Hacking

721
Loading...
EBOOK

Testy penetracyjne dla zaawansowanych. Hakowanie najlepiej zabezpieczonych sieci na świecie

Wil Allsopp

Zgodnie z obiegową opinią typowy haker godzinami przeszukuje ogromne ilości danych o ruchu sieciowym w celu znalezienia słabiej zabezpieczonego systemu, a potem przeprowadza atak i uzyskuje dostęp do cennych zasobów. Obrona przed takimi cyberprzestępcami jest stosunkowo prosta. Prawdziwe wyzwanie rzuca silnie zmotywowany napastnik, który jest znawcą systemów i sprawnym programistą. Dzisiejsi administratorzy stoją w obliczu advanced persistent threat (APT), co oznacza dosłownie trwałe zagrożenie zaawansowanym atakiem. Ta książka jest znakomitym wprowadzeniem do zaawansowanych technik forsowania dobrze zabezpieczonych środowisk. Metody tu opisane nie są przedstawiane w żadnym poradniku ani na żadnych szkoleniach. Autor skoncentrował się na modelowaniu ataków APT w rzeczywistych warunkach: prezentuje różne nowe technologie i techniki ataków w szerokim kontekście rozmaitych dziedzin i branż działalności. Poza skutecznymi wektorami ataku przedyskutowano tak ważne koncepcje jak unikanie wykrycia szkodliwych programów, świadomość sytuacyjną, eksplorację poziomą i wiele innych umiejętności, które są kluczowe dla zrozumienia ataków APT. W tej książce między innymi: Makroataki i ataki typu „człowiek w przeglądarce” Wykorzystywanie apletów Javy do ataków Metody eskalacji uprawnień Maskowanie fizycznej lokalizacji za pomocą ukrytych usług w sieci Tor Eksperymentalne metody C2 Techniki inżynierii społecznej Sam sprawdź, czy Twój system odeprze prawdziwy atak? Wil Allsopp jest ekspertem w dziedzinie bezpieczeństwa systemów informatycznych. Testami penetracyjnymi zajmuje się od ponad 20 lat. Specjalizuje się w działaniach red team, ocenie systemów pod kątem podatności na ataki, audytach bezpieczeństwa, kontroli bezpieczeństwa kodu źródłowego, a także w inżynierii społecznej oraz rozpoznawaniu zaawansowanych stałych zagrożeń. Przeprowadził setki etycznych testów hakerskich i penetracyjnych dla wielu firm z listy „Fortune 100”. Mieszka w Holandii.

722
Loading...
EBOOK

Testy penetracyjne nowoczesnych serwisów. Kompendium inżynierów bezpieczeństwa

Prakhar Prasad

Testy penetracyjne nowoczesnych serwisów. Kompendium inżynierów bezpieczeństwa Sieć stała się niebezpiecznym miejscem. Między grasującymi złoczyńcami a inżynierami bezpieczeństwa aplikacji trwa ciągły wyścig zbrojeń. Mimo to oczywiste jest, że uzyskanie stuprocentowego bezpieczeństwa jest niemożliwe. Jedną z technik zabezpieczania aplikacji są testy penetracyjne, które polegają na atakowaniu systemu różnymi metodami, aby odnaleźć jego słabe punkty i pokazać, jak można się do niego włamać. Niniejsza książka stanowi wyczerpujące źródło wiedzy dla testerów przeprowadzających analizę aplikacji internetowej. Opisano tu zarówno najnowsze, jak i klasyczne techniki łamania zabezpieczeń — bardzo często starsze metody rozwijają się w różnych kierunkach i nie należy o nich zapominać. Między innymi przedstawiono informacje o atakach XML, w tym XXE, oraz metody wykorzystywania słabych stron OAuth 2.0. Omówiono również XSS, CSRF, Metasploit i wstrzykiwanie SQL. Nie zabrakło również opisu rzeczywistych przypadków testowania aplikacji. Nowe lub mniej popularne techniki ataku na strony WWW takie jak wstrzykiwanie obiektów PHP lub wykorzystanie danych XML. Sposób pracy z narzędziami do przeprowadzania testów bezpieczeństwa, aby w ten sposób zautomatyzować żmudne zadania. Różne rodzaje nagłówków HTTP wspomagających zapewnienie wysokiego poziomu bezpieczeństwa aplikacji. Wykorzystywanie i wykrywanie różnego rodzaju podatności XSS. Ochronę aplikacji dzięki technikom filtracji. Stare techniki ataku takie jak XSS, CSRF i wstrzykiwanie SQL, ale w nowej osłonie. Techniki ataku takie jak XXE i DoS wykorzystujące pliki XML. Sposoby testowania API typu REST w celu znalezienia różnego rodzaju podatności i wycieków danych. Testy penetracyjne — klucz do bezpieczeństwa Twojej aplikacji! Prakhar Prasad mieszka w Indiach. Jest ekspertem w dziedzinie bezpieczeństwa aplikacji specjalizującym się w testach penetracyjnych. W 2014 roku został sklasyfikowany na dziesiątej pozycji w światowym rankingu HackerOne. Zdobył kilka nagród za znalezienie luk bezpieczeństwa w takich serwisach, jak Google, Facebook, Twitter, PayPal czy Slack. Posiada certyfikaty z OSCP. Przeprowadza testy bezpieczeństwa dla różnych organizacji rządowych, pozarządowych i edukacyjnych.

