scanning, and staff training to adapt to new threats. By the end, readers will be equipped to build and sustain a resilient cybersecurity strategy that ensures long-term protection and business continuity.

Cyber Security Kill Chain - Tactics and Strategies. Breaking down the cyberattack process and responding to threats

Gourav Nagar, Shreyas Kumar, Rohit Ghai

Gain a strategic edge in cybersecurity by mastering the systematic approach to identifying and responding to cyber threats through a detailed exploration of the cyber kill chain framework. This guide walks you through each stage of the attack, from reconnaissance and weaponization to exploitation, command and control (C2), and actions on objectives. Written by cybersecurity leaders Gourav Nagar, Director of Information Security at BILL Holdings, with prior experience at Uber and Apple, and Shreyas Kumar, Professor of Practice at Texas A&M, and former expert at Adobe and Oracle, this book helps enhance your cybersecurity posture. You’ll gain insight into the role of threat intelligence in boosting the cyber kill chain, explore the practical applications of the framework in real-world scenarios, and see how AI and machine learning are revolutionizing threat detection. You’ll also learn future-proofing strategies and get ready to counter sophisticated threats like supply chain attacks and living-off-the-land attacks, and the implications of quantum computing on cybersecurity.By the end of this book, you’ll have gained the strategic understanding and skills needed to protect your organization's digital infrastructure in the ever-evolving landscape of cybersecurity.

Ethical Password Cracking. Decode passwords using John the Ripper, hashcat, and advanced methods for password breaking

James Leyte-Vidal

Whether you’re looking to crack passwords as part of a thorough security audit or aiming to recover vital information, this book will equip you with the skills to accomplish your goals. Written by a cybersecurity expert with over fifteen years of experience in penetration testing, Ethical Password Cracking offers a thorough understanding of password protection and the correct approach to retrieving password-protected data.As you progress through the chapters, you first familiarize yourself with how credentials are stored, delving briefly into the math behind password cracking. Then, the book will take you through various tools and techniques to help you recover desired passwords before focusing on common cracking use cases, hash recovery, and cracking. Real-life examples will prompt you to explore brute-force versus dictionary-based approaches and teach you how to apply them to various types of credential storage.By the end of this book, you'll understand how passwords are protected and how to crack the most common credential types with ease.

Hands-On Ethical Hacking Tactics. Strategies, tools, and techniques for effective cyber defense

Shane Hartman, Ken Dunham

If you’re an ethical hacker looking to boost your digital defenses and stay up to date with the evolving cybersecurity landscape, then this book is for you. Hands-On Ethical Hacking Tactics is a comprehensive guide that will take you from fundamental to advanced levels of ethical hacking, offering insights into both offensive and defensive techniques. Written by a seasoned professional with 20+ years of experience, this book covers attack tools, methodologies, and procedures, helping you enhance your skills in securing and defending networks.The book starts with foundational concepts such as footprinting, reconnaissance, scanning, enumeration, vulnerability assessment, and threat modeling. Next, you’ll progress to using specific tools and procedures for hacking Windows, Unix, web servers, applications, and databases. The book also gets you up to speed with malware analysis. Throughout the book, you’ll experience a smooth transition from theoretical concepts to hands-on techniques using various platforms. Finally, you’ll explore incident response, threat hunting, social engineering, IoT hacking, and cloud exploitation, which will help you address the complex aspects of ethical hacking.By the end of this book, you’ll have gained the skills you need to navigate the ever-changing world of cybersecurity.

Information Security Handbook. Enhance your proficiency in information security program development - Second Edition

Darren Death

Information Security Handbook is a practical guide that’ll empower you to take effective actions in securing your organization’s assets. Whether you are an experienced security professional seeking to refine your skills or someone new to the field looking to build a strong foundation, this book is designed to meet you where you are and guide you toward improving your understanding of information security.Each chapter addresses the key concepts, practical techniques, and best practices to establish a robust and effective information security program. You’ll be offered a holistic perspective on securing information, including risk management, incident response, cloud security, and supply chain considerations. This book has distilled years of experience and expertise of the author, Darren Death, into clear insights that can be applied directly to your organization’s security efforts. Whether you work in a large enterprise, a government agency, or a small business, the principles and strategies presented in this book are adaptable and scalable to suit your specific needs.By the end of this book, you’ll have all the tools and guidance needed to fortify your organization’s defenses and expand your capabilities as an information security practitioner.

