Designing a HIPAA-Compliant Security Operations Center
Develop a comprehensive plan for building a HIPAA-compliant security operations center, designed to detect and respond to an increasing number of healthcare data breaches and events. Using risk analysis, assessment, and management data combined with knowledge of cybersecurity program maturity, this book gives you the tools you need to operationalize threat intelligence, vulnerability management, security monitoring, and incident response processes to effectively meet the challenges presented by healthcare's current threats.
Healthcare entities are bombarded with data. Threat intelligence feeds, news updates, and messages come rapidly and in many forms such as email, podcasts, and more. New vulnerabilities are found every day in applications, operating systems, and databases while older vulnerabilities remain exploitable. Add in the number of dashboards, alerts, and data points each information security tool provides and security teams find themsel ...
Web Application Security
While many resources for network and IT security are available, detailed knowledge regarding modern web application security has been lacking - until now. This practical guide provides both offensive and defensive security concepts that software engineers can easily learn and apply.
Andrew Hoffman, a senior security engineer at Salesforce, introduces three pillars of web application security: recon, offense, and defense. You'll learn methods for effectively researching and analyzing modern web applications - including those you don't have direct access to. You'll also learn how to break into web applications using the latest hacking techniques. Finally, you'll learn how to develop mitigations for use in your own web applications to protect against hackers.
Explore common vulnerabilities plaguing today's web applications; Learn essential hacking techniques attackers use to exploit applications; Map and document web applications for which you don't have ...
Advanced API Security, 2nd edition
Prepare for the next wave of challenges in enterprise security. Learn to better protect, monitor, and manage your public and private APIs.
Enterprise APIs have become the common way of exposing business functions to the outside world. Exposing functionality is convenient, but of course comes with a risk of exploitation. This book teaches you about TLS Token Binding, User Managed Access (UMA) 2.0, Cross Origin Resource Sharing (CORS), Incremental Authorization, Proof Key for Code Exchange (PKCE), and Token Exchange. Benefit from lessons learned from analyzing multiple attacks that have taken place by exploiting security vulnerabilities in various OAuth 2.0 implementations. Explore root causes, and improve your security practices to mitigate against similar future exploits.
Security must be an integral part of any development project. This book shares best practices in designing APIs for rock-solid security. API security has evolved since the first editi ...
Foundations of Information Security
A high-level survey of the information security field by best-selling author Jason Andress. The book covers the basics of a wide variety of topics, from authentication and authorization to maintaining confidentiality and performing penetration testing.
Using real-world security breaches as examples, Foundations of Information Security explores common applications of these concepts, such as operations security network design, hardening and patching operating systems, securing mobile devices, as well as tools for assessing the security of hosts and applications.
You'll also learn the basics of topics like: Multifactor authentication and how biometrics and hardware tokens can be used to harden the authentication process; The principles behind modern cryptography, including symmetric and asymmetric algorithms, hashes, and certificates; The laws and regulations that protect systems and data; Anti-malware tools, firewalls, and intrusion detection syst ...
Exam Ref MS-101 Microsoft 365 Mobility and Security
Prepare for Microsoft Exam MS-101 - and help demonstrate your real-world mastery of skills and knowledge needed to manage Microsoft 365 mobility, security and related administration tasks. Designed for experienced IT professionals, Exam Ref focuses on the critical thinking and decision-making acumen needed for success at the Microsoft Certified Expert level.
Focus on the expertise measured by these objectives: Implement modern device services; Implement Microsoft 365 security and threat management; Manage Microsoft 365 governance and compliance.
Exam MS-101 focuses on knowledge needed to implement Mobile Device Management (MDM); manage device compliance; plan for devices and apps; plan Windows 10 deployment; implement Cloud App Security (CAS), threat management, and Windows Defender Advanced Threat Protection (ATP); manage security reports and alerts; configure Data Loss Prevention (DLP); implement Azure Information Protection (AIP); and manage data g ...
Microsoft Azure Security Center, 2nd Edition
Reflecting updates through mid-2019, this book presents comprehensive Azure Security Center techniques for safeguarding cloud and hybrid environments. Leading Microsoft security and cloud experts Yuri Diogenes and Dr. Thomas Shinder help you apply Azure Security Center's robust protection, detection, and response capabilities in key operational scenarios. You'll walk through securing any Azure workload, and optimizing key facets of modern security from policies and identity to incident response and risk management. Brand-new coverage includes single-click remediation, IoT, improved container security Azure Sentinel, and more. Whatever your security role, you'll learn how to save hours, days, or even weeks by solving problems in the most efficient and reliable ways possible.
