Internet safety books
Let’s start at the beginning. What is information security?
Information security is the process of ensuring the confidentiality, integrity and availability of information.
Confidentiality: Ensuring that only authorized users have access to information.
Integrity: Ensuring that the information and how it is processed is accurate and complete.
Accessibility: Ensuring that information and related assets are available to authorized users as needed.
We have prepared for you a small list of literature on information security, there are 9 books in this post (7 in Russian and 2 in English), we will continue to publish the rest later or you can search for them on our site.
- Blinov – Information Security The textbook deals with the current state of affairs in the field of information security. Basic terms and definitions are given in accordance with normative legal documents adopted in Russia. One of the chapters is devoted to the review of international evaluation standards in the field of information security. The issues of building secure information systems based on the application of mathematical models are covered. This textbook is intended for senior students of specialty “Applied informatics in economics”. It is the first theoretical part of the cycle of textbooks on information security.
- Boris Bazer – Black Box Testing
Dr. Beiser’s book “Black-box testing” has long been recognized as a classic work in the field of behavioral testing of various systems. It deeply reviews the main issues of software testing, which allows you to find the maximum number of bugs while spending as little time as possible. The basic testing techniques, covering all the aspects of software development, are described in details. Methodicalness and vastness of coverage make this book an indispensable aide for checking proper operation of software solutions. It is intended for software testers and programmers who wish to improve the quality of their work. - Alexey Petrovsky – Effective Hacking for Beginners and Beyond
Now this is our world… the world of electronics, change and the beauty of pods. We use the services we already have, without even paying for something that can be very cheap, and you can call us criminals. We explore… We exist without color, without nationality, without religious bias… You build atomic bombs, you fight wars, you kill, you lie to us, and you try to make us believe your own actions, we are still criminals. Yes, I am a criminal. My crimes are for curiosity’s sake. From the way people talk and think, my crimes don’t look pleasant. My crimes are to outsmart you so that you will never forgive me. I am a hacker and this is my manifesto. You can stop me, but you can’t stop all of us… - Gorbatov and Polyanskaya – Fundamentals of PKI Technology
The basics of public key infrastructures technology are covered. Basic definitions are given. Analyzes the basic approaches to implementing public key infrastructures, describes the architecture, data structures, components and services of PKI. It offers a classification of standards and specifications in the field of public key infrastructures. Problem situations and risks, PKI policy, legal aspects of using PKI technology are discussed. Describes the software products of the leading global and Russian software companies that produce software to support PKI (as of the date of the first edition of the book). For undergraduate and graduate students of universities, students of training courses, as well as for a wide range of readers interested in the modern problems of information security. - Petrenko and Kurbatov – Company Security Policies When Working on the Internet
The book is the first complete Russian-language practical guide to information security policies in domestic companies and organizations, and differs from other sources, mostly published abroad, in that it consistently outlines all the basic ideas, methods and ways of practical solution for developing, implementing and maintaining security policies in various Russian state and commercial structures. The book can be useful to the heads of automation services (CIO) and information security services (CISO), responsible for approval of security policies and organization of the information security regime; internal and external auditors (CISA); managers of the highest echelon of company management (TOR-managers), who have to develop and implement security policies in the company; security administrators, system and network administrators, database administrators, who are responsible for compliance with security rules in domestic corporate organizations. The book can also be used as a teaching aid by undergraduate and graduate students of relevant technical specialties. - Mikhailov and Zhukov – Protecting Mobile Phones from Attack
This book is devoted to the security of mobile devices. More than 40 variants of malicious actions with the help of which criminals steal confidential data, illegally withdraw money or listen to telephone conversations are considered in the book. Most of the vulnerabilities discussed were previously unknown to the general public. The reader will get acquainted with the main signs of attacks on your phone, as well as learn what you should do not to become a victim of fraudsters. Arguments are given that show the reality of implementing the threats in question. At the same time, in order not to provoke cheaters to criminal actions, information is not given about which mobile devices are imperfect in terms of security, as well as how these vulnerabilities can be exploited. The book is intended for a wide range of readers and will be useful to both information protection specialists and ordinary cell phone users. - Sutton, Green, Amini – Fuzing: Exploring Vulnerabilities by Brute Force
Fuzzing is the process of sending intentionally incorrect data into an object under investigation in order to cause a failure or error situation. There are no real rules for phasing. It is a technique in which success is measured solely by test results. For any single product, the amount of input data can be infinite. Fuzzing is a process of predicting what kinds of software errors a product may have, what kinds of input values will cause these errors. Thus, phasing is more of an art than a science. The present book is the first attempt to do justice to phasing as a technology. The knowledge given in the book is enough to start phasing new products and building your own effective phasers. The key to effective phasing is knowing what data to use and for which products and what tools are needed to manage the phasing process. The book is of interest to a broad audience, both those readers who know nothing about phasing and those who already have substantial experience.
The book explains:
* Why phasing simplifies test development and catches errors that are difficult to detect using other methods
* How to organize phasing: from identifying the input data to evaluating the usability of a product
What is needed for successful phasing
* How to create and implement a smart failure detection mechanism
* What is the difference between mutational phasing and generative phasing
* How to automate the phasing of program arguments and environment variables
* What is the best way to phase data in RAM
* How to develop your own interface and applications of phasing - Kord Davis — Ethics of Big Data
What are your organization’s policies for generating and using huge datasets full of personal information? This book examines ethical questions raised by the big data phenomenon, and explains why enterprises need to reconsider business decisions concerning privacy and identity. Authors Kord Davis and Doug Patterson provide methods and techniques to help your business engage in a transparent and productive ethical inquiry into your current data practices. Both individuals and organizations have legitimate interests in understanding how data is handled. Your use of data can directly affect brand quality and revenue—as Target, Apple, Netflix, and dozens of other companies have discovered. With this book, you’ll learn how to align your actions with explicit company values and preserve the trust of customers, partners, and stakeholders.
