安全之美

图书标准信息

• 作者 [美]奥莱姆、[美]卫加 著
• 出版社 东南大学出版社
• 出版时间 2010-06
• 版次 1
• ISBN 9787564122713
• 定价 52.00元
• 装帧 平装
• 开本 16开
• 纸张 胶版纸
• 页数 281页
• 字数 464千字
• 正文语种 英语
• 原版书名 Beautiful Security: Leading Security Experts Explain How They Think

【内容简介】

尽管大多数人在他们个人或者公司的系统没有遭到攻击之前不会给予安全高度的重视，这本充满激辩的书籍依然表明了数字安全不仅仅是值得思考而已，它还是一个可以令人陶醉的话题。罪犯通过大量富有创造力的行为得以成功，防御方也需要付出同等的代价。
本书通过一些有着深刻见解的文章和分析探索了这样一个具有挑战性的主题，其内容包括：
个人信息的秘密机制：它如何工作，罪犯之间的关系，以及一些他们针对被掠食对象发起突袭时所使用的新方法
社交网络、云计算和其他流行趋势如何帮助和伤害我们的在线安全
衡量标准、需求收集、设计和法律如何能够把安全提升到一个更高的高度
PGP真实又少为人知的历史

【目录】

PREFACE
1PSYCHOLOGICALSECURITYTRAPS
byPelter"Mudge"Zatko
LearnedHelplessnessandNaTvete
ConfirmationTraps
FunctionalFixation
Summary

2WIRELESSNETWORKING：FERTILEGROUNDFORSOCIALENGINEERING
byJimStikley
EasyMoney
WirelessGoneWild
Still，WirelessIstheFuture

3BEAUTIFULSECURITYMETRICS
byElizabethA.Nichols
SecurityMetricsbyAnalogy：Health
SecurityMetricsbyExample
Summary

4THEUNDERGROUNDECONOMYOFSECURITYBREACHES
byChenxiWang
TheMakeupandInfrastructureoftheCyberUnderground
ThePayoff
HowCanWeCombatThisGrowingUndergroundEconomy？
Summary

5BEAUTIFULTRADE：RETHINKINGE-COMMERCESECURITY
byEdBellis
DeconstructingCommerce
WeakAmeliorationAttempts
E-CommerceRedone：ANewSecurityModel
TheNewModel

6SECURINGONLINEADVERTISING：RUSTLERSANDSHERIFFSINTHENEWWILDWEST
byBenjaminEdelman
AttacksonUsers
AdvertisersAsVictims
CreatingAccountabilityinOnlineAdvertising

7THEEVOLUTIONOFPGPSWEBOFTRUST
byPhilZimmermannandJonCallas
PGPandOpenPGP
Trust，Validity，andAuthority
PGPandCryptoHistory
EnhancementstotheOriginalWebofTrustModel
InterestingAreasforFurtherResearch
References

8OPENSOURCEHONEYCLIENT：PROACTIVEDETECTIONOFCLIENT-SIDEEXPLOITS
byKathyWang
EnterHoneyclients
IntroducingtheWorldsFirstOpenSourceHoneyclient
Second-GenerationHoneyclients
HoneyclientOperationalResults
AnalysisofExploits
LimitationsoftheCurrentHoneyclientImplementation
RelatedWork
TheFutureofHoneyclients

9TOMORROWSSECURITYCOGSANDLEVERS
byMarkCurphey
CloudComputingandWebServices：TheSingleMachineIsHere
ConnectingPeople，Process，andTechnology：ThePotentialforBusinessProcessManagement
SocialNetworking：WhenPeopleStartCommunicating，BigThingsChange
InformationSecurityEconomics：SupercrunchingandtheNewRulesoftheGrid
PlatformsoftheLong-TailVariety：WhytheFutureWillBeDifferentforUsAll
Conclusion
Acknowledgments

10SECURITYBYDESIGN
byJohnMcManus
MetricswithNoMeaning
TimetoMarketorTimetoQuality？
HowaDisciplinedSystemDevelopmentLifecycleCanHelp
Conclusion：BeautifulSecurityIsanAttributeofBeautifulSystems

11FORCINGFIRMSTOFOCUS：ISSECURESOFTWAREINYOURFUTURE？
by，liraRouth
ImplicitRequirementsCanStillBePowerful
HowOneFirmCametoDemandSecureSoftware
EnforcingSecurityinOff-the-ShelfSoftware
Analysis：HowtoMaketheWorldsSoftwareMoreSecure

12OHNO，HERECOMETHEINFOSECURITYLAWYERS！
byRandyV.Sabett
Culture
Balance
Communication
DoingtheRightThing

13BEAUTIFULLOGHANDLING
byAntonChuuakin
LogsinSecurityLawsandStandards
FocusonLogs
WhenLogsAreInvaluable
ChallengeswithLogs
CaseStudy：BehindaTrashedServer
FutureLogging
Conclusions

14INCIDENTDETECTION：FINDINGTHEOTHER68%
byGrantGeyerandBrianDunphy
ACommonStartingPoint
ImprovingDetectionwithContext
ImprovingPerspectivewithHostLogging
Summary

15DOINGREALWORKWITHOUTREALDATA
byPeterWayner
HowDataTranslucencyWorks
AReal-LifeExample
PersonalDataStoredAsaConvenience
Trade-offs
GoingDeeper
References

16CASTINGSPELLS：PCSECURITYTHEATER
byMichaelWoodandFernandoFrancisco
GrowingAttacks，DefensesinRetreat
TheIllusionRevealed
BetterPracticesforDesktopSecurity
Conclusion
CONTRIBUTORS
INDEX