CISA - Certified Information Systems Auditor Study Guide. Achieve CISA certification with practical examples and over 850 exam-oriented practice questions - Second Edition

Hemang Doshi

With the latest updates and revised study material, this second edition of the Certified Information Systems Auditor Study Guide provides an excellent starting point for your CISA certification preparation. The book strengthens your grip on the core concepts through a three-step approach. First, it presents the fundamentals with easy-to-understand theoretical explanations. Next, it provides a list of key aspects that are crucial from the CISA exam perspective, ensuring you focus on important pointers for the exam. Finally, the book makes you an expert in specific topics by engaging you with self-assessment questions designed to align with the exam format, challenging you to apply your knowledge and sharpen your understanding.Moreover, the book comes with lifetime access to supplementary resources on an online platform, including CISA flashcards, practice questions, and valuable exam tips. With unlimited access to the website, you’ll have the flexibility to practice as many times as you desire, maximizing your exam readiness.By the end of this book, you’ll have developed the proficiency to successfully obtain the CISA certification and significantly upgrade your auditing career.

Malware Analysis Techniques. Tricks for the triage of adversarial software

Dylan Barker

Malicious software poses a threat to every enterprise globally. Its growth is costing businesses millions of dollars due to currency theft as a result of ransomware and lost productivity. With this book, you'll learn how to quickly triage, identify, attribute, and remediate threats using proven analysis techniques. Malware Analysis Techniques begins with an overview of the nature of malware, the current threat landscape, and its impact on businesses. Once you've covered the basics of malware, you'll move on to discover more about the technical nature of malicious software, including static characteristics and dynamic attack methods within the MITRE ATT&CK framework. You'll also find out how to perform practical malware analysis by applying all that you've learned to attribute the malware to a specific threat and weaponize the adversary's indicators of compromise (IOCs) and methodology against them to prevent them from attacking. Finally, you'll get to grips with common tooling utilized by professional malware analysts and understand the basics of reverse engineering with the NSA's Ghidra platform. By the end of this malware analysis book, you’ll be able to perform in-depth static and dynamic analysis and automate key tasks for improved defense against attacks.

Causal Inference and Discovery in Python. Unlock the secrets of modern causal machine learning with DoWhy, EconML, PyTorch and more

Aleksander Molak, Ajit Jaokar

Causal methods present unique challenges compared to traditional machine learning and statistics. Learning causality can be challenging, but it offers distinct advantages that elude a purely statistical mindset. Causal Inference and Discovery in Python helps you unlock the potential of causality.You’ll start with basic motivations behind causal thinking and a comprehensive introduction to Pearlian causal concepts, such as structural causal models, interventions, counterfactuals, and more. Each concept is accompanied by a theoretical explanation and a set of practical exercises with Python code. Next, you’ll dive into the world of causal effect estimation, consistently progressing towards modern machine learning methods. Step-by-step, you’ll discover Python causal ecosystem and harness the power of cutting-edge algorithms. You’ll further explore the mechanics of how “causes leave traces” and compare the main families of causal discovery algorithms. The final chapter gives you a broad outlook into the future of causal AI where we examine challenges and opportunities and provide you with a comprehensive list of resources to learn more.By the end of this book, you will be able to build your own models for causal inference and discovery using statistical and machine learning techniques as well as perform basic project assessment.

QlikView Essentials. Want to solve your Business Intelligence headaches? Learn how QlikView can help, and discover a powerful yet accessible BI solution that lets you harness your data

Chandraish Sinha

This guide demonstrates just how easy it is to get started with QlikView and create your own BI application. Featuring an introduction to its core features before exploring how to load data and model it, you’ll soon become more confident that you can take full advantage of QlikView’s capabilities.. You will also learn how to use QVD files with QlikView – and how they offer a simpler way of handling data.After digging deeper into data handling, as you learn how to use mapping tables and create a master calendar, you’ll then find out how to get the most from QlikView’s visualization features – vital if you are to use your data insights effectively. From accessible and user friendly dashboards to strategies and best practices for subjecting data to further analysis, you can be confident that you’ll be prepared to get the most out of your data with QlikView.With details on how to finally secure your application and deploy it for a successful integration in your organization, QlikView Essentials underlines exactly why QlikView is becoming more and more popular for businesses that understand the value of data.

