Information Security

One of the least understood countries in the world, North Korea has long been known for its repressive regime. Yet it is far from being an impenetrable black box. Media flows covertly into the country, and fault lines are appearing in the government's sealed informational borders. Drawing on deeply personal interviews with North Korean defectors from all walks of life, ranging from propaganda artists to diplomats, Jieun Baek tells the story of North Korea's information underground.

Embark on a journey towards securing excellence in information security with "Securing Excellence: A Guide to ISO 27001:2022 Information Security Standards." This comprehensive guide serves as your roadmap to success, offering leaders a simplified approach to understanding and implementing ISO 27001 and Information Security Management System (ISMS) requirements. Comprehensive Coverage: Dive into the latest edition of ISO 27001:2022 and gain a comprehensive understanding of information security standards and requirements. From risk assessment to control implementation, this guide covers all ...

The information security industry is undergoing a major change, forced by the rise of end-to-end encryption, encryption that cannot be intercepted, transport protocol stack evolution, "zero trust networks", and distributed computing. While we understand the logical connections between these trends, there is little analysis of all of these trends in combination. Examination of all five trends uncovers opportunities that not only improve the state of information security and the general posture, but also lead to resource reductions necessary for information security to be sustainable.

This book analyzes the evolution of Russian military thought and how Russia's current thinking about war is reflected in recent crises. What Jonsson reveals is that Russia's conception of the very nature of war is now changing, as Russian elites see information warfare and political subversion as the most important ways to conduct contemporary war. Since information warfare and political subversion are below the traditional threshold of armed violence, this has blurred the boundaries between war and peace.

"Conquer the CISSP Exam: Your Guide to Success as a Certified Information Systems Security Professional" is your comprehensive resource for mastering the Certified Information Systems Security Professional (CISSP) exam. This guide offers a deep dive into each of the eight CISSP domains, providing clear explanations and practical insights to ensure you understand and can apply key concepts. Covering topics such as Security and Risk Management, Asset Security, Security Engineering, Communications and Network Security, Identity and Access Management, Security Assessment and Testing, Security ...

Unlock the secrets to mastering the NIST 800 risk management process in record time with this powerful 2-in-1 bundle! Introducing Information Systems Security NIST 800 2-in-1, featuring both RMF ISSO Foundation Guide and RMF ISSO: NIST 800-53. This comprehensive series is your ultimate roadmap to success, designed to simplify the complexities of NIST 800-53 security controls and show you the actionable steps required throughout the RMF process.

In the relentless cyber war, understanding that every individual and organization is a target is crucial. In this book, I offer a groundbreaking perspective on cybersecurity risk management, addressing a core issue: despite increased legislation and frameworks, massive breaches continue. Why? The problem often lies in ineffective or non-existent risk assessment and management, resulting in an ineffective cybersecurity program. Enter Heuristic Risk Management (HRM), a method I developed that is simple, intuitive, and highly effective. HRM cuts through the complexity of quantitative ...

Edward Snowden, the man who risked everything to expose the US government’s system of mass surveillance, reveals for the first time the story of his life, including how he helped to build that system and what motivated him to try to bring it down.

As information security professionals, risk evaluation and mitigation are the key parts of our job. Dealing with risk is the theme of our roles, be it as firewall engineers, auditors, penetration testers, management, etc. The key functions of the Security and Risk Management domain are risk analysis and mitigation as well as ensuring the best organizational structure for a robust information security system is in place. In this area of expertise, it’s the quality of the people that can make or break an organization. By “quality of the people”, we mean knowledgeable and experienced ...

Are you ready to revolutionize your organization’s approach to cybersecurity and learn GRC? In a world where threats evolve faster than ever, achieving robust Governance, Risk Management, and Compliance (GRC) is no longer optional—it’s essential. Yet, countless organizations struggle to bridge the gap between lofty compliance standards and practical implementation. Imagine having a proven roadmap that transforms the complexities of cybersecurity frameworks into a clear, actionable plan tailored to your organization’s unique needs while giving you a practical understanding of GRC. ...

