security
advertisement
SECURITY Featuring CSX™ and CISM® Exam Prep ISACA BOOKSTORE isaca.org/bookstore CSX™ and CISM® Exam Prep Materials CSX Cybersecurity Fundamentals Study Guide by ISACA ISACA® (isaca.org) helps global professionals lead, adapt and assure trust in an evolving digital world by offering innovative and world-class knowledge, standards, networking, credentialing and career development. Established in 1969, ISACA is a global nonprofit association of 140,000 professionals in 180 countries. ISACA also offers the Cybersecurity Nexus™ (CSX), a holistic cybersecurity resource, and COBIT®, a business framework to govern enterprise technology. The CSX Cybersecurity Fundamentals Study Guide is a comprehensive study aid that will help to prepare learners for the Cybersecurity Fundamentals Certificate exam. By passing the exam and agreeing to adhere to ISACA’s Code of Ethics, candidates will earn the Cybersecurity Fundamentals Certificate, a knowledge-based certificate that was developed to address the growing demand for skilled cybersecurity professionals. The CSX Cybersecurity Fundamentals Study Guide covers key areas that will be tested on the exam, including: cybersecurity concepts, security architecture principles, incident response, security of networks, systems, applications, and data, and security implications of evolving technology. Print Member: US $45.00 Non-member: US $55.00 Product Code: CSXG1 eBook Product Code: WCSXG1 NEW! CISM® Review Questions, Answers & Explanations Manual, 8th Edition by ISACA The CISM® Review Questions, Answers & Explanations Manual, 8th Edition consists of 950 multiple-choice study questions, answers and explanations, which are organized according to the CISM job practice domains. The questions, answers and explanations are intended to introduce the CISM candidate to the types of questions that appear on the CISM exam. They are not actual questions from the exam. Questions are sorted by CISM job practice domains and a sample exam of 200 questions is also provided. To help exam candidates maximize—and customize— their study efforts, questions are presented in the following two ways: • Sorted by job practice area—Questions, answers and explanations are sorted by the CISM job practice areas. This allows the CISM candidate to refer to questions that focus on a particular area as well as to evaluate comprehension of the topics covered within each practice area. • Scrambled as a sample 200-question exam—200 of the 950 questions included in the manual are selected to represent a full-length CISM exam, with questions chosen in the same percentages as the current CISM job practice areas. Member: US $100.00 Non-member: US $130.00 Product Code: CQA8ED Contact the ISACA Bookstore E-mail: bookstore@isaca.org Tel: +1.847.660.5650 Fax: +1.847.253.1443 Order online at isaca.org/bookstore Security Resources ® CISM Exam Prep Materials NEW! NEW! CISM Review Manual, 14th Edition ® by ISACA The CISM Review Manual, 14th Edition assists candidates to study and understand essential concepts in the following job practice areas: ® • Information Security Governance • Information Risk Management and Compliance • Information Security Program Development and Management • Information Security Incident Management Each of the book’s four chapters has been divided into two sections for focused study. Section one of each chapter contains the definitions and objectives for the four areas, as well as the corresponding tasks performed by information security managers and knowledge statements that are tested on the exam. The manual includes: • A map of the relationship of each task to the knowledge statements • A reference guide for the knowledge statements, including the relevant concepts and explanations • References to specific content in section two for each knowledge statement • Self-assessment questions and explanations of the answers • Suggested resources for further study CISM Review Questions, Answers & Explanations Database—12-Month Subscription ® by ISACA The CISM® Review Questions, Answers & Explanations Database is a comprehensive 950-question pool of items that contains the questions from the CISM® Review Questions, Answers & Explanations Manual 8th Edition. by ISACA by ISACA Cybersecurity has evolved as a new field of interest, gaining political and societal attention. Given this magnitude, the future tasks and responsibilities associated with cybersecurity will be essential to organizational survival and profitability. This publication applies the COBIT 5 framework and its component publications to transform cybersecurity in a systemic way. The threat environment has radically changed over the last decade. Most enterprises have not kept pace and lack the necessary fundamentals required to prepare and plan against cyber attacks. To successfully expel attackers, the enterprise must be able to conduct an investigation, feed the threat intelligence into a detailed remediation/ eradication plan and then execute the remediation/ eradication plan. This publication covers a few of the basic concepts that will help answer the key questions posed by a new perspective which understands that a breach WILL eventually occur. Print Member: US $35.00 Non-member: US $60.00 Product Code: CB5TC1 Exam candidates can take sample exams with randomly selected questions and view the results by job practice domain, allowing for concentrated study in particular areas. Additionally questions generated during a study session are sorted based on previous scoring history, allowing CISM candidates to identify their strengths and weaknesses and focus their study efforts accordingly. Other features provide the ability to select sample exams by specific job practice domain, view questions that were previously answered incorrectly and vary the length of study sessions, giving candidates the ability to customize their study approach to fit their needs. 2016 CISM Member: US $185.00 Non-member: US $225.00 Product Code: XMXCM15-12M Section two of each chapter consists of reference material and content that support the knowledge statements. The material enhances CISM candidates’ knowledge and/or understanding when preparing for the CISM certification exam. Also included are definitions of terms most commonly found on the exam. Also available in Spanish Responding to Targeted Cyberattacks The database is available via the web, allowing our CISM candidates to log in at home, at work or anywhere they have Internet connectivity. The database is MAC and Windows compatible. Review Questions, Answers & Explanations Database Member: US $105.00 Non-member: US $135.00 Product Code: CM14ED Transforming Cybersecurity CISM® Review Questions, Answers & Explanations Database—6-Month Extension by ISACA The CISM® Questions, Answers & Explanations Database— 6-Month Extension can only be purchased only as an extension to the CISM® Questions, Answers & Explanations Database—12-Month Subscription. The database is available via the web, allowing CISM Candidates to log in at home, at work or anywhere they have Internet connectivity. 2016 CISM Review Questions, Answers & Explanations Database Member: US $45.00 Non-member: US $65.00 Product Code: XMXCM15-EXT180 Print Member: US $35.00 Non-member: US $59.00 Product Code: RTC eBook Product Code: WCB5TC1 Free member download eBook Product Code: WRTC Free member download Business Continuity and Disaster Recovery for IT Professionals, 2nd Edition Also available in Japanese by S. Snedaker Powerful Earthquake Triggers Tsunami in Pacific. Wildfires Burn Hundreds of Houses and Businesses in Colorado. Tornado Touches Down in Missouri. These headlines not only have caught the attention of people around the world, they have had a significant effect on IT professionals as well. The new second edition of Business Continuity and Disaster Recovery for IT Professionals gives you the most up-to-date planning and risk management techniques for business continuity and disaster recovery (BCDR). With distributed networks, increasing demands for confidentiality, integrity and availability of data, and the widespread risks to the security of personal, confidential and sensitive data, no organization can afford to ignore the need for disaster planning. Author Susan Snedaker shares her expertise, including the most current options for disaster recovery and communication, BCDR for mobile devices, and the latest infrastructure considerations including cloud, virtualization, clustering, and more. Snedaker also provides new case studies in several business areas, along with a review of high availability and information security in healthcare IT. Member: US $70.00 Non-member: US $80.00 Product Code: 6SYN2 Securing Mobile Devices by ISACA Securing Mobile Devices should be read in the context of the existing publications COBIT® 5 for Information