Click on a book cover for more information or to order.
SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--when you checkout.
McAfee Labs June 2014 Threats Report: Top Four Security Threats You Need to Know
The June 2014 McAfee Labs Threats Report details four hot topics in today’s dynamic threat landscape. Learn about two aspects of the growing mobile malware menace, the real winners in virtual currency mining botnets, and the expected resurgence of rootkits.
Machine-to-Machine Communications: Architectures, Technology, Standards, and Applications
Edited by Vojislav B. Misic and Jelena Misic, this book offers rigorous treatment of the many facets of M2M communication, including its integration with current technology. Presenting the work of a different group of international experts in each chapter, the book begins by supplying an overview of M2M technology. It considers proposed standards, cutting-edge applications, architectures, and traffic modeling and includes case studies that highlight the differences between traditional and M2M communications technology. After reading this book, you'll develop the understanding required to solve problems related to the design, deployment, and operation of M2M communications networks and systems.
An Overview of the NoSQL World
Recently, a new generation of low-cost, high-performance database software, aptly named as NoSQL (Not Only SQL), has emerged to challenge the dominance of RDBMS. This excerpt from Large Scale and Big Data: Processing and Management explores NoSQL Key Systems and NoSQL Open Source Projects.
Heartbleed Disclosure Timeline InfoGraphic
This infographic looks at the vulnerability from March 21-April 7 from the perspective of NCSC-FI, Codenomicon, Google, Open SSL and other providers. In addition to the factual timeline, there is some analysis/commentary as well.
This report is based on Arthur D. Little’s survey of 50 market experts in Europe, as well as comprehensive secondary market research. This report provides an overview of the digital signature technology, its current and potential market, as well as the benefits and challenges it brings. It also presents examples of practical applications of digital signature solutions.
Data classification is the practice of assigning information into predefined groups where each group has a common risk and corresponding security controls. This excerpt from JJ Stapleton's Security without Obscurity: A Guide to Confidentiality, Authentication, and Integrity discusses how information can be organized into categories based on its impact of unauthorized disclosure due to insider or outsider threats. It also discusses the concept of data tagging of other attributes that affect data management.
Anonymity in Network Communication
In today’s interactive network environment, where various types of organizations and indiviudals are eager to monitor and track Internet use, anonymity is one of the most powerful resources available to counterbalance the threat of unknown spectators and to ensure Internet privacy. Find out more in this excerpt from Anonymous Communication Networks: Protecting Privacy on the Web by Kun Peng.
This month's issue of IT Performance Improvement focuses on Big Data. David Garmus provides "A Guide to Sizing and Estimating Projects." Michael West discusses how to measure the effects of process improvement. Carl Lehmann provides an overview of Kaplan and Norton's Balanced Scorecard. Also in this issue, Marco Sampietro and Tiziano Villa on "Reducing Change on Projects" and Nancy Settle-Murphy and Beatrice Briggs on building consensus.
Future Trends in WAN Security
This is an excerpt from Intrusion Detection in Wireless Ad-Hoc Networks edited by Nabendu Chaki and Rituparna Chaki.
Security Issues in Machine-to-Machine Communication
This is an excerpt from Security for Multihop Wireless Networks edited by Shafiullah Khan and Jaime Lloret Mauri.
The Hybrid (Frugal) CISO
This excerpt from Kerry Ann Anderson's The Frugal CISO: Using Innovation and Smart Approaches to Maximize Your Security Posture presents theFrugal CISO as a hybrid professional. Frugal CISOs possess a diverse set of qualities and is adaptable in choosing to utilize them depending upon the specific circumstances in which they are operating. Being able to adapt to a variety of environments and circumstances is fundamental to information security that is dynamic and constantly under pressure to securely manage new technical innovations.
Knowledge Management and e-Learning: Putting Theory into Practice
Knowledge management and e-learning have synergistic effects. They both contain elements of leveraging knowledge internally and externally, and both could add to the strategic intelligence of the organization. The combination of these two areas is just starting to evolve, per the evidence of the Knowledge Management & E-Learning journal and the recent book publication of Knowledge Management and E-Learning. Closer attention is warranted in the integration of these fields in order to advance the current state-of-the-art. In this presentation, Jay Liebowitz talks about these areas from a strategic intelligence framework, and will show examples of how you can translate the theory into practice.
Killer Music: Hackers Exploit Vulnerabilities in Media Players to Infect User Machines with Advanced Malware
Listening to music can have a positive impact on our brain. And of course, music improves our mood because it triggers the release of the "pleasure chemical" Dopamine. But what most organizations don't realize is that, while music can have a positive impact on its employees, the media players employees use to listen to their music of choice, or watch videos, can expose them, their machines, and their organization to risk of exploits and advanced malware infections.