723
Loading...
EBOOK

Testy penetracyjne środowiska Active Directory i infrastruktury opartej na systemie Windows

Denis Isakov

Cyberprzestępczość to obecnie wielki biznes i wielka polityka. Zaangażowane podmioty nieustannie dążą do doskonalenia technik ataków. Cyberprzestępcy dysponują własną metodologią, narzędziami i wykwalifikowanym personelem. Aby obronić się przed nimi, musisz zrozumieć, w jaki sposób atakują, a potem dobrze poznać ich taktyki i techniki. W trakcie lektury tej książki przygotujesz własne laboratorium, a następnie przeanalizujesz każdy etap zabójczego łańcucha ataków i zastosujesz nową wiedzę w praktyce. Dowiesz się, jak ominąć wbudowane mechanizmy bezpieczeństwa, między innymi AMSI, AppLocker i Sysmon, przeprowadzać działania rozpoznawcze i wykrywające w środowisku domeny, a także zbierać dane uwierzytelniające w całej domenie. Przeczytasz również, jak poruszać się ruchem bocznym, aby wtopić się w ruch środowiska i pozostać niewykrytym przez radary obrońców, a ponadto jak eskalować uprawnienia wewnątrz domeny i w całym lesie domen czy osiągać stan przetrwania na poziomie domeny i w kontrolerze domeny. W efekcie nauczysz się przeprowadzać ocenę bezpieczeństwa różnych produktów i usług Microsoftu, takich jak Exchange Server, SQL Server i SCCM. Ciekawsze zagadnienia: techniki atakowania usług: Active Directory, Exchange Server, WSUS, SCCM, AD CS i SQL Server skuteczne unikanie wykrycia w środowisku ofensywne bezpieczeństwo operacyjne (OpSec) sposoby naprawy błędnych konfiguracji przygotowanie rzeczywistych scenariuszy Testuj granice odporności swojej infrastruktury!

724
Loading...
EBOOK

The Agile Developer's Handbook. Get more value from your software development: get the best out of the Agile methodology

Paul Flewelling

This book will help you overcome the common challenges you’ll face when transforming your working practices from waterfall to Agile. Each chapter builds on the last, starting with easy-to-grasp ways to get going with Agile. Next you’ll see how to choose the right Agile framework for your organization. Moving on, you’ll implement systematic product delivery and measure and report progress with visualization. Then you’ll learn how to create high performing teams, develop people in Agile, manage in Agile, and perform distributed Agile and collaborative governance.At the end of the book, you’ll discover how Agile will help your company progressively deliver software to customers, increase customer satisfaction, and improve the level of efficiency in software development teams.