Security, Business Model for Information Security (BMIS) and COBIT 5 itself. This publication is intended for several audiences who use mobile devises directly or indirectly. These include end users, IT administrators, information security managers, service providers for mobile devices and IT auditors. The main purpose of applying COBIT 5 to mobile device security is to establish a uniform management framework and to give guidance on planning, implementing and maintaining comprehensive security for mobile devices in the context of enterprises. The secondary purpose is to provide guidance on how to embed security for mobile devices in a corporate governance, risk management and compliance (GRC) strategy using COBIT 5 as the overarching framework for GRC. Print Member: US $35.00 Non-member: US $75.00 Product Code: CB5SMD1 eBook Product Code: WCB5SMD1 Free member download Order online at isaca.org/bookstore Order online at isaca.org/bookstore Security Resources Cybersecurity Guidance for Small and Medium-sized Enterprises Implementing Cybersecurity Guidance for Small and Medium-sized Enterprises Security Considerations for Cloud Computing by ISACA by ISACA Cyber security is a topic of interest for most enterprises, regardless of their size. Cyber crime and cyber warfare are not restricted to large, multinational enterprises. Increasing numbers of small and medium-sized enterprises (SMEs) are being targeted. ISACA’s Cybersecurity Guidance for Small and Medium-sized Enterprises is designed to meet the needs of typical SMEs: reasonable security at affordable cost while helping SMEs to prepare for, and manage, typical cyber security issues, risk and threats. SMEs need hands-on guidance for affordable and effective cybersecurity. ISACA’s Cybersecurity Guidance for Small and Medium-sized Enterprises and this Implementing Cybersecurity Guidance for Small and Medium-sized Enterprises are designed to meet the needs of typical SMEs: reasonable security at affordable cost. These publications help SMEs to prepare for, and manage, typical cybersecurity issues, risk and threats. Another publication in the Cloud Computing Vision Series, Security Considerations for Cloud Computing presents practical guidance to facilitate the decision process for IT and business professionals who are looking to move to the cloud. It helps enable effective analysis and measurement of risk through use of decision trees and checklists outlining the security factors to be considered when evaluating the cloud as a potential solution. Print Member: US $35.00 Non-member: US $60.00 Product Code: CSXE eBook Product Code: WCSXE Print Member: US $35.00 Non-member: US $60.00 Product Code: CSXI eBook Product Code: WCSXI by E. Amoroso The STUDENT EDITION features several case studies illustrating actual implementation scenarios of the principals and requirements discussed in the text. It boasts a new and complete instructor ancillary package including test bank, IM, Ppt slides, case study questions, and more. Member: US $70.00 Non-member: US $80.00 Product Code: 11EL2 Order online at isaca.org/bookstore Print Member: US $35.00 Non-member: US $75.00 Product Code: SCC This implementation publication provides practical advice on how to implement cybersecurity governance, risk management, assurance and compliance using Cybersecurity Guidance for Small and Medium-sized Enterprises and its COBIT 5 foundation. Examples and cases give SMEs insights into implementing the standard. Cyber Attacks: Protecting National Infrastructure This textbook offers a technical, architectural, and management approach to solving the problems of protecting national infrastructure and includes practical and empirically-based guidance for students wishing to become security engineers, network operators, software designers, technology managers, application developers, Chief Security Officers, etc. This book serves as an attractive framework for a new national strategy for cyber security, as each principle is presented as a separate security strategy, along with pages of compelling examples that demonstrate use of the principle. A specific set of criteria requirements allows students to understand how any organization, such as a government agency, integrates the principles into their local environment. by ISACA Advanced Persistent Threats: How to Manage the Risk to Your Business by ISACA This book explains the nature of the security phenomenon known as the advanced persistent threat (APT). It also provides helpful advice on how to assess the risk of an APT to the organization and recommends practical measures that can be taken to prevent, detect and respond to such an attack. In addition, it highlights key differences between the controls needed to counter the risk of an APT attack and those commonly used to mitigate everyday information security risk. Print Member: US $35.00 Non-member: US $60.00 Product Code: APT eBook Product Code: WAPT Free member download eBook Product Code: WSCC Free member download The Rootkit Arsenal: Escape and Evasion in the Dark Corners of the System, 2nd Edition by Bill Blunden While forensic analysis has proven to be a valuable investigative tool in the field of computer security, utilizing anti-forensic technology makes it possible to maintain a covert operational foothold for extended periods, even in a high-security environment. Adopting an approach that favors full disclosure, the updated second edition of The Rootkit Arsenal presents the most accessible, timely, and complete coverage of forensic countermeasures. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented. Member: US $74.00 Non-member: US $84.00 Product Code: 4JBSS FISMA Compliance Handbook, Second Edition by L. Taylor This book walks the reader through the entire FISMA compliance process and includes guidance on how to manage a FISMA compliance project from start to finish. The book has chapters for all FISMA compliance deliverables and includes information on how to conduct a FISMA compliant security assessment. Various topics discussed in this book include the NIST Risk Management Framework, how to characterize the sensitivity level of your system, contingency plan, system security plan development, security awareness training, privacy impact assessments, security assessments and more. Readers will learn how to obtain an Authority to Operate for an information system and what actions to take in regards to vulnerabilities and audit findings. FISMA Compliance Handbook Second Edition also includes all-new coverage of federal cloud computing compliance from author Laura Taylor, the federal government’s technical lead for FedRAMP, the government program used to assess and authorize cloud products and services. Member: US $55.00 Non-member: US $65.00 Product Code: 15SYN Information Security Governance Simplified: From the Boardroom to the Key Board by Todd Fitzgerald Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights various control frameworks. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recovery, and identity management. Member: US $80.00 Non-member: US $90.00 Product Code: 54CRC Order online at isaca.org/bookstore Security Resources Securing Cloud Services: A Pragmatic Guide to Security Architecture in the Cloud Computer Forensics InfoSec Pro Guide by Lee Newcombe Find out how to excel in the field of computer forensics investigations. Learn what it takes to transition from an IT professional to a computer forensic examiner in the private sector. Written by a Certified Information Systems Security Professional, Computer Forensics: InfoSec Pro Guide is filled with real-world case studies that demonstrate the concepts covered in this book. You’ll learn how to set up a forensics lab, select hardware and software, choose forensic imaging procedures, test your tools, capture evidence from different sources, follow a sound investigative process, safely store evidence, and verify your findings. Best practices for documenting your results, preparing reports, and presenting evidence in court are also covered in this detailed resource. This book provides an overview of security architecture processes and explains how they may be used to derive an appropriate set of security controls to manage the risks associated with working in the cloud. It is aimed at business decision makers, senior IT stakeholders, enterprise architects, information security professionals and anyone else who is interested in working with cloud services, but might be concerned about the potential security implications. Member: US $40.00 Non-member: US $50.00 Product Code: 16ITSCS by David Cowen Pragmatic Security Metrics: Applying Metametrics to Info Sec The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws, 2nd Edition by W. Krag Brotby; Gary Hinson by Dafydd Stuttard, Marcus Pinto Other books on information security metrics