ISO 27001 Controls. Mastering ISO 27001: A Step-by-Step Guide to Effective Implementation and Auditing

IT Governance Publishing, Bridget Kenyon

This guide offers a comprehensive approach to implementing and auditing ISO 27001 controls, providing clear steps for establishing a robust Information Security Management System (ISMS). It is designed to help organizations navigate the complexities of meeting international security standards while ensuring the protection of sensitive information. The book covers every aspect of ISO/IEC 27001, from the foundational principles to practical applications of organizational, physical, and technological controls.Each chapter is carefully structured to explain the implementation of specific controls, focusing on real-world scenarios and offering actionable advice for security professionals. With detailed instructions and clear examples, readers will gain a deep understanding of the ISO 27001 framework and how to align their organizations with best practices. In addition to control implementation, the book emphasizes ongoing compliance and risk management strategies. It highlights critical areas such as incident management, supplier relationships, and data protection, ensuring readers can address security challenges at all levels. Whether new to ISO 27001 or looking to refine an existing ISMS, this book provides the tools necessary for successful information security management and compliance auditing.

ISO 27001/ISO 27002. A guide to information security management systems

IT Governance Publishing, Alan Calder

This comprehensive guide demystifies the ISO 27001 and ISO 27002 standards, offering a clear roadmap to understanding, implementing, and managing an Information Security Management System (ISMS). It begins with foundational concepts, a history of ISO 27001, and introduces the ISO 27000 family. The book proceeds to cover the PDCA cycle, Annex SL structure, and the significance of shall vs. should in compliance language.Core chapters walk through ISO 27001’s clauses and requirements, from organizational context and leadership to performance evaluation and continual improvement. Annex A's security controls are explored in detail, linking theory with practical application. ISO 27002 is also thoroughly reviewed to offer guidance on selecting and implementing appropriate controls.By the end of the book, readers gain a strong understanding of ISMS design, certification processes, and control mapping. This resource supports IT managers, compliance officers, and auditors seeking to align with international security standards.

Listy kontrolne, procedury i instrukcje ODO

Praca zbiorowa

E-book zawiera pakiet list kontrolnych, procedur i i instrukcji ODO. Znajdziesz tu takie dokumenty jak: - Lista kontrolna: Sprawdź swoją wiedzę na temat cyberbezpieczeństwa - Lista kontrolna: Jak zweryfikować podmiot przetwarzający w związku z mającym nastąpić powierzeniem danych osobowych - Lista kontrolna: Jak przeprowadzić ocenę skutków ochrony danych w sklepie internetowym w 5 krokach - Lista sprawdzająca: Jakie są terminy aktualizacji dokumentacji dotyczącej ochrony danych osobowych - Lista kontrolna: Jak stosować pliki cookies na stronie WWW i wiele innych

Microsoft Identity and Access Administrator SC-300 Exam Guide. Pass the SC-300 exam with confidence by using exam-focused resources - Second Edition

Aaron Guilmette, James Hardiman, Doug Haven, Dwayne Natwick

SC-300 exam content has undergone significant changes, and this second edition aligns with the revised exam objectives. This updated edition gives you access to online exam prep resources such as chapter-wise practice questions, mock exams, interactive flashcards, and expert exam tips, providing you with all the tools you need for thorough exam preparation.You’ll get to grips with the creation, configuration, and management of Microsoft Entra identities, as well as understand the planning, implementation, and management of Microsoft Entra user authentication processes. You’ll learn to deploy and use new Global Secure Access features, design cloud application strategies, and manage application access and policies by using Microsoft Cloud App Security. You’ll also gain experience in configuring Privileged Identity Management for users and guests, working with the Permissions Creep Index, and mitigating associated risks.By the end of this book, you’ll have mastered the skills essential for securing Microsoft environments and be able to pass the SC-300 exam on your first attempt.

NIST CSF 2.0. Your essential introduction to managing cybersecurity risks

IT Governance Publishing, Andrew Pattison

This comprehensive guide introduces the origins, aims, and components of the NIST Cybersecurity Framework (CSF) 2.0. It explores the core structure including functions, categories, subcategories, and profiles, and provides detailed implementation tiers and examples.Readers are then guided through a deep dive into all six framework categories—from Govern to Recover—and learn how to develop and apply risk management strategies within an organization. The content covers NIST SP 800-53, informative references, and practical quick-start guides to help translate theory into action.The final sections offer a seven-step implementation roadmap, including gap analysis, target profiles, and continuous improvement. The book concludes by mapping the CSF to international standards like ISO 27001 and ISO 22301, offering a well-rounded and interoperable cybersecurity strategy.

Ochrona sygnalistów w dokumentacji ODO

Michał Kowalski

W ebooku przeczytasz m.in. o tym kim jest sygnalista i kiedy należy objąć go ochroną, jak wygląda ochrona sygnalistów w przypadku zgłaszania naruszenia prawa, poznasz obowiązek informacyjny RODO wobec sygnalisty oraz otrzymasz gotowy wzór procedury zgłoszeń wewnętrznych. Świeża publikacja oparta na aktualnościach w kontekście nowej ustawy o sygnalistach. E-book został przygotowany z myślą o specjalistach ochrony danych osobowych, a zawarte w nim informacje pomogą w zapewnieniu zgodności z obowiązującymi przepisami.