Two of Microsoft's leading cloud security experts show how to: Implement a comprehensive new security paradigm designed specifically for cloud and hybrid en ...
Most security professionals don't have the words security or hacker in their job title. Instead, as a developer or admin you often have to fit in security alongside your official responsibilities - building and maintaining computer systems. Implement the basics of good security now, and you'll have a solid foundation if you bring in a dedicated security staff later. Identify the weaknesses in your system, and defend against the attacks most likely to compromise your organization, without needing to become a trained security professional.
Computer security is a complex issue. But you don't have to be an expert in all the esoteric details to prevent many common attacks. Attackers are opportunistic and won't use a complex attack when a simple one will do. You can get a lot of benefit without too much complexity, by putting systems and processes in place that ensure you aren't making the obvious mistakes. Secure your systems better, with ...
Dynamic SQL, 2nd Edition
Take a deep dive into the many uses of dynamic SQL in Microsoft SQL Server. This edition has been updated to use the newest features in SQL Server 2016 and SQL Server 2017 as well as incorporating the changing landscape of analytics and database administration. Code examples have been updated with new system objects and functions to improve efficiency and maintainability.
Executing dynamic SQL is key to large-scale searching based on user-entered criteria. Dynamic SQL can generate lists of values and even code with minimal impact on performance. Dynamic SQL enables dynamic pivoting of data for business intelligence solutions as well as customizing of database objects. Yet dynamic SQL is feared by many due to concerns over SQL injection or code maintainability.
Dynamic SQL: Applications, Performance, and Security in Microsoft SQL Server helps you bring the productivity and user-satisfaction of flexible and responsive applications to your organization safely and securely. Y ...
Financial Cybersecurity Risk Management
Understand critical cybersecurity and risk perspectives, insights, and tools for the leaders of complex financial systems and markets. This book offers guidance for decision makers and helps establish a framework for communication between cyber leaders and front-line professionals. Information is provided to help in the analysis of cyber challenges and choosing between risk treatment options.
Financial cybersecurity is a complex, systemic risk challenge that includes technological and operational elements. The interconnectedness of financial systems and markets creates dynamic, high-risk environments where organizational security is greatly impacted by the level of security effectiveness of partners, counterparties, and other external organizations. The result is a high-risk environment with a growing need for cooperation between enterprises that are otherwise direct competitors. There is a new normal of continuous attack pressures that produce unpreceden ...
Microsoft System Center Data Protection Manager Cookbook
System Center Data Protection Manager (SCDPM) is a robust enterprise backup and recovery system that contributes to your BCDR strategy by facilitating the backup and recovery of enterprise data. With an increase in data recovery and protection problems faced in organizations, it has become important to keep data safe and recoverable. This book contains recipes that will help you upgrade to SCDPM and it covers the advanced features and functionality of SCDPM.
This book starts by helping you install SCDPM and then moves on to post-installation and management tasks. You will come across a lot of useful recipes that will help you recover your VMware and Hyper-V VMs. It will also walk you through tips for monitoring SCDPM in different scenarios. Next, the book will also offer insights into protecting windows workloads followed by best practices on SCDPM. You will also learn to back up your Azure Stack Infrastructure using Azure Backup. You will also learn about recovering data from backu ...
Practical Internet of Things Security, 2nd Edition
With the advent of the Internet of Things (IoT),businesses have to defend against new types of threat. The business ecosystem now includes the cloud computing infrastructure, mobile and fixed endpoints that open up new attack surfaces, a desire to share information with many stakeholders, and a need to take action quickly based on large quantities of collected data. It therefore becomes critical to ensure that cybersecurity threats are contained to a minimum when implementing new IoT services and solutions. The interconnectivity of people, devices, and companies raises the stakes to a new level; as computing becomes ever more mobile, everything becomes connected to the cloud,and its infrastructure is hard put to it to securely manage the billions of devices that will connect us all to the IoT.
This book shows you how to implement cybersecurity solutions, IoT design best practices, and risk mitigation methodologies to address device and infrastructure threats to IoT sol ...