discuss number theory and statistics in academic terms. Light on mathematics and heavy on utility, Pragmatic Security Metrics: Applying Metametrics to Info Sec breaks the mold. This is the ultimate how-to-do-it guide for security metrics. Packed with time-saving tips, the book offers easy-to-follow guidance for those struggling with security metrics. Step by step, it clearly explains how to specify, develop, use, and maintain an information security measurement system (a comprehensive suite of metrics). Web applications are the front door to most organizations, exposing them to attacks that may disclose personal information, execute fraudulent transactions, or compromise ordinary users. This practical book has been completely updated and revised to discuss the latest step-by-step techniques for attacking and defending the range of ever-evolving web applications. You’ll explore the various new technologies employed in web applications that have appeared since the first edition and review the new attack techniques that have been developed, particularly in relation to the client side. Member: US $70.00 Non-member: US $80.00 Product Code: 55CRC Member: US $40.00 Non-member: US $50.00 Product Code: 34MCF There’s A New Sheriff In Town by Mary Lou Heastings This compilation is a reminder to security professionals that security is no longer about implementing the latest technologies; the role has evolved to one of adding value to the company. Security leaders must help the business understand operational risks and the business value of risk management. “These writers have given some valuable insight that is worth the read.” – Cynthia Whitley, CISO Fortune 100 Insurance Company “It’s like having a who’s who of security at your beck and call. Many of these contributors have the knowledge to draft a book of their own, but combined with each contributing from their field of expertise makes this book a must have for any serious Security Executive.” – Frank Artes, Vice President, Converged Security (North America) Deluxe Entertainment Services Group, Inc. Member: US $20.00 Non-member: US $30.00 Product Code: 2EA Order online at isaca.org/bookstore Cloud Computing—Assessing the Risks Access Control, Security and Trust: A Logical Approach by Jared Carstensen, Bernard Golden, JP Morgenthal by Shiu-Kai Chin, Beth Older Written by three internationally renowned experts, this book discusses the primary concerns of most businesses leaders regarding cloud computing, primarily: “How safe is it?”, “Is it reliable?”, “How secure will your information be?” Cloud Computing—Assessing the Risks answers these questions and many more. Using jargon-free language and relevant examples, analogies and diagrams, it is an up-to-date, clear and comprehensive guide the security, governance, risk, and compliance elements of Cloud Computing. Access Control, Security, and Trust: A Logical Approach equips readers with an access control logic that they can use to specify and verify their security designs. Throughout the text, the authors use a single access control logic based on a simple propositional modal logic. The first part of the book presents the syntax and semantics of access control logic, basic access control concepts, and an introduction to confidentiality and integrity policies. The second section covers access control in networks, delegation, protocols and the use of cryptography. In the third section, the authors focus on hardware and virtual machines. The final part discusses confidentiality, integrity and role-based access control. Taking a logical, rigorous approach to access control, this book shows how logic is a useful tool for analyzing security designs and spelling out the conditions upon which access control decisions depend. Member: US $40.00 Non-member: US $50.00 Product Code: 17ITCC Member: US $50.00 Non-member: US $60.00 Product Code: 97WWAH Hacking Exposed Wireless: Wireless Security Secrets & Solutions, 2nd Edition by Johnny Cache, Joshua Wright and Vincent Liu Protect wireless systems from crippling attacks using the detailed security information in this comprehensive volume. Thoroughly updated to cover today’s established and emerging wireless technologies, Hacking Exposed Wireless, 2nd Edition reveals how attackers use readily available and custom tools to target, infiltrate and hijack vulnerable systems. The book discusses the latest developments in Wi-Fi, Bluetooth, ZigBee and DECT hacking, and explains how to perform penetration tests, reinforce WPA protection schemes, mitigate packet injection risk, and lock down Bluetooth and RF devices. Cutting-edge techniques for exploiting Wi-Fi clients, WPA2, cordless phones, Bluetooth pairing and ZigBee encryption are also covered in this fully revised guide. Member: US $50.00 Non-member: US $60.00 Product Code: 17MHE Member: US $100.00 Non-member: US $110.00 Product Code: 48CRC Order online at isaca.org/bookstore Security Resources Honeypots: A New Paradigm to Information Security Securing the Clicks: Network Security in the Age of Social Media Hacking Exposed 7: Network Security Secrets & Solutions Anti-Hacker Tool Kit, Fourth Edition by R. C. Joshi and Anjali Sardana by Gary Bahadur, Jason Inasi and Alex de Carvalho by Stuart McClure, Joel Scambray and George Kurtz A well-rounded, accessible exposition of honeypots in both wired and wireless networks, this book addresses honeypots from a variety of perspectives. Case studies enhance the practical understanding of the subject, along with a strong theoretical foundation. The book covers the latest technology in information security and honeypots, including honeytokens, honeynets and honeyfarms. Securing the Clicks: Network Security in the Age of Social Media explains the latest threats along with detailed fixes, best practices, and “from the headlines” case studies. Readers will find ways how to analyze risk, implement robust security protocols, and enforce social media usage policies. Regulatory compliance, online reputation management, and incident response are also covered in this comprehensive volume. Hacking Exposed 7: Network Security Secrets & Solutions is filled with all new information on today’s most devastating attacks and proven countermeasures. The book covers advanced persistent threats, infrastructure hacks, industrial automation and embedded devices, wireless security, the new SCADA protocol hacks, Microsoft Windows Server 2010, Web 2.0, Unbuntu Linux, hardware, Cisco, RFID, malware, and more! Fully revised to include cutting-edge new tools for your security arsenal, Anti-Hacker Tool Kit, Fourth Edition reveals how to protect your network from a wide range of nefarious exploits. You’ll get detailed explanations of each tool’s function along with best practices for configuration and implementation illustrated by code samples and up-to-date, real-world case studies. This new edition includes references to short videos that demonstrate several of the tools in action. Organized by category, this practical guide makes it easy to quickly find the solution you need to safeguard your system from the latest, most devastating hacks. Member: US $140.00 Non-member: US $150.00 Product Code: 49CRC Cybersecurity for Executives: A Practical Guide by Gregory J. Touhil and C. Joseph Touhill Practical guide that can be used by executives to make well-informed decisions on cyber security issues to better protect their business • Emphasizes, in a direct and uncomplicated way, how executives can identify, understand, assess, and mitigate risks associated with cybersecurity issues • Covers ‘What to Do When You Get Hacked?’ including Business Continuity and Disaster Recovery planning, Public Relations, Legal and Regulatory issues, and Notifications and Disclosures • Provides steps for integrating cyber security into Strategy; Policy and Guidelines; Change Management and Personnel Management. • Identifies cyber security best practices that executives can and should use both in the office and at home to protect their vital information Member: US $75.00 Non-member: US $85.00 Product Code: 120WCS Member: US $50.00 Non-member: US $60.00 Product Code: 2MCG7 Member: US $40.00 Non-member: US $50.00 Product Code: 27MSC Member: US $50.00 Non-member: US $60.00 Product Code: 38MAH Developing and Securing the Cloud Fraud Analysis Techniques Using ACL by Bhavani Thuraisingham by David Coderre Engineering Safe and Secure Software Systems Developing and Securing the Cloud provides a comprehensive overview of cloud computing technology. Presenting a framework for secure cloud computing development, the book describes supporting technologies for the cloud such as web services and security. It details the various layers of the cloud computing framework, including the virtual machine monitor and hypervisor, cloud data storage, cloud data management, and virtual network monitor. It also provides several examples of cloud products and prototypes, including private, public, and U.S. government clouds. Fraud Analysis Techniques Using ACL offers auditors and investigators: by C Warren Axelrod This diverse reference is suitable for those in industry, government, and academia. Technologists will develop the understanding required to select the appropriate tools for particular cloud applications. Developers will discover alternative designs for cloud development, and managers will understand if it’s best to build their own clouds or contract them out. The tool kit also contains 12 utility scripts and a self-study course on ACL scripting, which includes exercises, data files and proposed answers. Filled with screen shots, flow charts, example data files descriptive commentary highlighting explaining each step, and case studies offering real-world examples of how the scripts can be used to search for fraud it is the only tool kit you will need to harness the power of ACL to spot fraud. Member: US $80.00 Non-member: US $90.00 Product Code: 57CRC • A CD-ROM containing a thorough fraud tool kit with two sets of customizable scripts to serve your specific audit needs • Case studies and sample data files that you can use to try out the tests • Step-by-step instructions on how to run the tests • A self-study course on ACL script development with exercises, data files and suggested answers Member: US $211.00 Non-member: US $221.00 Product Code: 82WACL Contains CD-ROM Order online at isaca.org/bookstore by Mike Shema This first-of-its-kind resource offers a broad and detailed understanding of software systems engineering from both security and safety perspectives. Addressing the overarching issues related to safeguarding public data and intellectual property, the book defines such terms as systems engineering, software engineering, security, and safety as precisely as possible, making clear the many distinctions, commonalities, and interdependencies among various disciplines. You explore the various approaches to risk and the generation and analysis of appropriate metrics. This unique book explains how processes relevant to the creation and operation of software systems should be determined and improved, how projects should be managed, and how products can be assured. You learn the importance of integrating safety and security into the development life cycle. Additionally, this practical volume helps identify what motivators and deterrents can be put in place in order to implement the methods that have been recommended. Member: US $109.00 Non-member: US $119.00 Product Code: 11ART Order online at isaca.org/bookstore Security Resources Cybercrime: The Investigation, Prosecution and Defense of a Computer-Related Crime, 3rd Edition Applied Cyber Security and the Smart Grid, 1st Edition Mobile Application Security Ralph D. Clifford, Editor by Eric Knapp and Raj Samani As technology grows increasingly complex, so does computer crime. In this third edition, the author leads a team of nationally reknowned experts in cyber crime (gathered from the diverse fields of academia, private and governmental practice) to unfold the legal mysteries of computer crime. The book explores the variety of crimes that involve computer technology and provides essential details on procedural and tactical issues associated with the prosecution and defense of cyber crime. Many people think of the Smart Grid as a power distribution group built on advanced smart metering-but that’s just one aspect of a much larger and more complex system. The “Smart Grid” requires new technologies throughout energy generation, transmission and distribution, and even the homes and businesses being served by the grid. This also represents new information paths between these new systems and services, all of which represents risk, requiring a more thorough approach to where and how cyber security controls are implemented. Implement a systematic approach to security in mobile application development with help from this practical guide. Featuring case studies, code examples and best practices, Mobile Application Security details how to protect against vulnerabilities in the latest smartphone and PDA platforms. Maximize isolation, lockdown internal and removable storage, work with sandboxing and signing, and encrypt sensitive user information. Safeguards against viruses, worms, malware and buffer overflow exploits are also covered in this comprehensive resource. Member: US $38.00 Non-member: US $48.00 Product Code: 1CAP3 by Himanshu Dwivedi, Chris Clark and David Thiel Member: US $50.00 Non-member: US $60.00 Product Code: 21MMS This insight provides a detailed architecture of the entire Smart Grid, with recommended cyber security measures for everything from the supply chain to the consumer. by Tyson Macaulay and Bryan L. Singer Highlighting the key issues that need to be addressed, the book begins with a thorough introduction to ICS. It discusses business, cost, competitive, and regulatory drivers and the conflicting priorities of convergence. Next, it explains why security requirements differ from IT to ICS. It differentiates when standard IT security solutions can be used and where SCADA-specific practices are required. The book examines the plethora of potential threats to ICS, including hi-jacking malware, botnets, spam engines, and porn dialers. It outlines the range of vulnerabilities inherent in the ICS quest for efficiency and functionality that necessitates risk behavior such as remote access and control of critical equipment. Member: US $84.00 Non-member: US $94.00 Product Code: 60CRC Order online at isaca.org/bookstore Bruce Schneier is known worldwide as the foremost authority and commentator on every security issue from cyber-terrorism to airport surveillance. This groundbreaking book features more than 160 commentaries on recent events including the Boston Marathon bombing, the NSA’s ubiquitous surveillance programs, Chinese cyber attacks, the privacy of cloud computing, and how to hack the Papal election. Timely as an Internet news report and always insightful, Schneier explains, debunks, and draws lessons from current events that are valuable for security experts and ordinary citizens alike. Member: US $30.00 Non-member: US $40.00 Product Code: 103WCO The updated and revised second edition of this popular book covers: • Big Data • Critical infrastructure by Richard Spinello by Bruce Schneier Cloud computing is the present and future of IT, a utility service that promises unlimited, cheap, and reliable IT services for all. But at present, there still are significant risks involved in the use of cloud computing for organizations, including legal and business risks. Executives, and the lawyers and risk professional who advise them, must understand how to identify, assess, and respond to these risks in their own organizations and in cloud service providers and do so in a globally-aware manner. • Bring your own device (BYOD) Cyberethics—Morality and Law in Cyberspace, Fifth Edition Carry On: Sound Advice from Schneier on Security by Thomas J. Shaw Esq • Personal clouds Member: US $60.00 Non-member: US $70.00 Product Code: 10SYN Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS Cloud Computing for Lawyers and Executives: A Global Approach, 2nd Edition The fully revised and updated fifth edition of Cyberethics: Morality and Law in Cyberspace offers an in-depth and comprehensive examination of the social costs and moral issues emerging from ever-expanding use of the Internet and new information technologies. Focusing heavily on content control, free speech, intellectual property, and security, Cyberethics: Morality and Law in Cyberspace provides legal and philosophical discussions of these critical issues. • Cloud taxation, and much more. This book presents the information and analytical tools needed by lawyers and risk professionals to guide their executives and organizational clients in assessing, treating, and negotiating cloud computing services using risk-based methodologies. Member: US $100.00 Non-member: US $110.00 Product Code: 3ABA This new edition includes real-life case studies, including all-new examples focusing on Google, Facebook, video games, reader’s rights, and the LulzSec Hackers, provide real-world context. Ideal for undergraduate computer ethics courses as well as a general readership, Cyberethics is an excellent resource for students and laypeople alike. Member: US $107.00 Non-member: US $117.00 Product Code: 5JBC Order online at isaca.org/bookstore Security Resources Cloud Management and Security COBIT® 5 for Information Security Cyber Security Policy Guidebook Cyber Forensics: From Data to Digital Evidence by Imad M. Abbadi by ISACA by Albert J. Marcella, Jr. and Frederic Guillossou Written by an expert with over 