In The DevSecOps Playbook: Deliver Continuous Security at Speed, the chief information and information security officer at Wiley, Sean D. Mack, delivers an insightful and practical discussion of how to keep your business secure. You'll learn how to leverage the classic triad of people, process, and technology to build strong cybersecurity infrastructure and practices. You'll also discover the shared responsibility model at the core of DevSecOps as you explore the principles and best practices that make up contemporary frameworks.

It’s easy to find descriptions of what threat intelligence is. But it’s harder to learn how to use it to truly make your organization safe from cybercriminals. How can threat intelligence strengthen all the teams in a cybersecurity organization? This audiobook answers this question. It reviews the kinds of threat intelligence that are useful to security teams and how each team can use that intelligence to solve problems and address challenges.

Are You Ready to Master the CompTIA Security+ and Elevate Your IT Security Career? In an era where digital threats loom large and cybersecurity skills are in high demand, simply understanding the basics isn’t enough. SysAdmins and IT professionals face a constant challenge: staying ahead of evolving cyber threats while effectively managing complex security protocols. Navigating the intricate landscape of IT security can be overwhelming. Are you equipped to protect sensitive data against sophisticated cyber-attacks? Can you confidently implement and manage robust security systems? Failing ...

Hardening AWS" is a comprehensive guidebook that provides AWS customers with practical advice and best practices for securing their cloud infrastructure. The book covers various topics related to AWS security, including identity and access management, network security, instance security, data security, application security, incident response, disaster recovery, compliance, and governance.

We live in the age of disinformation - of organized deception. Spy agencies pour vast resources into hacking, leaking, and forging data, often with the goal of weakening the very foundation of liberal democracy: trust in facts. Thomas Rid, a renowned expert on technology and national security, was one of the first to sound the alarm, even before the 2016 election. But this is not new. The story of modern disinformation begins with the clash between communism and capitalism after the Russian Revolution.

The Pentester BluePrint: Starting a Career as an Ethical Hacker offers listeners a chance to delve deeply into the world of the ethical, or "white-hat" hacker. Accomplished pentester and author Phillip L. Wylie and cybersecurity researcher Kim Crawley walk you through the basic and advanced topics necessary to understand how to make a career out of finding vulnerabilities in systems, networks, and applications.

Fundamentals, Networking, Threats, Attacks, Systems and many more - How to Prepare and Succeed. This book is a comprehensive guide to answering core cybersecurity questions that may arise during job interviews for a cybersecurity engineer or consultant position. It covers essential concepts and terminology expected to be known and understood by candidates, helping them become more confident in describing and demonstrating their knowledge during interviews. With this book, readers can verify their knowledge before their interview, identify areas they need to strengthen, and gain a solid ...

Dive into the world of ethical hacking and cybersecurity with Shimon Brathwaite's enlightening guide, "How to Make a Living Hacking Computers." This book demystifies the path to becoming a professional hacker - not one who breaks into systems with malicious intent, but a skilled expert who is hired to find vulnerabilities and strengthen the security of digital infrastructures. Brathwaite, with his extensive experience in the field, offers a comprehensive look into the various aspects of ethical hacking. Whether you're a complete novice curious about the field or a tech enthusiast looking to...

In this updated edition, the authors show you how zero trust lets you focus on building strong authentication, authorization, and encryption throughout, while providing compartmentalized access and better operational agility. You'll learn the architecture of a zero trust network, including how to build one using currently available technology.

Navigating the complex terrain of SOC2 compliance can be a daunting task. "A Step-by-Step Guide to SOC2 Type 1 Attestation and Type 2 Certification" is your trusted companion on this journey, offering a comprehensive, accessible, and practical roadmap to achieving and maintaining SOC2 compliance. Penned by renowned information security expert, Russell D. Nomer, CISSP, this guide leverages over 30 years of experience and delivers invaluable insights in an engaging and reader-friendly manner. From understanding the importance of SOC2 attestation to conducting successful audits and mitigating ...