725
Loading...
EBOOK

The Art of Cyber Security. A practical guide to winning the war on cyber crime

IT Governance Publishing, Gary Hibberd

This book redefines cyber security through the lens of creativity and classical strategy. It begins by exploring the mindset of the cyber defender as both artist and martial artist, highlighting the importance of intuition, flow, and individual perspective. It challenges rigid educational models and argues for a more adaptive, expressive approach to security thinking.Building on this foundation, the second part interprets Sun Tzu’s The Art of War in a cyber context. Each chapter reframes traditional military concepts—deception, preparation, leadership, and adaptability—through the realities of digital threats. The text emphasizes how timeless strategies apply to the modern information battlefield.By blending philosophy, history, and practical insight, the book offers a unique take on digital defense. It invites readers to reflect on their approach, question assumptions, and embrace both logic and creativity. This is not just a guide to threats and tactics, but a call to rethink what it means to be a cyber security professional today.

726
Loading...
EBOOK

The Aspiring CIO and CISO. A career guide to developing leadership skills, knowledge, experience, and behavior

David J. Gee, Darryl West

Explore the intricacies of CIO and CISO roles with The Aspiring CIO and CISO by David Gee. This book leverages Gee's 20+ years of digital and cyber leadership experience, providing real-world insights, making it a valuable resource for those navigating the evolving landscape of the C-suite.Tailored to entry-level, mid-level, and senior managers looking to advance to the C-suite, this book serves a unique purpose in the realm of career guidance. The narrative speaks directly to individuals uncertain about their readiness for CIO or CISO roles, offering a personal mentorship experience that goes beyond technicalities. Armed with insights into crafting a powerful 90-day plan, you'll be well-equipped to catapult into CIO or CISO roles successfully. Beyond technical proficiency, the book instills survival skills, ensuring longevity and helping you prevent burnout in these pivotal positions. Additionally, by mastering the art of brand development and soft skills, you'll grasp the interpersonal dynamics crucial for executive leadership. This book is an indispensable guide for ambitious professionals, offering foresight and empowerment to thrive in the digital age.By the end of this book, you'll emerge with strategic dexterity, confidently steering your career trajectory towards the C-suite.

727
Loading...
EBOOK

The Azure Cloud Native Architecture Mapbook. Design and build Azure architectures for infrastructure, applications, data, AI, and security - Second Edition

Stéphane Eyskens, Scott Hanselman

Designing effective cloud-native architectures on Azure often feels overwhelming—especially when trying to translate complex requirements into reliable solutions. This book solves that problem by giving you a structured, visual guide to building modern systems that are scalable, secure, and production-ready.You'll discover how to plan, design, and communicate Azure-based architectures using practical reference diagrams mapped to real-world use cases. Organized by domains including infrastructure, applications, data, container orchestrators, AI, and security, each chapter walks you through the key services, patterns, and decisions that underpin successful solutions.Throughout the book, you'll find over 40 detailed architecture maps, created and curated by a seasoned Microsoft cloud solution architect. These maps illustrate how to align Azure services with business goals, manage hybrid and multi-cloud complexity, and incorporate best practices for governance, resilience, and cost optimization.This book gives you more than just diagrams; it offers the confidence to design cloud solutions that scale and perform. Whether you're modernizing a legacy stack or building greenfield applications, the Azure Cloud Native Architecture Mapbook is your trusted design companion from concept to delivery.

728
Loading...
EBOOK

The California Privacy Rights Act (CPRA). An implementation and compliance guide

IT Governance Publishing, Preston Bukaty

This comprehensive guide to the California Privacy Rights Act (CPRA) explores its impact on businesses and consumers within California. The book begins with a clear explanation of CPRA’s territorial and material jurisdiction, providing readers with an understanding of where and how the law applies. It delves into key definitions critical for businesses and individuals alike, covering terms such as personal information, pseudonymization, and consumer rights. One of the focal points of the book is the examination of the rights granted to consumers, including the right to access, delete, and opt-out of data sales. Alongside this, it addresses the business obligations, such as the need for privacy notices and compliance with security requirements. The book also offers an analysis of penalties for non-compliance and breach notification procedures, making it an essential resource for understanding the legal landscape of consumer privacy in California. It concludes with an overview of related laws that further influence how businesses must manage customer data.