15 years’ experience in the field, this book establishes the foundations of Cloud computing, building an in-depth and diverse understanding of the technologies behind Cloud computing. COBIT 5 for Information Security provides guidance to help IT and security professionals understand, utilize, implement and direct important information security-related activities, and make more informed decisions while maintaining awareness about emerging technologies and the accompanying threats. by Jennifer Bayuk, Jason Healy, Paul Rohmeyer, Marcus Sachs, Jeffrey Scmidt Joseph Weiss The book begins with a focus on the main components constituting the Cloud and federated Cloud infrastructure (e.g., interactions and deployment), discusses management platforms (resources and services), identifies and analyzes the main properties of the Cloud infrastructure, and presents Cloud automated management services: virtual and application resource management services. It goes on to analyze the problem of establishing trustworthy Cloud, discusses foundation frameworks for addressing this problem—focusing on mechanisms for treating the security challenges, explores foundation frameworks and mechanisms for remote attestation in Cloud and establishing Cloud trust anchors, and lastly provides a framework for establishing a trustworthy provenance system and describes its importance in addressing major security challenges such as forensic investigation, mitigating insider threats and operation management assurance. Additionally, real-life commercial and open source examples of some of the concepts discussed are provided. Member: US $92.00 Non-member: US $102.00 Product Code: 118WCM Learn how to: • Reduce complexity and increase cost-effectiveness • Increase user satisfaction with information security arrangements and outcomes • Improve integration of information security • Inform risk decisions and risk awareness • Reduce information security incidents • Enhance support for innovation and competitiveness Print Member: US $35.00 Non-member: US $80.00 Product Code: CB5IS eBook Member: US $35.00 Non-member: US $75.00 Product Code: WCB5IS Bookstore Special Savings! Purchase the Print format at the regular price and get the eBook for just: Member US $15.00 / Non-Member US $30.00 Cyber Crime & Warfare: All That Matters by Peter Warren and Michael Streeter In Cyber Crime & Warfare: All That Matters, Peter Warren and Michael Streeter outline the history, scale and importance of cyber crime. In particular they show how cyber crime, cyber espionage and cyber warfare now pose a major threat to society. After analysing the origins of computer crime among early hackers the authors describe how criminal gangs and rogue states have since moved into the online arena with devastating effect at a time when the modern world—including all the communication services and utilities we have come to take for granted—has become utterly dependent on computers and the internet. Member: US $15.00 Non-member: US $25.00 Product Code: 1HSCC Order online at isaca.org/bookstore Drawing upon a wealth of experience from academia, industry, and government service, Cyber Security Policy Guidebook details and dissects, in simple language, current organizational cyber security policy issues on a global scale-taking great care to educate readers on the history and current approached to the security of cyberspace. The Guidebook delves into organizational implementation issues, and equips readers with descriptions of the positive and negative impact of specific policy choices. Learn how to: • Explain what is meant by cyber security and cyber security policy • Discuss the process by which cyber security policy goals are set This book explains the basic principles of data as building blocks of electronic evidential matter, which are used in cyber forensics investigations. The entire text is written with no reference to a particular operation system or environment, thus it is applicable to all work environments, cyber investigation scenarios, and technologies. The text is written in a step-by-step manner, beginning with the elementary building blocks of data progressing upwards to the representation and storage of information. It includes practical examples and illustrations throughout to guide the reader. Member: US $80.00 Non-member: US $90.00 Product Code: 100WCF • Educate the reader on decision-making processes related to cyber security, and more With a glossary that puts cyber security language in layman’s terms, and diagrams that help explain complex topics, Cyber Security Policy Guidebook gives students, scholars, and technical decision-makers the necessary knowledge to make information decisions on cyber security policy. Member: US $90.00 Non-member: US $100.00 Product Code: 96WCSP CyberSecurity and CyberWar—What Everyone Needs to Know® by P.W. Singer and Allan Friedman In Cybersecurity and CyberWar: What Everyone Needs to Know, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do? Along the way, they take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the “Anonymous” hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and U.S. militaries. Cybersecurity and CyberWar— What Everyone Needs to Know is the definitive account on the subject for us all, which comes not a moment too soon. Member: US $17.00 Non-member: US $27.00 Product Code: 2OX Order online at isaca.org/bookstore Security Resources Fraud Prevention and Detection: Warning Signs and the Red Flag Systems Guide to Firewalls and VPNs, 3rd Edition by Rodney T. Stamler, Hans J. Marschdorf, Mario Possamai This third edition explores firewalls in the context of these critical elements, providing an in-depth guide that focuses on both managerial and technical aspects of security. Coverage includes packet filtering, authentication, proxy servers, encryption, bastion hosts, virtual private networks (VPNs), log file maintenance, and intrusion detection systems. The text also features an abundant selection of realistic projects and cases incorporating cutting-edge technology and current trends, giving students the opportunity to hone and apply the knowledge and skills they will need as working professionals. Guide to Firewalls and VPNs includes new and updated cases and projects, enhanced coverage of network security and VPNs, and information on relevant National Institute of Standards and Technology guidelines used by businesses and information technology professionals. Fraud Prevention and Detection: Warning Signs and the Red Flag Systems enables officers and directors, internal and external stakeholders, as well as outside analysts to protect themselves and their organizations against fraud by effectively detecting, analyzing, and acting on early Red Flag warning signs. Based on an empirically tested strategy, the Red Flag System reflects the authors’ more than 100 years combined experience in the investigation of fraud in high-profile, global cases in North America, Africa, Europe, and the Far East. Readers of this book will: • Acquire a general awareness of the nature, characteristics, and dynamics of fraud • Understand the process for determining whether a fraud has been committed by Michael E. Whitman, Herbert J. Mattord, Andrew Green by Mark Collier and David Endler by Joel Scambray, Jason Rouse, Neil Bergman, Mike Stanfield, Sarath Geethakumar, Swapnil Deshmukh and Scott Mats This comprehensive guide features all-new chapters, case studies, and examples to highlight latest techniques for averting UC disaster. Topics teach how to: • Understand how hackers target vulnerable UC devices and entire networks • Defend against TDoS, toll fraud, and service abuse • Block calling number hacks and calling number spoofing • Thwart voice social engineering and phishing exploits • Employ voice spam mitigation products and filters • Fortify Cisco Unified Communications Manager • And more Member: US $50.00 Non-member: US $60.00 Product Code: 36MHHE Proven security tactics for today’s mobile apps, devices, and networks “A great overview of the new threats created by mobile devices. ...The authors have heaps of experience in the topics and bring that to every chapter.” —Slashdot This cutting-edge guide reveals secure mobile development guidelines, how to leverage mobile OS features and MDM to isolate apps and data, and the techniques the pros use to secure mobile payment systems. • Tour the mobile risk ecosystem with expert guides to both attack and defense • Learn how cellular network attacks compromise devices over-the-air • See the latest Android and iOS attacks in action, and learn how to stop them • Delve into mobile malware at the code level to understand how to write resilient apps • Defend against server-side mobile attacks, including SQL and XML injection, and much more. Penetration Tester’s Open Source Toolkit, 3rd Edition by Jeremy