Certified Information Security Manager from ISACA  Are you already working in network security, but want to give your career a big boost? Then turn yourself into a recognized security guru by becoming a Certified Information Security Manager (CISM). You'll put your security career into overdrive as you learn a common body of knowledge that's accepted by security pros worldwide.
CISM certification focuses on business and risk management issues. According to Certification Magazine, it is the leading information security certification. The CISM certification process combines an exam with real-life work credit and ongoing education. It tells upper management that you've got what it takes to be the high-level security manager they need.
As you listen to CBT Nuggets Trainer Michael Shannon, the entire CISM process will open up for you. Michael shows you how to prepare for the exam and how to get — or substitute for — the work experience you need (both before and after the test).

This highly anticipated book fully introduces the theory and practice of computer security. It is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference filled with valuable information for even the most seasoned practitioner. In this one extraordinary volume the author incorporates concepts from computer systems, networks, human factors, and cryptography. In doing so, he effectively demonstrates that computer security is an art as well as a science.

This book has three goals. The first is to show the importance of theory to practice and of practice to theory. All too often, practitioners regard theory as irrelevant and theoreticians think of practice as trivial. In reality, theory and practice are symbiotic. For example, the theory of covert channels, in which the goal is to limit the ability of processes to communicate through shared resources, provides a mechanism for evaluating the effectiveness of mechanisms that confine processes, such as sandboxes and firewalls. Similarly, business practices in the commercial world led to the development of several security policy models such as the Clark-Wilson model and the Chinese Wall model. These models in turn help the designers of security policies better understand and evaluate the mechanisms and procedures needed to secure their sites.

More and more Web sites are being rewritten as Ajax applications; even traditional desktop software is rapidly moving to the Web via Ajax. But, all too often, this transition is being made with reckless disregard for security. If Ajax applications aren’t designed and coded properly, they can be susceptible to far more dangerous security vulnerabilities than conventional Web or desktop software. Ajax developers desperately need guidance on securing their applications: knowledge that’s been virtually impossible to find, until now.

            Ajax Security systematically debunks today’s most dangerous myths about Ajax security, illustrating key points with detailed case studies of actual exploited Ajax vulnerabilities, ranging from MySpace’s Samy worm to MacWorld’s conference code validator. Even more important, it delivers specific, up-to-the-minute recommendations for securing Ajax applications in each major Web programming language and environment, including .NET, Java, PHP, and even Ruby on Rails.

Guice (pronounced “Juice”) is the Jolt Award winning, 100% Java icing on the cake of Java dependency injection. Unlike other popular DI frameworks such as Spring, Guice fully embraces modern Java language features and combines simplicity with stunning performance and developer–friendliness.

Google Guice: Agile Lightweight Dependency Injection Framework will not only tell you “how,” it will also tell you “why” and “why not,” so that all the knowledge you gain will be as widely applicable as possible. Filled with examples and background information, this book is an invaluable addition to your knowledge of modern agile Java.
* Learn simple annotation–driven dependency injection, scoping and AOP, and why it all works the way it works.
* Be the first to familiarize yourself with concepts that are likely to be included in a future Java EE or SE release (through JSR 299).
* Get things done without having to write any XML.

The objective of this book is to make the readers aware of the fundamentals of the area of security of wireless networks as well as the open problems. This will hopefully spur much more activity in this area in the upcoming years. This book provides a broad and comprehensive overview of the research that has been done to date on the security of wireless ad hoc networks and discusses the advantages and disadvantages of the various schemes that have been proposed in the literature.

This book will be of interest to a wide variety of people. A beginner in the field will benefit from a simple description of the various problems and solutions. Such a person will also gain by having a ready compendium of important results in this area thereby saving such a person from the problem of information overload. Thus, this book can be used as a textbook in the first class focusing on security in ad hoc networks.