729
Loading...
EBOOK

The Complete Guide to Defense in Depth. Learn to identify, mitigate, and prevent cyber threats with a dynamic, layered defense approach

Akash Mukherjee, Jason D. Clinton

In an era of relentless cyber threats, organizations face daunting challenges in fortifying their defenses against increasingly sophisticated attacks. The Complete Guide to Defense in Depth offers a comprehensive roadmap to navigating the complex landscape, empowering you to master the art of layered security.This book starts by laying the groundwork, delving into risk navigation, asset classification, and threat identification, helping you establish a robust framework for layered security. It gradually transforms you into an adept strategist, providing insights into the attacker's mindset, revealing vulnerabilities from an adversarial perspective, and guiding the creation of a proactive defense strategy through meticulous mapping of attack vectors. Toward the end, the book addresses the ever-evolving threat landscape, exploring emerging dangers and emphasizing the crucial human factor in security awareness and training. This book also illustrates how Defense in Depth serves as a dynamic, adaptable approach to cybersecurity.By the end of this book, you’ll have gained a profound understanding of the significance of multi-layered defense strategies, explored frameworks for building robust security programs, and developed the ability to navigate the evolving threat landscape with resilience and agility.

730
Loading...
EBOOK

The Complete Metasploit Guide. Explore effective penetration testing techniques with Metasploit

Sagar Rahalkar, Nipun Jaswal

Most businesses today are driven by their IT infrastructure, and the tiniest crack in this IT network can bring down the entire business. Metasploit is a pentesting network that can validate your system by performing elaborate penetration tests using the Metasploit Framework to secure your infrastructure.This Learning Path introduces you to the basic functionalities and applications of Metasploit. Throughout this book, you’ll learn different techniques for programming Metasploit modules to validate services such as databases, fingerprinting, and scanning. You’ll get to grips with post exploitation and write quick scripts to gather information from exploited systems. As you progress, you’ll delve into real-world scenarios where performing penetration tests are a challenge. With the help of these case studies, you’ll explore client-side attacks using Metasploit and a variety of scripts built on the Metasploit Framework.By the end of this Learning Path, you’ll have the skills required to identify system vulnerabilities by using thorough testing.This Learning Path includes content from the following Packt products:Metasploit for Beginners by Sagar RahalkarMastering Metasploit - Third Edition by Nipun Jaswal

731
Loading...
EBOOK

The Cyber Resilience Handbook. Achieve Full Cyber Resilience with ISO 27001 and ISO 22301

IT Governance Publishing, Andrew Pattison

This book begins by introducing cyber resilience and its significance in today’s business landscape. It explains how resilience goes beyond traditional cybersecurity, incorporating elements like governance, protection, detection, and recovery to ensure organizational stability in the face of cyber threats. The first chapter outlines the core concepts, including the integration of legal and assurance frameworks.The second section focuses on achieving cyber resilience with ISO 27001 and ISO 22301. These globally recognized standards offer a structured methodology for building a resilient infrastructure. The author explains how to implement these frameworks effectively, ensuring businesses can address cybersecurity challenges and maintain continuity in operations. This section also covers integrating ISO 27001 with other systems to optimize resilience.The final section provides practical strategies for implementing cyber resilience, including project initiation, leadership, risk assessments, and performance evaluation. It also discusses certification processes and maintaining resilience over time, including through third-party vendors. The book concludes with guidance on creating a culture of security and continuous improvement within organizations.

732
Loading...
EBOOK

The Cyber Security Handbook. Prepare, respond, and recover from cyber attacks using the IT Governance Cyber Resilience Framework

IT Governance Publishing, Alan Calder

This book offers a deep dive into cybersecurity, equipping professionals with tools and frameworks to protect organizations from diverse cyber threats. It covers critical areas such as information security, cyber resilience, and the regulatory and contractual requirements organizations must meet. The book delves into threat anatomy, analyzing technical, human, physical, and third-party vulnerabilities, and includes real-world case studies like the TalkTalk breach and WannaCry ransomware attack.It also emphasizes third-party risk management to ensure robust security practices across all areas. The book introduces the IT Governance Cyber Resilience Framework (CRF), a structured method for managing critical systems, guiding readers through the processes of identification, detection, response, recovery, and continual improvement. Practical strategies in areas like asset management, network security, and staff training are included.The final section offers actionable steps for implementing cybersecurity practices and introduces reference frameworks like NIST and ISO 27001 for compliance and ongoing improvement. With real-world examples and actionable frameworks, this guide is essential for professionals aiming to enhance their organization's cyber resilience.