RODO w sieci - 17 pytań i odpowiedzi dotyczących ochrony danych przetwarzanych cyfrowo

Piotr Glen, Michał Koralewski, Maciej Lipka, Michał Nosowski, ...

Przetwarzanie danych osobowych cyfrowo jest powszechną i wygodna praktyką dla wszystkich uczestników tego procesu. Niemniej jednak jest ono obarczone większym ryzykiem związanym z ich bezpieczeństwem np. w postaci cyberataku. To z kolei powoduje, że administratorzy danych osobowych mają dodatkowe obowiązki w tym zakresie. Sprawdź, jak przetwarzać dane na potrzeby poczty e-mail, wideokonferencji, urządzeń mobilnych, jak przesyłać dane poza obszar EOG czy też jakie są założenia aktu o usługach cyfrowych. To tylko niektóre z najistotniejszych zagadnień omówionych w tej publikacji.

Securing Industrial Control Systems and Safety Instrumented Systems. A practical guide for safeguarding mission and safety critical systems

Jalal Bouhdada, Marco Ayala

As modern process facilities become increasingly sophisticated and vulnerable to cyber threats, securing critical infrastructure is more crucial than ever. This book offers an indispensable guide to industrial cybersecurity and Safety Instrumented Systems (SIS), vital for maintaining the safety and reliability of critical systems and protecting your operations, personnel, and assets.Starting with SIS design principles, the book delves into the architecture and protocols of safety networks. It provides hands-on experience identifying vulnerabilities and potential attack vectors, exploring how attackers might target SIS components. You’ll thoroughly analyze Key SIS technologies, threat modeling, and attack techniques targeting SIS controllers and engineer workstations. The book shows you how to secure Instrument Asset Management Systems (IAMS), implement physical security measures, and apply integrated risk management methodologies. It also covers compliance with emerging cybersecurity regulations and industry standards worldwide.By the end of the book, you’ll have gained practical insights into various risk assessment methodologies and a comprehensive understanding of how to effectively protect critical infrastructure.

The Art of Cyber Security. A practical guide to winning the war on cyber crime

IT Governance Publishing, Gary Hibberd

This book redefines cyber security through the lens of creativity and classical strategy. It begins by exploring the mindset of the cyber defender as both artist and martial artist, highlighting the importance of intuition, flow, and individual perspective. It challenges rigid educational models and argues for a more adaptive, expressive approach to security thinking.Building on this foundation, the second part interprets Sun Tzu’s The Art of War in a cyber context. Each chapter reframes traditional military concepts—deception, preparation, leadership, and adaptability—through the realities of digital threats. The text emphasizes how timeless strategies apply to the modern information battlefield.By blending philosophy, history, and practical insight, the book offers a unique take on digital defense. It invites readers to reflect on their approach, question assumptions, and embrace both logic and creativity. This is not just a guide to threats and tactics, but a call to rethink what it means to be a cyber security professional today.

The California Privacy Rights Act (CPRA). An implementation and compliance guide

IT Governance Publishing, Preston Bukaty

This comprehensive guide to the California Privacy Rights Act (CPRA) explores its impact on businesses and consumers within California. The book begins with a clear explanation of CPRA’s territorial and material jurisdiction, providing readers with an understanding of where and how the law applies. It delves into key definitions critical for businesses and individuals alike, covering terms such as personal information, pseudonymization, and consumer rights. One of the focal points of the book is the examination of the rights granted to consumers, including the right to access, delete, and opt-out of data sales. Alongside this, it addresses the business obligations, such as the need for privacy notices and compliance with security requirements. The book also offers an analysis of penalties for non-compliance and breach notification procedures, making it an essential resource for understanding the legal landscape of consumer privacy in California. It concludes with an overview of related laws that further influence how businesses must manage customer data.

The Cyber Security Handbook. Prepare, respond, and recover from cyber attacks using the IT Governance Cyber Resilience Framework

IT Governance Publishing, Alan Calder

This book offers a deep dive into cybersecurity, equipping professionals with tools and frameworks to protect organizations from diverse cyber threats. It covers critical areas such as information security, cyber resilience, and the regulatory and contractual requirements organizations must meet. The book delves into threat anatomy, analyzing technical, human, physical, and third-party vulnerabilities, and includes real-world case studies like the TalkTalk breach and WannaCry ransomware attack.It also emphasizes third-party risk management to ensure robust security practices across all areas. The book introduces the IT Governance Cyber Resilience Framework (CRF), a structured method for managing critical systems, guiding readers through the processes of identification, detection, response, recovery, and continual improvement. Practical strategies in areas like asset management, network security, and staff training are included.The final section offers actionable steps for implementing cybersecurity practices and introduces reference frameworks like NIST and ISO 27001 for compliance and ongoing improvement. With real-world examples and actionable frameworks, this guide is essential for professionals aiming to enhance their organization's cyber resilience.