This book addresses the problems and brings solutions to the security issues of ad-hoc networks. Topics included are threat attacks and vulnerabilities, basic cryptography mechanisms, authentication, secure routing, firewalls, security policy management, and future developments.

Uncover, plug, and ethically disclose security flaws

Prevent catastrophic network attacks by exposing security flaws, fixing them, and ethically reporting them to the software author. Fully expanded to cover the hacker's latest devious methods, Gray Hat Hacking: The Ethical Hacker's Handbook, Second Edition lays out each exploit alongside line-by-line code samples, detailed countermeasures, and moral disclosure procedures. Find out how to execute effective penetration tests, use fuzzers and sniffers, perform reverse engineering, and find security holes in Windows and Linux applications. You'll also learn how to trap and autopsy stealth worms, viruses, rootkits, adware, and malware.

Written by key members of Juniper Network's ScreenOS development team, this one-of-a-kind Cookbook helps you troubleshoot secure networks that run ScreenOS firewall appliances. This book: offers scores of recipes that address a wide range of security issues; provides step-by-step solutions; and, includes discussions of why the recipes work, so you can easily set up and keep ScreenOS systems on track. "ScreenOS Cookbook" gives you real-world fixes, techniques, and configurations that save time - not hypothetical situations out of a textbook. This book comes directly from the experience of engineers who have seen and fixed every conceivable ScreenOS network topology, from small branch office firewalls to appliances for large core enterprise and government, to the heavy duty protocol driven service provider network. Its easy-to-follow format enables you to find the topic and specific recipe you need right away and match it to your network and security issue.Topics include: Configuring and managing ScreenOS firewalls; NTP (Network Time Protocol); Interfaces, Zones, and Virtual Routers; Mitigating Denial of Service Attacks; DDNS, DNS, and DHCP; IP Routing; Policy-Based Routing; Elements of Policies; Authentication; Application Layer Gateway (SIP, H323, RPC, RTSP, etc.

Windows CardSpace empowers organizations to prevent identity theft and systematically address a broad spectrum of security and privacy challenges. Understanding Windows CardSpaceis the first insider’s guide to Windows CardSpace and the broader topic of identity management for technical and business professionals. Drawing on the authors’ unparalleled experience earned by working with the CardSpace product team and by implementing state-of-the-art CardSpace-based systems at leading enterprises, it offers unprecedented insight into the realities of identity management: from planning and design through deployment.

Part I introduces the fundamental concepts of user-centered identity management, explains the context in which Windows CardSpace operates, and reviews the problems CardSpace aims to solve. Next, the authors walk through CardSpace from a technical standpoint, describing its technologies, elements, artifacts, operations and development practices, and usage scenarios. Finally, they carefully review the design and business considerations associated with architecting solutions based on CardSpace or any other user-centered identity management

system. Coverage includes

• The limitations of current approaches to authentication and identity management
• Detailed information on advanced Web services
• The Identity Metasystem, the laws of identity, and the ideal authentication system
• Windows CardSpace: What it is, how it works, and how developers and managers can use it in their organizations
• CardSpace technology: user experience, Information Cards, private desktops, and integration with .NET 3.5 and Windows Vista
• CardSpace implementation: from HTML integration through federation, Web services integration, and beyond
• Adding personal card support to a website: a detailed, scenario-based explanation
• Choosing or becoming an identity provider: opportunities, business impacts, operational issues, and pitfalls to avoid
• Using CardSpace to leverage trust relationships and overcome phishing

As you get more involved with PCs, you’ll start accumulating tons of files, such as pictures, movies, and documents. In addition, you’ll eventually have numerous software applications installed on your computer for work and pleasure. The proper periodic backup of your valuable data is crucial to ensure that you have it forever.

Anyone who uses the Internet, email, or a computer should read this book. Whether you are a self-proclaimed computer illiterate or a lifelong IT professional, this book will give you the tools and understanding to properly migrate and back up your valuable data, as well as make better use of your PC.