733
Loading...
EBOOK

The Cybersecurity Playbook for Modern Enterprises. An end-to-end guide to preventing data breaches and cyber attacks

Jeremy Wittkop

Security is everyone's responsibility and for any organization, the focus should be to educate their employees about the different types of security attacks and how to ensure that security is not compromised.This cybersecurity book starts by defining the modern security and regulatory landscape, helping you understand the challenges related to human behavior and how attacks take place. You'll then see how to build effective cybersecurity awareness and modern information security programs. Once you've learned about the challenges in securing a modern enterprise, the book will take you through solutions or alternative approaches to overcome those issues and explain the importance of technologies such as cloud access security brokers, identity and access management solutions, and endpoint security platforms. As you advance, you'll discover how automation plays an important role in solving some key challenges and controlling long-term costs while building a maturing program. Toward the end, you'll also find tips and tricks to keep yourself and your loved ones safe from an increasingly dangerous digital world.By the end of this book, you'll have gained a holistic understanding of cybersecurity and how it evolves to meet the challenges of today and tomorrow.

734
Loading...
EBOOK

The DevOps 2.1 Toolkit: Docker Swarm. The next level of building reliable and scalable software unleashed

Viktor Farcic

Viktor Farcic's latest book, The DevOps 2.1 Toolkit: Docker Swarm, takes you deeper into one of the major subjects of his international best seller, The DevOps 2.0 Toolkit, and shows you how to successfully integrate Docker Swarm into your DevOps toolset.Viktor shares with you his expert knowledge in all aspects of building, testing, deploying, and monitoring services inside Docker Swarm clusters. You'll go through all the tools required for running a cluster. You'll travel through the whole process with clusters running locally on a laptop. Once you're confident with that outcome, Viktor shows you how to translate your experience to different hosting providers like AWS, Azure, and DigitalOcean. Viktor has updated his DevOps 2.0 framework in this book to use the latest and greatest features and techniques introduced in Docker. We'll go through many practices and even more tools. While there will be a lot of theory, this is a hands-on book. You won't be able to complete it by reading it on the metro on your way to work. You'll have to read this book while in front of the computer and get your hands dirty.

735
Loading...
EBOOK

The DevOps 2.2 Toolkit. Self-Sufficient Docker Clusters

Viktor Farcic

Building on The DevOps 2.0 Toolkit and The DevOps 2.1 Toolkit: Docker Swarm, Viktor Farcic brings his latest exploration of the Docker technology as he records his journey to explore two new programs, self-adaptive and self-healing systems within Docker. The DevOps 2.2 Toolkit: Self-Sufficient Docker Clusters is the latest book in Viktor Farcic’s series that helps you build a full DevOps Toolkit. This book in the series looks at Docker, the tool designed to make it easier in the creation and running of applications using containers. In this latest entry, Viktor combines theory with a hands-on approach to guide you through the process of creating self-adaptive and self-healing systems. Within this book, Viktor will cover a wide-range of emerging topics, including what exactly self-adaptive and self-healing systems are, how to choose a solution for metrics storage and query, the creation of cluster-wide alerts and what a successful self-sufficient system blueprint looks like. Work with Viktor and dive into the creation of self-adaptive and self-healing systems within Docker.

736
Loading...
EBOOK

The DevOps 2.3 Toolkit. Kubernetes: Deploying and managing highly-available and fault-tolerant applications at scale

Viktor Farcic

Building on The DevOps 2.0 Toolkit, The DevOps 2.1 Toolkit: Docker Swarm, and The DevOps 2.2 Toolkit: Self-Sufficient Docker Clusters, Viktor Farcic brings his latest exploration of the DevOps Toolkit as he takes you on a journey to explore the features of Kubernetes.The DevOps 2.3 Toolkit: Kubernetes is a book in the series that helps you build a full DevOps Toolkit. This book in the series looks at Kubernetes, the tool designed to, among other roles, make it easier in the creation and deployment of highly available and fault-tolerant applications at scale, with zero downtime.Within this book, Viktor will cover a wide range of emerging topics, including what exactly Kubernetes is, how to use both first and third-party add-ons for projects, and how to get the skills to be able to call yourself a “Kubernetes ninja.” Work with Viktor and dive into the creation and exploration of Kubernetes with a series of hands-on guides.