Faircloth Great commercial penetration testing tools can be very expensive and sometimes hard to use or of questionable accuracy. This book helps solve both of these problems. The open source, no-cost penetration testing tools presented do a great job and can be modified by the user for each situation. Many tools, even ones that cost thousands of dollars, do not come with any type of instruction on how and in which situations the penetration tester can best use them. Penetration Tester’s Open Source Toolkit, Third Edition, expands upon existing instructions so that a professional can get the most accurate and in-depth test results possible. Real-life scenarios are a major focus so that the reader knows which tool to use and how to use it for a variety of situations. Member: US $50.00 Non-member: US $60.00 Product Code: 11SYN Order online at isaca.org/bookstore Hacking Exposed Mobile Security Secrets and Solutions Member: US $177.00 Non-member: US $187.00 Product Code: 18IT • Develop an understanding of enterprise risk management approaches for fraud risk management, compliance risk management, and managing the risk of fraudulent financial reporting-including an understanding of the limitations inherent in these approaches, and much more. Member: US $56.00 Non-member: US $66.00 Product Code: 61CRC Hacking Exposed Unified Communications & VoIP Security Secrets & Solutions, 2nd Edition System Forensics, Investigation, and Response, 2nd Edition Member: US $40.00 Non-member: US $50.00 Product Code: 35MHEM by Chuck Easttom Computer crimes call for forensics specialists, people who know how to find and follow the evidence. System Forensics, Investigation, and Response, Second Edition begins by examining the fundamentals of system forensics, such as what forensics is, the role of computer forensics specialists, computer forensic evidence, and application of forensic analysis skills. It also gives an overview of computer crimes, forensic methods, and laboratories. It then addresses the tools, techniques, and methods used to perform computer forensics and investigation. Finally, it explores emerging technologies as well as future directions of this interesting and cutting-edge field. Member: US $102.00 Non-member: US $112.00 Product Code: 2JBSF2 Order online at isaca.org/bookstore Security Resources IBM Mainframe Security by Dinesh D. Dattani IBM Mainframe Security moves beyond the basic material available elsewhere to discuss the important issues in IBM mainframe security from a practical, real-life perspective. Author Dinesh D. Dattani covers security and audit issues, business best practices, and compliance, drawing on more than 30 years of experience as a mainframe security practitioner, consultant, and trainer. The book is written in tutorial format, with quizzes and pointers designed to help readers assess the current security in their own organizations. With IBM Mainframe Security, you will: • Learn how to identify and reduce security weaknesses at your installation • Know what it takes to adequately protect the operating system • Understand security best practices • Learn about audit issues Introduction to Healthcare Information Technology, 1st Edition Information Security Management Handbook, CD 2013 Edition Information Security Roles & Responsibilities Made Easy, Version 3.0 by Mark Ciampa and Mark Revels by James S Tiller and Rich O’Hanley by Charles Cresson Wood The healthcare industry is growing at a rapid pace and undergoing some of its most significant changes as the use of electronic health records increase. Designed for technologists or medical practitioners seeking to gain entry into the field of healthcare information systems, Introduction to Healthcare Information Technology teaches the fundamentals of healthcare IT (HIT) by using the CompTIA Healthcare IT Technician (HIT-001) exam objectives as the framework. It takes an in-depth and comprehensive view of HIT by examining healthcare regulatory requirements, the functions of a healthcare organization and its medical business operations in addition to IT hardware, software, networking, and security. Introduction to Healthcare Information Technology is a valuable resource for those who want to learn about HIT and who desire to enter this growing field by providing the foundation that will help prepare for the CompTIA HIT certificate exam. Containing the complete contents of Volumes 1-7, the Information Security Management Handbook, 2013 CD-ROM Edition is an authoritative resource that is linked and searchable by keyword. It updates the benchmark Volume 1 with information on the latest developments in information security and recent changes to the (ISC)2® CISSP Common Body of Knowledge (CBK®). Information Security Roles & Responsibilities Made Easy by security expert Charles Cresson Wood, provides over 70 pre-written job descriptions, mission statements, and organization charts that you can easily customize for your own organization. Includes time-saving tools and practical, step-by-step instructions on how to develop and document specific information security responsibilities for over 40 different key organizational roles. Member: US $73.00 Non-member: US $83.00 Product Code: 16IT Member: US $59.00 Non-member: US $69.00 Product Code: 2MCIBM The 2013 CD-ROM Edition features 27 new chapters on topics such as BYOD, IT consumerization, smart grids, secure development, and forensics. In addition to the complete contents of the 7,000 page set, the CD contains an extra volume’s worth of information-including chapters from other security and networking books that have never appeared in the print editions. Features: • Provides fundamental knowledge, skills, techniques, and tools required by all IT security professionals • Updates the sixth edition with new developments in information security and the (ISC)2® CISSP® CBK® • Covers advanced persistent threats, new HIPAA requirements, social networks, virtualization, and SOA • Discusses access control, physical security, cryptography, application security, and operations security Protecting Industrial Control Systems from Electronic Threats by Joseph Weiss Information Security Roles & Responsibilities Made Easy, Version 3.0 provides: • Over 70 pre-written, time-saving information documents • Justification to help increase management’s awareness and funding of information security • Specific advice on how to plan, document and execute an information security infrastructure project • Practical advice on how to maintain security when dealing with third parties • Valuable staffing advice and descriptions for information security professionals Member: US $495.00 Non-member: US $505.00 Product Code: 2PS3 Member: US $200.00 Non-member: US $210.00 Product Code: 56CRC Aimed at both the novice and expert in IT security and industrial control systems (ICS), this book will help readers gain a better understanding of protecting ICSs from electronic threats. Cybersecurity is getting much more attention and SCADA security (supervisory control and data acquisition) is a particularly important part of this field, as are distributed control systems (DCS), programmable logic controllers (PLCs), remote terminal units (RTUs), intelligent electronic devices (IEDs), and all other field controllers, sensors, drives and emission controls that make up the “intelligence” of modern industrial buildings and facilities. Member: US $109.00 Non-member: US $119.00 Product Code: 1MPPI Order online at isaca.org/bookstore Order online at isaca.org/bookstore Security Resources Information Security The Complete Reference, 2nd Edition Networking A Beginner’s Guide, 6th Edition by Mark Rhodes-Ousley Current, essential IT networking skills—made easy! Thoroughly revised to cover the latest technologies, this practical resource provides you with a solid foundation in networking fundamentals. Networking: A Beginner’s Guide, Sixth Edition discusses wired and wireless network design, configuration, hardware, protocols, security, backup, recovery, and virtualization. You’ll also get step-by-step instructions for installing, configuring, and managing Windows Server 2012, Exchange Server 2013, Oracle Linux, and Apache. This is the perfect book for anyone starting a networking career or in need of an easy-to-follow refresher. Information Security: The Complete Reference, Second Edition (previously titled Network Security: The Complete Reference) is the only comprehensive book that offers vendor-neutral details on all aspects of information protection, with an eye toward the evolving threat landscape. Thoroughly revised and expanded to cover all aspects of modern information security—from concepts to details—this edition provides a one-stop reference equally applicable to the beginner and the seasoned professional. Find out how to build a holistic security program based on proven