SDN/OpenFlow: Concepts and Applications
From the Internet to many data center applications, SDN has found a wide array of useful possibilities. Everyone seems to be talking about SDN and OpenFlow, but what do they really know? Is it the panacea the media proclaims? In this excerpt from Network Innovation through OpenFlow and SDN: Principles and Design, Ashley Gerrity and Fei Hu discuss SDN's many applications, including researching new protocols prior to implementing them in real networks, increasing connectivity in rural environments, making both cloud-based and regular data centers better, and supporting mobile device offloading.
Internet Exploitation: The Web, Your Computer, Your IT System
In this excerpt from Trade Secret Theft, Industrial Espionage, and the China Threat, Carl Roper details vulnerabilities and attacks from hardware, software, and firmware (supply chain security issues) as well as network attacks.
In the latest issue of IT Performance Improvement, Bud E. Smith on ways to reduce resources. Gil Held with practical tips for saving electricity. Geg Schulz on implementing a green and virtual data center. Dan Minoli provides metrics for measuring electricity use. Also in this issue: Nancy Settle-Murphy on the constructive and creative power of team conflict.
Mobile Medical Devices
This is an excerpt from Chapter 6 of Wi-Fi Enabled Healthcare by Ali Youssef, Douglas McDonald II, Jon Linton, Bob Zemke, and Aaron Earle.
Before You Decide to Outsource
This is an excerpt from Chapter 3 of Managing Risk and Security in Outsourcing IT Services: Onshore, Offshore and the Cloud by Frank Siepmann.
Fundamentals of Complex Networks
This is an excerpt from Evolutionary Dynamics of Complex Communications Networks by Vasileios Karyotis, Eleni Stai, and Symeon Papavassiliou.
New Series on Critical Infrastructure and Cybersecurity Engineering
Edited by Ross Leo, Chief Systems and Security Architect at Cirrus Informatics, Inc., the objectives of this series include providing timely, well-researched, and informative pieces on the specific areas and issues associated with safeguarding America's critical infrastructures.
Maintaining Professional Certification
This is an excerpt from The Basics of Achieving Professional Certification: Enhancing Your Credentials by Willis H. Thomas.
Using PhoneGap Build
This is an excerpt from PhoneGap Build: Developing Cross Platform Mobile Applications in the Cloud by Bintu Harwani.
Leadership and Mentoring
This is an excerpt from The Four Components of a Fast-Paced Organization: Going Beyond Lean Sigma Tools by Robert Baird.
Creativity Life Cycle Models in Project Management
This is an excerpt from Creative, Efficient, and Effective Project Management by Ralph L. Kliem, PMP.
Learning from the Fast Developing Practice of Lean IT
If ERP can become agile, promote standardized work, reduce information waste and errors, and enable data-driven decision making, can it add value to a Lean enterprise? If you practice the four Lean principles well, but don't focus on value streams and their owners, will Lean IT produce sustainable results? Steve Bell, author of Lean IT: Enabling and Sustaining Your Lean Transformation and Run Grow Transform: Integrating Business and Lean IT, answers these big hairy questions and several essential others in this presentation from the Lean IT Summit 2013.
Enterprise Dark Data Is a Hidden Asset
Dark Data is a subset of Big Data: enormous but without formal boundaries as defined by database schemas. In other words, it’s the human generated content in documents, presentations, spreadsheets, notes, and other readable formats that make up the bits and bytes of a corporate file system.
Creativity and Project Management
Perhaps the best phrase that describes the need for creativity on projects is the one offered by Daniel Goleman, notable author on emotional intelligence, when he presented the maxim "I have to do it myself, and I can't do it alone." A project requires the contribution of individuals which includes their knowledge and creativity. A project, however, also requires that the individuals on the team work together to achieve common goals and objectives. More ...
Metrics for Hard Disk Drives and Solid State Devices
Ever run into one of those personalities who, when you ask the time of day, tells you how to build a clock? We're just looking for the time of day. We don't want or need to know how to build a clock. This metaphor applies well to data center storage. Storage vendors and suppliers have been known to claim leadership based on one (and usually only one) dimension of their product. While we can relate to the notion that a vendor needs marketing sound bites, we also know performance benchmarks alone are not the whole story.
Self-Healing Systems and Wireless Networks Management
In this book, Junaid Ahsenali Chaudhry presents a method for identifying and classifying faults using causal reasoning. It employs a similarity matrix in order to match the user activity log and its pattern in a transformed space. He then describes how to embed the self-healing policy, so that if the client has more faults related to the previous one, they can be dealt with at the client side. The book defines supporting systems architectures and includes a case study of an autonomic healing-based self-management engine.
IT Data Center "Green" Myths and Realties
Is "Green IT" a convenient or inconvenient truth or a legend? When it comes to green and virtual environments, there are plenty of myths and realities, some of which vary depending on market or industry focus, price band, and other factors. The following are some myths and realities as of today, some of which may be subject to change from reality to myth or from myth to reality as time progresses.