The Ransomware Threat Landscape. Prepare for, recognise and survive ransomware attacks

IT Governance Publishing, Alan Calder

The Ransomware Threat Landscape offers an in-depth examination of ransomware, explaining how it works, its modes of access, and the consequences of attacks. The book begins by detailing the mechanisms of ransomware, how cybercriminals exploit vulnerabilities, and the damage it causes to organizations. It further explores the types of ransomware, their infection methods, and how attackers use ransomware for financial gain.The guide provides practical, actionable advice on basic and advanced cybersecurity measures to protect against ransomware. Topics like cybersecurity hygiene, staff awareness, and the importance of creating an anti-ransomware program are covered. The book emphasizes the role of a well-structured risk management framework and its application in preventing attacks and mitigating fallout from infections.For organizations of all sizes, the book offers tailored controls to strengthen defenses. It also explains the steps needed for a comprehensive recovery plan. Advanced prevention strategies for larger enterprises are discussed, making this guide suitable for IT professionals, security experts, and organizational leaders aiming to protect their systems from ransomware threats.

The Security Consultant's Handbook. Essential Strategies for Building and Managing a Security Consulting Business

IT Governance Publishing, Richard Bingley

Becoming a successful security consultant requires a unique set of skills that span both the business and security worlds. This handbook serves as a practical guide to help professionals navigate the complex landscape of security consulting. It covers everything from the entrepreneurial aspects of starting a business to the essential security disciplines like private investigations, information security, and protective security. You’ll also explore the growing importance of resilience in both personal and organizational contexts.The book also delves into the crucial elements of security legislation and regulation, offering a thorough understanding of the legal frameworks that affect security professionals. From UK human rights laws to international laws related to corporate management and conflict, readers will gain the knowledge necessary to operate securely and legally in a variety of environments. Whether you are just starting out or looking to refine your security consulting expertise, this handbook provides the insights needed to thrive in the ever-evolving security industry. It’s a must-read for anyone seeking to build a reputation as a trusted expert in the security consulting field.

Threat Modeling Gameplay with EoP. A reference manual for spotting threats in software architecture

Brett Crawley, Adam Shostack

Are you looking to navigate security risks, but want to make your learning experience fun? Here's a comprehensive guide that introduces the concept of play to protect, helping you discover the threats that could affect your software design via gameplay.Each chapter in this book covers a suit in the Elevation of Privilege (EoP) card deck (a threat category), providing example threats, references, and suggested mitigations for each card. You’ll explore the methodology for threat modeling—Spoofing, Tampering, Repudiation, Information Disclosure, and Elevation of Privilege (S.T.R.I.D.E.) with Privacy deck and the T.R.I.M. extension pack. T.R.I.M. is a framework for privacy that stands for Transfer, Retention/Removal, Inference, and Minimization. Throughout the book, you’ll learn the meanings of these terms and how they should be applied. From spotting vulnerabilities to implementing practical solutions, the chapters provide actionable strategies for fortifying the security of software systems.By the end of this book, you will be able to recognize threats, understand privacy regulations, access references for further exploration, and get familiarized with techniques to protect against these threats and minimize risks.

TLS Cryptography In-Depth. Explore the intricacies of modern cryptography and the inner workings of TLS

Dr. Paul Duplys, Dr. Roland Schmitz

TLS is the most widely used cryptographic protocol today, enabling e-commerce, online banking, and secure online communication. Written by Dr. Paul Duplys, Security, Privacy & Safety Research Lead at Bosch, and Dr. Roland Schmitz, Internet Security Professor at Stuttgart Media University, this book will help you gain a deep understanding of how and why TLS works, how past attacks on TLS were possible, and how vulnerabilities that enabled them were addressed in the latest TLS version 1.3. By exploring the inner workings of TLS, you’ll be able to configure it and use it more securely.Starting with the basic concepts, you’ll be led step by step through the world of modern cryptography, guided by the TLS protocol. As you advance, you’ll be learning about the necessary mathematical concepts from scratch. Topics such as public-key cryptography based on elliptic curves will be explained with a view on real-world applications in TLS. With easy-to-understand concepts, you’ll find out how secret keys are generated and exchanged in TLS, and how they are used to creating a secure channel between a client and a server.By the end of this book, you’ll have the knowledge to configure TLS servers securely. Moreover, you’ll have gained a deep knowledge of the cryptographic primitives that make up TLS.