methodology, risk analysis, compliance, and business needs. You’ll learn how to successfully protect data, networks, computers, and applications. In-depth chapters cover data protection, encryption, information rights management, network security, intrusion detection and prevention, Unix and Windows security, virtual and cloud security, secure application development, disaster recovery, forensics, and real-world attacks and countermeasures. Included is an extensive security glossary, as well as standards-based references. This is a great resource for professionals and students alike. by Bruce Hallberg • Understand network cabling, topologies, hardware, and the OSI seven-layer model • Connect LANs and WANs • Configure network protocols, such as TCP/IP, IPX/SPX, SMTP, DHCP, HTTP, WINS, and more • Explore directory services, such as Microsoft’s Active Directory, X.400, and LDAP Member: US $45.00 Non-member: US $55.00 Product Code: 37MCNB Member: US $70.00 Non-member: US $80.00 Product Code: 32MIS BEST SELLER! IT Security Metrics: A Practical Framework for Measuring Security and Protecting Data SAP Security and Risk Management, 2nd Edition by Lance Hayden by Mario Linkies and Horst Karin IT Security Metrics provides a comprehensive approach to measuring risks, threats, operational activities, and the effectiveness of data protection in your organization. The book explains how to choose and design effective measurement strategies and addresses the data requirements of those strategies. The Security Process Management Framework is introduced and analytical strategies for security metrics data are discussed. You’ll learn how to take a security metrics program and adapt it to a variety of organizational contexts to achieve continuous security improvement over time. Real-world examples of security measurement projects are included in this definitive guide. The revised and expanded second edition of this best-selling book describes all requirements, basic principles and best practices of security for an SAP system. Readers will learn how to protect each SAP component internally and externally while also complying with legal requirements. Furthermore, the book describes how to master the interaction of these requirements to provide a holistic security and risk management solution. Using numerous examples and step-by-step instructions, this book teaches the reader the technical details of implementing security in SAP NetWeaver. • Define security metrics as a manageable amount of usable data • Design effective security metrics • Understand quantitative and qualitative data, data sources, and collection and normalization methods • And much more Member: US $50.00 Non-member: US $60.00 Product Code: 22MSM Comprehensive Description Learn where and how you can secure processes or improve the security of existing SAP systems. This description includes both sample risk potentials with their possible side effects, as well as the corresponding control measures. Tried and Tested Solutions Understand the proven methods of an SAP security strategy, as well as international guidelines and standards. Step-by-step examples describe how to technically implement security solutions. Up-to-Date Information Explore new technologies, as well as SAP products and procedures, and learn how you can integrate them with your risk analysis. SECURE…Insights From the People Who Keep Information Safe by Mary Lou Heastings From across different industries both practitioners and IT providers share their views on a variety of topics, such as the acceleration of change within the information security industry, preparation for the future, the important discussions to have with senior management, and data protection. By showcasing insights from leaders deploying information security initiatives and the IT providers supporting security strategies, this book offers the reader a broad based perspective of what is top of mind today in information security. ERM Navigation Control Map Take advantage of the ERM Navigation Control Map, included as a supplement to the book, which presents the technical, process-oriented, organizational, and legal aspects of SAP components and security solutions. Member: US $70.00 Non-member: US $80.00 Product Code: 2SAPP Member: US $13.00 Non-member: US $23.00 Product Code: 3EA Order online at isaca.org/bookstore Order online at isaca.org/bookstore Security Resources BEST SELLER! The Lure: The True Story of How the Department of Justice Brought Down Two of The World’s Most Dangerous Cyber Criminals, 1st Edition Secrets and Lies: Digital Security in a Networked World 15th Anniversary Edition by Stephen C Schroeder by Bruce Schneier Beginning in the fall of 1999, a number of Internet-related businesses and financial institutions in the United States suffered computer intrusions or “hacks” that originated from Russia. Some of the companies gave in and paid off the hackers. Some decided not to. The hackers responded by shutting down parts of their networks and using stolen credit card numbers to order thousands of dollars’ worth of computer equipment. This anniversary edition, which has stood the test of time as a runaway best-seller provides, a practical, straight-forward guide to achieving security throughout computer networks. No theory, no math, no fiction of what should be working, but isn’t, just the facts. Known as the master of cryptography, Schneier uses his extensive field experience with his own clients to dispel the myths that often mislead IT managers as they try to build secure systems. A much-touted section: Schneier’s tutorial on just what cryptography (a subset of computer security) can and cannot do for them, has received far-reaching praise from both the technical and business community. The Lure is the true, riveting story of how these Russian hackers, who bragged that the laws in their country offered them no threat, and who mocked the inability of the FBI to catch them, were caught by an FBI lure designed to appeal to their egos and their greed. The story of the sting operation and subsequent trial is told for the first time here by the Department of Justice’s attorney for the prosecution. Member: US $24.00 Non-member: US $34.00 Product Code: 115WSL Securing Cloud and Mobility: A Practitioner’s Guide Security Strategies in Windows Platforms and Applications, 2nd Edition by Ian Lin, E.Coleen Coolidge and Paul Hourani by Michael G Solomon Securing Cloud and Mobility: A Practitioner’s Guide explains how to secure the multifaceted layers of private and public cloud deployments as well as mobility infrastructures. With comprehensive coverage that includes network, server, and endpoint security, it provides a strategic view of the security implications of virtualization and cloud computing. More than 90 percent of individuals, students, educators, businesses, organizations, and governments use Microsoft Windows, which has experienced frequent attacks against its well-publicized vulnerabilities. Revised and updated to keep pace with this ever changing field, Security Strategies in Windows Platforms and Applications, Second Edition focuses on new risks, threats, and vulnerabilities associated with the Microsoft Windows operating system. Particular emphasis is placed on Windows XP, Vista, and 7 on the desktop, and Windows Server 2003 and 2008 versions. It highlights how to use tools and techniques to decrease risks arising from vulnerabilities in Microsoft Windows operating systems and applications. The book also includes a resource for readers desiring more information on Microsoft Windows OS hardening, application security, and incident management. With its accessible writing style, and step-by-step examples, this must-have resource will ensure readers are educated on the latest Windows security. For private clouds, it discusses the issues of physical versus logical segmentation, securing orchestration, encryption services, threat intelligence, and identity management. For public clouds, it provides three frameworks for reviewing cloud services: cursory, in-depth, and outsourced. On the mobility side, the text discusses the three major mobile architectures: Apple IOS, Android, and Blackberry. Member: US $80.00 Non-member: US $90.00 Product Code: 58CRC This fascinating story reads like a crime thriller, but also offers a wealth of information that can be used by IT professionals, business managers, lawyers and academics who wish to learn how to protect systems from abuse, and who want to respond appropriately to network incidents. Member: US $15.00 Non-member: US $25.00 Product Code: 19IT The Tangled Web by Michal Zalewski Modern web applications are built on a tangle of technologies that have been developed over time and then haphazardly pieced together. Every piece of the web application stack, from HTTP requests to browser-side