Fully updated computer security essentials—mapped to the CompTIA Security+ SY0-601 exam Save 10% on any CompTIA exam voucher! Coupon code inside. Learn IT security fundamentals while getting complete coverage of the objectives for the latest release of CompTIA Security+ certification exam SY0-601. This thoroughly revised, full-color textbook covers how to secure hardware, systems, and software. It addresses new threats and cloud environments, and provides additional coverage of governance, risk, compliance, and much more. Written by a team of highly respected security educators, Principles of Computer Security: CompTIA Security+™ and Beyond, Sixth Edition (Exam SY0-601) will help you become a CompTIA-certified computer security expert while also preparing you for a successful career. Find out how to: Ensure operational, organizational, and physical security Use cryptography and public key infrastructures (PKIs) Secure remote access, wireless networks, and virtual private networks (VPNs) Authenticate users and lock down mobile devices Harden network devices, operating systems, and applications Prevent network attacks, such as denial of service, spoofing, hijacking, and password guessing Combat viruses, worms, Trojan horses, and rootkits Manage e-mail, instant messaging, and web security Explore secure software development requirements Implement disaster recovery and business continuity measures Handle computer forensics and incident response Understand legal, ethical, and privacy issues Online content features: Test engine that provides full-length practice exams and customized quizzes by chapter or exam objective Each chapter includes: Learning objectives Real-world examples Try This! and Cross Check exercises Tech Tips, Notes, and Warnings Exam Tips End-of-chapter quizzes and lab projects Note: the answers to the end of chapter sections are not printed in the book and are only available to adopting instructors. See your McGraw Hill sales representative for more information.

Table of Contents:
Foreword Preface Introduction Instructor Website Chapter 1 Introduction and Security Trends    The Computer Security Problem    Threats to Security    Attributes of Actors    Security Trends    Targets and Attacks    Approaches to Computer Security    Ethics    Additional References    Chapter 1 Review Chapter 2 General Security Concepts    Basic Security Terminology    Formal Security Models    Additional References    Chapter 2 Review Chapter 3 Operational and Organizational Security    Policies, Procedures, Standards, and Guidelines    Organizational Policies    Security Policies    Human Resources Policies    Security Awareness and Training    Standard Operating Procedures    Third-Party Risk Management    Interoperability Agreements    Chapter 3 Review Chapter 4 The Role of People in Security    People—A Security Problem    Tools    Attacks    Poor Security Practices    People as a Security Tool    Chapter 4 Review Chapter 5 Cryptography    Cryptography in Practice    Cryptographic Objectives    Historical Perspectives    Hashing Functions    Symmetric Encryption    Asymmetric Encryption    Quantum Cryptography    Post-Quantum    Lightweight Cryptography    Homomorphic Encryption    For More Information    Chapter 5 Review Chapter 6 Applied Cryptography    Cryptography Use    Cipher Suites    S/MIME    PGP    Steganography    Secure Protocols    Secure Protocol Use Cases    Cryptographic Attacks    Other Standards    Chapter 6 Review Chapter 7 Public Key Infrastructure    The Basics of Public Key Infrastructures    Certificate Authorities    Trust Models    Digital Certificates    Certificate Lifecycles    Certificate Repositories    Centralized and Decentralized Infrastructures    Certificate-Based Threats    PKIX and PKCS    ISAKMP    CMP    XKMS    CEP    Chapter 7 Review Chapter 8 Physical Security    The Security Problem    Physical Security Safeguards    Environmental Controls    Fire Suppression    Electromagnetic Environment    Power Protection    Drones/UAVs    Chapter 8 Review Chapter 9 Network Fundamentals    Network Architectures    Network Topology    Segregation/Segmentation/Isolation    Security Zones    Network Protocols    Internet Protocol    IPv4 vs. IPv6    Packet Delivery    Inter-Networking    MPLS    Software-Defined Networking (SDN)    Quality of Service (QoS)    Traffic Engineering    Route Security    For More Information    Chapter 9 Review Chapter 10 Infrastructure Security    Devices    Virtualization    Networking    Security Devices    Security Device/Technology Placement    Tunneling/VPN    Storage Area Networks    Media    Removable Media    Security Concerns for Transmission Media    Physical Security Concerns    Chapter 10 Review Chapter 11 Authentication and Remote Access    User, Group, and Role Management    Account Policies    Authorization    Identity    Authentication Methods    Biometric Factors    Biometric Efficacy Rates    Multifactor Authentication    Remote Access    Preventing Data Loss or Theft    Database Security    Cloud vs. On-premises