This comprehensive introduction to the information security field covers the industry’s essential concepts, using real-world security breaches to illustrate key lessons.
"An excellent starting point for future security professionals.”
—Help Net Security
Cybersecurity is a huge field, and breaking in can feel overwhelming. Where do you start when the territory spans everything from cryptography to cloud security to social engineering?
In Foundations of Cybersecurity, you’ll learn how security professionals actually think about protecting systems. You’ll start with core principles like authentication, authorization, and access control, then build outward into network defense, operating system hardening, application security, and security operations.
Each chapter introduces concepts in context, showing how they connect to real decisions you’ll face on the job.
This updated second edition covers:
- How attackers think: the threat landscape, social engineering tactics, and the kill chain
- How defenders respond: SOC operations, incident response, and vulnerability assessment
- The business side: governance, risk management, compliance frameworks, and penetration testing
- Securing what’s new: AI systems, IoT devices, and cloud-native architectures
- Building your career: paths into security, certifications that matter, and the soft skills that separate good analysts from great ones
Hands-on projects throughout will have you apply what you’ve learned, from classifying real threat actors to designing detection rules to building a security awareness program.
Whether you’re coming from IT or a completely different field, this book gives you the conceptual foundation to understand what cybersecurity professionals do, why they do it, and how to become one.
Inhaltsverzeichnis
Acknowledgments
Introduction
PART I: CORE PRINCIPLES
Chapter 1: What Is Cybersecurity?
Chapter 2: The Threat Landscape
Chapter 3: Identification and Authentication
Chapter 4: Authorization and Access Controls
Chapter 5: Auditing and Accountability
Chapter 6: Cryptography
PART II: ARCHITECTURE, INFRASTRUCTURE, AND SYSTEM SECURITY
Chapter 7: Security Architecture
Chapter 8: Network Security
Chapter 9: Operating System Security
Chapter 10: Mobile, Embedded, and Internet of Things Security
Chapter 11: Application Security
Chapter 12: AI Security
PART III: SECURITY OPERATIONS AND MANAGEMENT
Chapter 13: SecOps, the SOC, and Incident Response
Chapter 14: Governance, Risk, and Compliance
Chapter 15: Vulnerability Assessments and Penetration Testing
PART IV: HUMAN FACTORS AND PROFESSIONAL DEVELOPMENT
Chapter 16: Social Engineering
Chapter 17: Security Awareness
Chapter 18: So You Want to Be a Security Professional
Notes
Index