SQL Server 2014 Development Essentials. Design, implement, and deliver a successful database solution with Microsoft SQL Server 2014

Basit A. Masood-Al-Farooq

Attacking and Exploiting Modern Web Applications. Discover the mindset, techniques, and tools to perform modern web attacks and exploitation

Simone Onofri, Donato Onofri, Matteo Meucci

Web attacks and exploits pose an ongoing threat to the interconnected world. This comprehensive book explores the latest challenges in web application security, providing you with an in-depth understanding of hackers' methods and the practical knowledge and skills needed to effectively understand web attacks.The book starts by emphasizing the importance of mindset and toolset in conducting successful web attacks. You’ll then explore the methodologies and frameworks used in these attacks, and learn how to configure the environment using interception proxies, automate tasks with Bash and Python, and set up a research lab. As you advance through the book, you’ll discover how to attack the SAML authentication layer; attack front-facing web applications by learning WordPress and SQL injection, and exploit vulnerabilities in IoT devices, such as command injection, by going through three CTFs and learning about the discovery of seven CVEs. Each chapter analyzes confirmed cases of exploitation mapped with MITRE ATT&CK. You’ll also analyze attacks on Electron JavaScript-based applications, such as XSS and RCE, and the security challenges of auditing and exploiting Ethereum smart contracts written in Solidity. Finally, you’ll find out how to disclose vulnerabilities.By the end of this book, you’ll have enhanced your ability to find and exploit web vulnerabilities.

Supervised Machine Learning with Python. Develop rich Python coding practices while exploring supervised machine learning

Taylor Smith

Supervised machine learning is used in a wide range of sectors, such as finance, online advertising, and analytics, to train systems to make pricing predictions, campaign adjustments, customer recommendations, and much more by learning from the data that is used to train it and making decisions on its own. This makes it crucial to know how a machine 'learns' under the hood.This book will guide you through the implementation and nuances of many popular supervised machine learning algorithms, and help you understand how they work. You’ll embark on this journey with a quick overview of supervised learning and see how it differs from unsupervised learning. You’ll then explore parametric models, such as linear and logistic regression, non-parametric methods, such as decision trees, and a variety of clustering techniques that facilitate decision-making and predictions. As you advance, you'll work hands-on with recommender systems, which are widely used by online companies to increase user interaction and enrich shopping potential. Finally, you’ll wrap up with a brief foray into neural networks and transfer learning.By the end of this book, you’ll be equipped with hands-on techniques and will have gained the practical know-how you need to quickly and effectively apply algorithms to solve new problems.

Automating Security Detection Engineering. A hands-on guide to implementing Detection as Code

Dennis Chow, David Bruskin

Today's global enterprise security programs grapple with constantly evolving threats. Even though the industry has released abundant security tools, most of which are equipped with APIs for integrations, they lack a rapid detection development work stream. This book arms you with the skills you need to automate the development, testing, and monitoring of detection-based use cases.You’ll start with the technical architecture, exploring where automation is conducive throughout the detection use case lifecycle. With the help of hands-on labs, you’ll learn how to utilize threat-informed defense artifacts and then progress to creating advanced AI-powered CI/CD pipelines to bolster your Detection as Code practices. Along the way, you'll develop custom code for EDRs, WAFs, SIEMs, CSPMs, RASPs, and NIDS. The book will also guide you in developing KPIs for program monitoring and cover collaboration mechanisms to operate the team with DevSecOps principles. Finally, you'll be able to customize a Detection as Code program that fits your organization's needs.By the end of the book, you'll have gained the expertise to automate nearly the entire use case development lifecycle for any enterprise.