CA Security Council on Code Signing
Code signing certificates from publicly trusted Certification Authorities (CAs) fulfill a vital need for authentication of software distributed over the Internet in our interconnected world. The CA Security Council (CASC) is starting an education initiative around code signing. The use of code signing certificates is not as popular as using SSL certificates, but the risk might be greater. To start the initiative off, the group has posted a white paper that provides an overview of code signing, some configuration choices, and best practices.
Project Management Tools
"Tools of the trade" enable individuals in any profession to perform their work more effectively, efficiently, and consistently. The project management profession is like most others in its need for specialized tools. In today’s project management environment, the project management office (PMO) can serve its constituency well by providing support and guidance.
Defining Addressing Social Media Security and Privacy Challenges
Addressing information security and privacy within business organizations has provided numerous additional challenges with recently introduced technologies and comparatively new online habits of individuals. It is important when planning to take advantage of those benefits to also know and understand the associated risks, both to privacy and to network and information security.
The Birth of My First Program
From Projects to Programs: A Project Manager's Journey is a story about a project manager growing into a program manager’s shoes. This excerpt chronicles his first day as a newly-promoted program manager.
Just Published! Information Security Management Handbook, Sixth Edition, Volume 7
All-in-all, this is a good volume of the Information Security Management Handbook. We are working on the next edition now. If you would like to contribute, please contact me at 917-351-7146 or firstname.lastname@example.org.
The Role of Data Governance in an Organization
Developing an appropriate data strategy that fits the marketplace is one necessary ingredient for business success. Effective data governance reduces uncertainty and helps improve an organization’s performance. An organization's ability to collect pertinent information and act on signals that others miss provides it a strategic advantage.
Taming the "21st Century's Wild West" of Cyberspace
The world faces unprecedented risks across the Internet in what has become known as "The 21st Century's Wild West," where attacks on computer systems and networks are generally conducted with the complete anonymity and impunity for those perpetrating these acts. Establishing a robust system of monitoring, controls, and sanctions to ensure that the Internet functions as a trusted and heavily defended environment that fosters cooperation, collaboration, and commerce will have a dramatic effect on the stability, viability, and resilience of our interconnected global economy.
A Primer on Metadata: Separating Fact from Fiction
So, the NSA has been collecting metadata on calls. Until now, metadata was "data about data." More, specifically, it is structured information that describes, explains, locates, or otherwise makes it easier to retrieve, use, or manage an in...formation resource. Pretty innocuous, right? Well, not necessarily in the hands of the NSA. "A Primer on Metadata: Separating Fact from Fiction" by Ann Cavoukian, Information and Privacy Commissioner for Ontario, Canada, analyzes both metadate and the NSA claims. It also argues that government needs to ensure security and privacy as well as accountability.
An Ethics for the New (and Old) Surveillance
As the recent revelations about the NSA's Prism and Tempora programs shows, new surveillance technologies and various forms of electronic location monitoring raise important social, political, and cultural questions. This chapter suggests concepts to order the rich variation the topic offers across kinds of tools for collecting personal information and across various contexts regardless of whether they involve national security, work, commerce, family, or friends.
Green Servers and Data Centers
This chapter describes how to green your data centers and servers by choosing green suppliers when you buy in data center services. It explains why you should start now, and discusses planning buildings, power supplies, and servers, storage, and networking.
There has been a wide interest in the secure design and implementation of smart grid systems. The SCADA system is on of the most important legacy systems of the smart grid systems. In this excerpt, the authors demonstrate the challenges to secure the current automation systems, such as SCADA systems, with examples.
Before You Take Your Next Trip
I don't know if you've ever read Stratfor's guidance on personal security, such as "Taming Chaos with a Personal Plan," but this new book, Personal Security: A Guide for International Travelers, provides a comprehensive approach to personal security and safety when travelling, or even while at home. To support your pre-trip preparations, this chapter, "Before You Go," maps out expert advice and lessons from real life cases to give you insights into basic planning questions.
Wireless Network Security: An Overview
Wherever wireless networks are deployed, security vulnerability will always exist. Security attacks and vulnerabilities can only be mitigated if best practices, as well as correct policies and standards, are used. This chapter discusses some of the important and best practices that can be implemented for improving mobile and wireless security. Wireless security will continue to be a research topic as long as there are ways to attack or obtain unauthorized access to wireless networks.
Extensible Markup Language Document Management
The emergence of novel applications for the next-generation network highlights the need to overtake the traditional "data silo" model. To fit this need, the Open Mobile Appliance (OMA) defined standard reusable common components called enablers. These brought several advantages, including a uniform management of the increasing amount of user-related data. The last was facilitated by the gradual introduction of the Extensible Markup Language (XML) Document Management (XDM) technology.