Most organizations place a high priority on keeping data secure, but not every organization invests in training its engineers or employees in understanding the security risks involved when using or developing technology. Designed for the non-security professional, What Every Engineer Should Know About Cyber Security and Digital Forensics is an overview of the field of cyber security.
Exploring the cyber security topics that every engineer should understand, the book discusses:
- Network security
- Personal data security
- Cloud computing
- Mobile computing
- Preparing for an incident
- Incident response
- Evidence handling
- Internet usage
- Law and compliance
- Security and forensic certifications
Application of the concepts is demonstrated through short case studies of real-world incidents chronologically delineating related events. The book also discusses certifications and reference manuals in the area of cyber security and digital forensics.
By mastering the principles in this volume, engineering professionals will not only better understand how to mitigate the risk of security incidents and keep their data secure, but also understand how to break into this expanding profession.
Table of Contents:
Security Threats. Social Engineering. Travel. Mobile Devices. Internet. The Cloud. Cyber Physical Systems. Theft. Cyber Security and Digital Forensics Careers. Career Opportunities. Certifications. Cyber Security. Information Security. Security Architecture. Access Controls. Cryptography. Network and Telecommunications Security. Operating System Security. Software Development Security. Database Security. Business Continuity and Disaster Recovery. Physical Security. Legal, Regulations, Compliance, and Investigations. Operations Security. Information Security Governance and Risk Management. Preparing for an Incident. Risk Identification. Host Preparation. Network Preparation. Establishing Appropriate Policies and Procedures. Establishing an Incident Response Team. Preparing a Response Toolkit. Training. Incident Response and Digital Forensics. Incident Response. Incident Response for Cloud Computing. Digital Forensics. Mobile Phone Forensics. The Law. Compliance. Laws for Acquiring Evidence. Evidence Rules. E-discovery. Case Law. Theory to Practice. Case Study 1: It Is All Fun and Games until Something. Gets Deleted. Case Study 2: How Is This Working for You?. Case Study 3: The Weakest Link.
About the Author :
Joanna DeFranco is an assistant professor of software engineering and a member of the graduate faculty at Penn State University. She has also held academic positions at New Jersey Institute of Technology and Cabrini College. Prior to her academic career, she spent many years as a software engineer for government and industry. Notable experiences during this period included traveling the world on naval scientific ships that collected ocean floor map data and worked on the development of cable head-end devices for Motorola. She has written many journal articles and contributed to conference proceedings on effective software and systems engineering problem solving, as well as digital forensics. She has also coauthored a project management book.
Dr. DeFranco is a certified computer forensics examiner (CCFE) and teaches computer and cyber forensics at Penn State. She also teaches courses on software engineering, project management, and problem solving, which have all had an influence on her perspective of cyber security and digital forensics. She is on the curriculum advisory board for computer forensics at Middle Bucks Institute of Technology and is a member of the American Society for Engineering Education (ASEE). She earned a BS in electrical engineering from Penn State, an MS in computer engineering from Villanova University, and a PhD in computer and information science from New Jersey Institute of Technology.
Review :
"Professor DeFranco has taken a very complex subject and distilled the knowledge into a very effective guide … [and] has chosen a series of topics that connect to the real world of cyber security, incident response, and investigation. I think the book will make a valuable resource tool for anyone looking to get involved in the field, as well as those with years of experience."
—Robert L. Maley, Founder, Strategic CISO