737
Loading...
EBOOK

The Essential Guide to Web3. Develop, deploy, and manage distributed applications on the Ethereum network

Vijay Krishnan

Web3, the new blockchain-based web, is often hailed as the future of the internet. Driven by technologies such as cryptocurrencies, NFTs, DAOs, decentralized finance, and more, Web3’s aim is to give individuals more control over the web communities they belong to. Whether you’re a beginner or an experienced developer, this book will help you master the intricacies of Web3 and its revolutionary technologies.Beginning with a concise introduction to blockchain and the Ethereum ecosystem, this book quickly immerses you in real-world blockchain applications. You’ll work on carefully crafted hands-on exercises that are designed for beginners as well as users with prior exposure. The chapters show you how to build and deploy smart contracts, while mastering security controls and discovering best practices for writing secure code. As you progress, you’ll explore tokenization and gain proficiency in minting both fungible and non-fungible tokens (NFTs) with the help of step-by-step instructions. The concluding chapters cover advanced topics, including oracles, Layer 2 (L2) networks, rollups, zero knowledge proofs, and decentralized autonomous organizations (DAOs).By the end of this Web3 book, you’ll be well-versed in the Web3 ecosystem and have the skills to build powerful and secure decentralized applications.

738
Loading...
EBOOK

The Foundations of Threat Hunting. Organize and design effective cyber threat hunts to meet business needs

Chad Maurice, Jeremiah Ginn, William Copeland

Threat hunting is a concept that takes traditional cyber defense and spins it onto its head. It moves the bar for network defenses beyond looking at the known threats and allows a team to pursue adversaries that are attacking in novel ways that have not previously been seen. To successfully track down and remove these advanced attackers, a solid understanding of the foundational concepts and requirements of the threat hunting framework is needed. Moreover, to confidently employ threat hunting in a business landscape, the same team will need to be able to customize that framework to fit a customer’s particular use case.This book breaks down the fundamental pieces of a threat hunting team, the stages of a hunt, and the process that needs to be followed through planning, execution, and recovery. It will take you through the process of threat hunting, starting from understanding cybersecurity basics through to the in-depth requirements of building a mature hunting capability. This is provided through written instructions as well as multiple story-driven scenarios that show the correct (and incorrect) way to effectively conduct a threat hunt.By the end of this cyber threat hunting book, you’ll be able to identify the processes of handicapping an immature cyber threat hunt team and systematically progress the hunting capabilities to maturity.

739
Loading...
EBOOK

The Modern C# Challenge. Become an expert C# programmer by solving interesting programming problems

Rod Stephens

C# is a multi-paradigm programming language. The Modern C# Challenge covers with aspects of the .NET Framework such as the Task Parallel Library (TPL) and CryptoAPI. It also encourages you to explore important programming trade-offs such as time versus space or simplicity. There may be many ways to solve a problem and there is often no single right way, but some solutions are definitely better than others. This book has combined these solutions to help you solve real-world problems with C#.In addition to describing programming trade-offs, The Modern C# Challenge will help you build a useful toolkit of techniques such as value caching, statistical analysis, and geometric algorithms.By the end of this book, you will have walked through challenges in C# and explored the .NET Framework in order to develop program logic for real-world applications.

740
Loading...
EBOOK

The OSINT Handbook. A practical guide to gathering and analyzing online information

Dale Meredith, Greg Shields

The OSINT Handbook offers practical guidance and insights to enhance your OSINT capabilities and counter the surge in online threats that this powerful toolset was built to tackle. Starting with an introduction to the concept of OSINT, this book will take you through all the applications, as well as the legal and ethical considerations associated with OSINT research. You'll conquer essential techniques for gathering and analyzing information using search engines, social media platforms, and other web-based resources. As you advance, you’ll get to grips with anonymity and techniques for secure browsing, managing digital footprints, and creating online personas. You'll also gain hands-on experience with popular OSINT tools such as Recon-ng, Maltego, Shodan, and Aircrack-ng, and leverage OSINT to mitigate cyber risks with expert strategies that enhance threat intelligence efforts. Real-world case studies will illustrate the role of OSINT in anticipating, preventing, and responding to cyber threats. By the end of this book, you'll be equipped with both the knowledge and tools to confidently navigate the digital landscape and unlock the power of information using OSINT.*Email sign-up and proof of purchase required

