Table of Contents

INTRODUCTION.
1: Introduction to Security.
2: Malware and Social Engineering Attacks.
3: Application and Network Attacks.
4: Vulnerability Assessment and Mitigating Attacks.
5: Host, Application, and Data Security.
6: Network Security.
7: Administering a Secure Network.
8: Wireless Network Security.
9: Access Control Fundamentals.
10: Authentication and Account Management.
11: Basic Cryptography.
12: Advanced Cryptography.
13: Business Continuity.
14: Risk Mitigation.
APPENDIX A: CompTIA SY0-301 Certification Exam Objectives.
APPENDIX B: Downloads and Tools for Hands-On Projects.
APPENDIX C: Security Web Sites.
APPENDIX D: Selected TCP/IP Ports and Their Threats.
APPENDIX E: Sample Internet and E-Mail Acceptable Use Policies.
APPENDIX F: Information Security Community Site.
GLOSSARY.
INDEX.

About the Author

Dr. Mark Ciampa is a professor of information systems in the Gordon Ford College of Business at Western Kentucky University in Bowling Green, Kentucky. Prior to this current role, he served as an associate professor and the director of academic computing at Volunteer State Community College in Gallatin, Tennessee, for 20 years. Dr. Ciampa has worked in the IT industry as a computer consultant for businesses, government agencies and educational institutions. He has published more than 20 articles in peer-reviewed journals and has written more than 25 technology textbooks, including CompTIA CySA+ Guide to Cybersecurity Analyst, Security+ Guide to Network Security Fundamentals, Security Awareness: Applying Practical Security in Your World, CWNA Guide to Wireless LANS, and Guide to Wireless Communications. Dr. Ciampa holds a Ph.D. in technology management with a specialization in digital communication systems from Indiana State University and has certifications in security and healthcare.

Reviews

"An excellent introduction to different types of Malware. An excellent coverage of Social Engineering techniques. Chapter one gives an overview of Information Security and threats. The fact that author has included one of the most current security threat (Stuxnet) at the beginning of the chapter is excellent. This will get the attention of the learners."

"Clear and Concise coverage of a difficult and dynamic subject. Engaging for students, using examples and stories."

"Yes, this chapter introduces a wide array of technical terminology, in which the author does a fantastic job of breaking it down so that novice learners can comprehend it. Yes, the examples in this chapter are excellent in that they allow the reader to relate to the technical concepts in a comparative way. The Hands-on Projects for this chapter tie in well with the material presented. I believe that they provide students with several different ways to see how some of the attacks explained in the chapter are executed and how they can be prevented. I am now officially excited about the publication of this text, wish it was available for the Summer 2011 section that I am teaching using the 3rd edition."