Requirements    Connection Summary    For More Information    Chapter 11 Review Chapter 12 Wireless Security and Mobile Devices    Connection Methods and Receivers    Wireless Protocols    Wireless Systems Configuration    Wireless Attacks    Mobile Device Management Concepts    Mobile Application Security    Mobile Devices    Policies for Enforcement and Monitoring    Deployment Models    Chapter 12 Review Chapter 13 Intrusion Detection Systems and Network Security    History of Intrusion Detection Systems    IDS Overview    Network-Based IDSs    Host-Based IDSs    Intrusion Prevention Systems    Network Security Monitoring    Deception and Disruption Technologies    Analytics    SIEM    DLP    Tools    Indicators of Compromise    For More Information    Chapter 13 Review Chapter 14 System Hardening and Baselines    Overview of Baselines    Hardware/Firmware Security    Operating System and Network Operating System Hardening    Secure Baseline    Endpoint Protection    Network Hardening    Application Hardening    Data-Based Security Controls    Environment    Automation/Scripting    Alternative Environments    Industry-Standard Frameworks and Reference Architectures    Benchmarks/Secure Configuration Guides    For More Information    Chapter 14 Review Chapter 15 Types of Attacks and Malicious Software    Avenues of Attack    Malicious Code    Malware    Attacking Computer Systems and Networks    Advanced Persistent Threat    Password Attacks    Chapter 15 Review Chapter 16 Security Tools and Techniques    Network Reconnaissance and Discovery Tools    File Manipulation Tools    Shell and Script Environments    Packet Capture and Replay Tools    Forensic Tools    Tool Suites    Penetration Testing    Vulnerability Testing    Auditing    Vulnerabilities    Chapter 16 Review Chapter 17 Web Components, E-mail, and Instant Messaging    Current Web Components and Concerns    Web Protocols    Code-Based Vulnerabilities    Application-Based Weaknesses    How E-mail Works    Security of E-mail    Mail Gateway    Mail Encryption    Instant Messaging    Chapter 17 Review Chapter 18 Cloud Computing    Cloud Computing    Cloud Types    Cloud Service Providers    Cloud Security Controls    Security as a Service    Cloud Security Solutions    Virtualization    VDI/VDE    Fog Computing    Edge Computing    Thin Client    Containers    Microservices/API    Serverless Architecture    Chapter 18 Review Chapter 19 Secure Software Development    The Software Engineering Process    Secure Coding Concepts    Application Attacks    Application Hardening    Code Quality and Testing    Compiled Code vs. Runtime Code    Software Diversity    Secure DevOps    Elasticity    Scalability    Version Control and Change Management    Provisioning and Deprovisioning    Integrity Measurement    For More Information    Chapter 19 Review Chapter 20 Risk Management    An Overview of Risk Management    Risk Management Vocabulary    What Is Risk Management?    Security Controls    Business Risks    Third-party Risks    Risk Mitigation Strategies    Risk Management Models    Risk Assessment    Qualitatively Assessing Risk    Quantitatively Assessing Risk    Qualitative vs. Quantitative Risk Assessment    Tools    Risk Management Best Practices    Additional References    Chapter 20 Review Chapter 21 Business Continuity, Disaster Recovery, and Change Management    Business Continuity    Continuity of Operations Planning (COOP)    Disaster Recovery    Why Change Management?    The Key Concept: Separation of Duties    Elements of Change Management    Implementing Change Management    The Purpose of a Change Control Board    The Capability Maturity Model Integration    Environment    Secure Baseline    Sandboxing    Integrity Measurement    Chapter 21 Review Chapter 22 Incident Response    Foundations of Incident Response    Attack Frameworks    Threat Intelligence    Incident Response Process    Exercises    Stakeholder Management    Communication Plan    Data Sources    Log Files    Data Collection Models    Standards and Best Practices    For More Information    Chapter 22 Review Chapter 23 Computer Forensics    Evidence    Chain of Custody    Forensic Process    Message Digest and Hash    Analysis    Host Forensics    Device Forensics    Network Forensics    Legal Hold    Chapter 23 Review Chapter 24 Legal Issues and Ethics    Cybercrime    Ethics    Chapter 24 Review Chapter 25 Privacy    Data Handling    Organizational Consequences of Privacy Breaches    Data Sensitivity Labeling and Handling    Data Roles    Data Destruction and Media Sanitization    U.S. Privacy Laws    International Privacy Laws    Privacy-Enhancing Technologies    Privacy Policies    Privacy Impact Assessment    Web Privacy Issues    Privacy in Practice    For More Information    Chapter 25 Review Appendix A CompTIA Security+ Exam Objectives: SY0-601 Appendix B About the Online Content    System Requirements    Your Total Seminars Training Hub Account    Single User License Terms and Conditions    TotalTester Online    Technical Support Glossary Index