741
Loading...
EBOOK

The Psychology of Information Security. Resolving conflicts between security compliance and human behaviour

IT Governance Publishing, Leron Zinatullin

In today’s cybersecurity landscape, the human factor is crucial in information security. This book explores how human behavior often conflicts with security policies. The first part introduces key concepts in security and risk management, focusing on psychological factors like risk perception, trust, and decision-making.As the book progresses, it offers practical strategies to overcome these psychological barriers, such as improving communication, fostering trust, and aligning security policies with human behavior. Later chapters focus on creating a security culture where collaboration between security professionals, employees, and leaders is essential for success.The journey encourages readers to view security as a human-centered issue, not just a technical one. By integrating psychological theory with practical insights, the book helps security professionals address complex challenges and build a more secure and cooperative organization, enabling them to align security efforts with human behavior effectively.

742
Loading...
EBOOK

The Ransomware Threat Landscape. Prepare for, recognise and survive ransomware attacks

IT Governance Publishing, Alan Calder

The Ransomware Threat Landscape offers an in-depth examination of ransomware, explaining how it works, its modes of access, and the consequences of attacks. The book begins by detailing the mechanisms of ransomware, how cybercriminals exploit vulnerabilities, and the damage it causes to organizations. It further explores the types of ransomware, their infection methods, and how attackers use ransomware for financial gain.The guide provides practical, actionable advice on basic and advanced cybersecurity measures to protect against ransomware. Topics like cybersecurity hygiene, staff awareness, and the importance of creating an anti-ransomware program are covered. The book emphasizes the role of a well-structured risk management framework and its application in preventing attacks and mitigating fallout from infections.For organizations of all sizes, the book offers tailored controls to strengthen defenses. It also explains the steps needed for a comprehensive recovery plan. Advanced prevention strategies for larger enterprises are discussed, making this guide suitable for IT professionals, security experts, and organizational leaders aiming to protect their systems from ransomware threats.

743
Loading...
EBOOK

The Security Consultant's Handbook. Essential Strategies for Building and Managing a Security Consulting Business

IT Governance Publishing, Richard Bingley

Becoming a successful security consultant requires a unique set of skills that span both the business and security worlds. This handbook serves as a practical guide to help professionals navigate the complex landscape of security consulting. It covers everything from the entrepreneurial aspects of starting a business to the essential security disciplines like private investigations, information security, and protective security. You’ll also explore the growing importance of resilience in both personal and organizational contexts.The book also delves into the crucial elements of security legislation and regulation, offering a thorough understanding of the legal frameworks that affect security professionals. From UK human rights laws to international laws related to corporate management and conflict, readers will gain the knowledge necessary to operate securely and legally in a variety of environments. Whether you are just starting out or looking to refine your security consulting expertise, this handbook provides the insights needed to thrive in the ever-evolving security industry. It’s a must-read for anyone seeking to build a reputation as a trusted expert in the security consulting field.

744
Loading...
EBOOK

The Supervised Learning Workshop. Predict outcomes from data by building your own powerful predictive models with machine learning in Python - Second Edition

Blaine Bateman, Ashish Ranjan Jha, Benjamin Johnston,...

Would you like to understand how and why machine learning techniques and data analytics are spearheading enterprises globally? From analyzing bioinformatics to predicting climate change, machine learning plays an increasingly pivotal role in our society.Although the real-world applications may seem complex, this book simplifies supervised learning for beginners with a step-by-step interactive approach. Working with real-time datasets, you’ll learn how supervised learning, when used with Python, can produce efficient predictive models.Starting with the fundamentals of supervised learning, you’ll quickly move to understand how to automate manual tasks and the process of assessing date using Jupyter and Python libraries like pandas. Next, you’ll use data exploration and visualization techniques to develop powerful supervised learning models, before understanding how to distinguish variables and represent their relationships using scatter plots, heatmaps, and box plots. After using regression and classification models on real-time datasets to predict future outcomes, you’ll grasp advanced ensemble techniques such as boosting and random forests. Finally, you’ll learn the importance of model evaluation in supervised learning and study metrics to evaluate regression and classification tasks.By the end of this book, you’ll have the skills you need to work on your real-life supervised learning Python projects.