scripts, comes with important yet subtle security consequences. To keep users safe, it is essential for developers to confidently navigate this landscape. In The Tangled Web, Michal Zalewski, one of the world’s top browser security experts, offers a compelling narrative that explains exactly how browsers work and why they’re fundamentally insecure. Rather than dispense simplistic advice on vulnerabilities, Zalewski examines the entire browser security model, revealing weak points and providing crucial information for shoring up web application security. Member: US $50.00 Non-member: US $60.00 Product Code: 2CSTW Order online at isaca.org/bookstore Member: US $102.00 Non-member: US $112.00 Product Code: 3JBSS2 Security Metrics: A Beginner’s Guide by Caroline Wong Learn how to communicate the value of an information security program, enable investment planning and decision making, and drive necessary change to improve the security of the enterprise. Security Metrics: A Beginner’s Guide explains, step by step, how to develop and implement a successful security metrics program. This practical resource covers project management, communication, analytics tools, identifying targets, defining objectives, obtaining stakeholder buy-in, metrics automation, data quality, and resourcing. The reader will also get details on cloud-based security metrics and process improvement. Templates, checklists, and examples give the reader the hands-on help needed to get started right away. Member: US $40.00 Non-member: US $50.00 Product Code: 28MSM Order online at isaca.org/bookstore Security Resources The Browser Hacker’s Handbook by Wade Alcorn, Christian Frichot, Michele Orru The Browser Hacker’s Handbook gives a practical understanding of hacking the everyday web browser and using it as a beachhead to launch further attacks deep into corporate networks. Written by a team of highly experienced computer security experts, the handbook provides hands-on tutorials exploring a range of current attack methods. With attacks on the rise, companies are increasingly employing browser-hardening techniques to protect the unique vulnerabilities inherent in all currently used browsers. The Browser Hacker’s Handbook thoroughly covers complex security issues and explores relevant topics such as: • Bypassing the Same Origin Policy • ARP spoofing, social engineering, and phishing to access browsers • DNS tunneling, attacking web applications, and proxying-all from the browser • And many more Member: US $44.00 Non-member: US $54.00 Product Code: 117WBH Order online at isaca.org/bookstore The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk by N.K. McCarthy, Matthew Todd, Jeff Klaben Reinforce your organization’s security posture using the expert information contained in this tactical guide. The Computer Incident Response Planning Handbook: Executable Plans for Protecting Information at Risk shows you how to build and manage successful response plans for the cyber incidents that have become inevitable for organizations of any size. Find out why these plans work. Learn the step-by-step process for developing and managing plans built to address the wide range of issues organizations face in times of crisis. • Contains the essentials for developing both data breach and malware outbreak response plans—and best practices for maintaining those plans • Features ready-to-implement CIRPs—derived from living incident response plans that have survived the rigors of repeated execution and numerous audits, and much more. Member: US $60.00 Non-member: US $70.00 Product Code: 33MCIR The Fifth Domain—Wake Up Neo Using Social Media for Global Security by Giuliano Pozza,John D. Halamka by Ravi Gupta, Hugh Brooks A book written by two CIOs (Chief Information Officers): a novel about the breath-taking fight of Tommaso, Ned, Martin, Myriam and Diana against a destructive cyber-attack menacing the lives of thousands of patients, intertwined with real life experiences about building and managing healthcare information systems. As entertaining as a novel, as real as real life can be: a way to enter the world of information technology and to approach some of the big themes about security threats, IT governance, IT architectures, cloud computing and IT risks. Essential reading for cybersecurity professionals, security analysts, policy experts, decision-makers, activists, and law enforcement! A note of caution: the book is for many but not for all. We strongly suggest it should be read only by anyone who happens to be a technology or an Internet user. Moreover, the book should be read and used as a call to action only by CEOs and top executives who by chance use information technologies in their companies. Member: US $18.00 Non-member: US $28.00 Product Code: 3CSFD Using Social Media for Global Security offers pages of instruction and detail on cutting-edge social media technologies, analyzing social media data, and building crowdsourcing platforms. The book teaches how to collect social media data and analyze it to map the social networks of terrorists and sex traffickers, and forecast attacks and famines. You will learn how to coalesce communities through social media to help catch murderers, coordinate disaster relief, and collect intelligence about drug smuggling from hard-to-reach areas. Also highlighting dramatic case studies drawn from the headlines, this crucial book is a must-read. • Illustrates linguistic, correlative, and network analysis of OSINT • Examines using crowdsourcing technologies to work and engage with populations globally to solve security problems, and more. Member: US $40.00 Non-member: US $50.00 Product Code: 106WUS Order online at isaca.org/bookstore Security Resources Wireless Network Security A Beginner’s Guide Configuration Management: Using COBIT® 5 by Tyler Wrightson by ISACA Security Smarts for the Self-Guided IT Professional Enterprises continuously experience changes; driven by both external and internal forces. When changes occur in one part of the enterprise without proper communication and coordination, signs of malfunction are likely to manifest as business disruptions, inefficiencies and potential financial losses. Configuration management (CM) reduces the risk of these malfunctions as part of a strategy to manage internal enterprise changes and minimize unforeseen impacts. Protect wireless networks against all real-world hacks by learning how hackers operate. Wireless Network Security: A Beginner’s Guide discusses the many attack vectors that target wireless networks and clients—and explains how to identify and prevent them. Actual cases of attacks against WEP, WPA, and wireless clients and their defenses are included. Wireless Network Security: A Beginner’s Guide features: • Lingo—Common security terms defined so that you’re in the know on the job • IMHO—Frank and relevant opinions based on the author’s years of industry experience • In Actual Practice—Exceptions to the rules of security explained in real-world contexts • Your Plan—Customizable checklists you can use on the job now • Into Action—Tips on how, why, and when to apply new skills and techniques at work Member: US $40.00 Non-member: US $50.00 Product Code: 30MWNS The purpose of this publication is to help enterprises create a homogenous view of CM and implement a sustainable process. This publication describes the most important challenges and formulates mitigating actions that are supported by COBIT® 5 practices to manage configuration successfully. “THIS IS THE INFORMATION AGE. ISACA KEEPS ME MORE INFORMED.” —OPEYEMI ONIFADE, CISA, CISM, CGEIT Print Member: US $30.00 Non-member: US $55.00 Product Code: CB5CM PRACTICE LEADER, AFENOID ENTERPRISE, LTD ABUJA, NIGERIA ISACA MEMBER SINCE 2010 eBook Product Code: WCB5CM Free Member Download Connect with a global community of more than 140,000 innovators, leaders and passionate professionals in IS and IT. Leverage standards, best practices and expert insights into the rapidly evolving IT landscape. Be more informed, inspired, skilled and successful every day of your career. LIKE BOOKS? Consider the real value of an ISACA membership. Over 575 FREE e-Book downloads available for ISACA members, including: • Securing Mobile Devices • Responding to Targeted Cyberattacks And hundreds MORE! Need CPEs? For less than $200 annually*, membership also offers over 70 FREE CPE hours each year—Well more than the required 40 annual hours needed to maintain your certification at an unbeatable price. *Contingent on regional chapter dues. More than 90% of all ISACA memberships are under $200. Networking | Standards | Insights | Member Savings | Free CPEs | COBIT ® 5 Order online at isaca.org/bookstore 3701 Algonquin Road, Suite 1010 Rolling Meadows, IL 60008 USA Contact the ISACA Bookstore E-mail: bookstore@isaca.org Tel: +1.847.660.5650 Fax: +1.847.253.1443
