Zum Hauptinhalt springen Zur Suche springen Zur Hauptnavigation springen

Computer und IT

Produkte filtern

Produktbild für Third Space, Information Sharing, and Participatory Design

Third Space, Information Sharing, and Participatory Design

SOCIETY FACES MANY CHALLENGES IN WORKPLACES, EVERYDAY LIFE SITUATIONS, AND EDUCATION CONTEXTS. Within information behavior research, there are often calls to bridge inclusiveness and for greater collaboration, with user-centered design approaches and, more specifically, participatory design practices. Collaboration and participation are essential in addressing contemporary societal challenges, designing creative information objects and processes, as well as developing spaces for learning, and information and research interventions. The intention is to improve access to information and the benefits to be gained from that. This also applies to bridging the digital divide and for embracing artificial intelligence. With regard to research and practices within information behavior, it is crucial to consider that all users should be involved. Many information activities (i.e., activities falling under the umbrella terms of information behavior and information practices) manifest through participation, and thus, methods such as participatory design may help unfold both information behavior and practices as well as the creation of information objects, new models, and theories. Information sharing is one of its core activities. For participatory design with its value set of democratic, inclusive, and open participation towards innovative practices in a diversity of contexts, it is essential to understand how information activities such as sharing manifest itself. For information behavior studies it is essential to deepen understanding of how information sharing manifests in order to improve access to information and the use of information.Third Space is a physical, virtual, cognitive, and conceptual space where participants may negotiate, reflect, and form new knowledge and worldviews working toward creative, practical and applicable solutions, finding innovative, appropriate research methods, interpreting findings, proposing new theories, recommending next steps, and even designing solutions such as new information objects or services. Information sharing in participatory design manifests in tandem with many other information interaction activities and especially information and cognitive processing. Although there are practices of individual information sharing and information encountering, information sharing mostly relates to collaborative information behavior practices, creativity, and collective decision-making.Our purpose with this book is to enable students, researchers, and practitioners within a multi-disciplinary research field, including information studies and Human–Computer Interaction approaches, to gain a deeper understanding of how the core activity of information sharing in participatory design, in which Third Space may be a platform for information interaction, is taking place when using methods utilized in participatory design to address contemporary societal challenges. This could also apply for information behavior studies using participatory design as methodology. We elaborate interpretations of core concepts such as participatory design, Third Space, information sharing, and collaborative information behavior, before discussing participatory design methods and processes in more depth. We also touch on information behavior, information practice, and other important concepts. Third Space, information sharing, and information interaction are discussed in some detail. A framework, with Third Space as a core intersecting zone, platform, and adaptive and creative space to study information sharing and other information behavior and interactions are suggested. As a tool to envision information behavior and suggest future practices, participatory design serves as a set of methods and tools in which new interpretations of the design of information behavior studies and eventually new information objects are being initiated involving multiple stakeholders in future information landscapes. For this purpose, we argue that Third Space can be used as an intersection zone to study information sharing and other information activities, but more importantly it can serve as a Third Space Information Behavior (TSIB) study framework where participatory design methodology and processes are applied to information behavior research studies and applications such as information objects, systems, and services with recognition of the importance of situated awareness.* Preface* Acknowledgments* Abbreviations* Introduction: Contemporary Challenges Faced in the Emerging Information Context* Foundation and Components* Participatory Design as an Approach for Participation* Third Space* Information Sharing and Other Information Activities* Third Space as an Intersection Zone for Information Behavior Studies* Conclusion and the Way Forward* Appendix A: General Guideline for Conducting a Participatory Design Workshop Called Future Workshop* Bibliography* Authors' Biographies

Regulärer Preis: 59,99 €
Produktbild für Cloud Native Security

Cloud Native Security

EXPLORE THE LATEST AND MOST COMPREHENSIVE GUIDE TO SECURING YOUR CLOUD NATIVE TECHNOLOGY STACKCloud Native Security delivers a detailed study into minimizing the attack surfaces found on today's Cloud Native infrastructure. Throughout the work hands-on examples walk through mitigating threats and the areas of concern that need to be addressed. The book contains the information that professionals need in order to build a diverse mix of the niche knowledge required to harden Cloud Native estates.The book begins with more accessible content about understanding Linux containers and container runtime protection before moving on to more advanced subject matter like advanced attacks on Kubernetes. You'll also learn about:* Installing and configuring multiple types of DevSecOps tooling in CI/CD pipelines* Building a forensic logging system that can provide exceptional levels of detail, suited to busy containerized estates* Securing the most popular container orchestrator, Kubernetes* Hardening cloud platforms and automating security enforcement in the cloud using sophisticated policiesPerfect for DevOps engineers, platform engineers, security professionals and students, Cloud Native Security will earn a place in the libraries of all professionals who wish to improve their understanding of modern security challenges.CHRIS BINNIE is a Technical Consultant who has worked for almost 25 years with critical Linux systems in banking and government, both on-premise and in the cloud. He has written two Linux books, has written for Linux and ADMIN magazines and has five years of experience in DevOps security consultancy roles.RORY MCCUNE has over 20 years of experience in the Information and IT security arenas. His professional focus is on container, cloud, and application security and he is an author of the CIS Benchmarks for Docker and Kubernetes and has authored and delivered container security training at conferences around the world.Introduction xixPART I CONTAINER AND ORCHESTRATOR SECURITY 1CHAPTER 1 WHAT IS A CONTAINER? 3Common Misconceptions 4Container Components 6Kernel Capabilities 7Other Containers 13Summary 14CHAPTER 2 ROOTLESS RUNTIMES 17Docker Rootless Mode 18Installing Rootless Mode 20Running Rootless Podman 25Setting Up Podman 26Summary 31CHAPTER 3 CONTAINER RUNTIME PROTECTION 33Running Falco 34Configuring Rules 38Changing Rules 39Macros 41Lists 41Getting Your Priorities Right 41Tagging Rulesets 42Outputting Alerts 42Summary 43CHAPTER 4 FORENSIC LOGGING 45Things to Consider 46Salient Files 47Breaking the Rules 49Key Commands 52The Rules 52Parsing Rules 54Monitoring 58Ordering and Performance 62Summary 63CHAPTER 5 KUBERNETES VULNERABILITIES 65Mini Kubernetes 66Options for Using kube-hunter 68Deployment Methods 68Scanning Approaches 69Hunting Modes 69Container Deployment 70Inside Cluster Tests 71Minikube vs. kube-hunter 74Getting a List of Tests 76Summary 77CHAPTER 6 CONTAINER IMAGE CVES 79Understanding CVEs 80Trivy 82Getting Started 83Exploring Anchore 88Clair 96Secure Registries 97Summary 101PART II DEVSECOPS TOOLING 103CHAPTER 7 BASELINE SCANNING (OR, ZAP YOUR APPS) 105Where to Find ZAP 106Baseline Scanning 107Scanning Nmap’s Host 113Adding Regular Expressions 114Summary 116CHAPTER 8 CODIFYING SECURITY 117Security Tooling 117Installation 118Simple Tests 122Example Attack Files 124Summary 127CHAPTER 9 KUBERNETES COMPLIANCE 129Mini Kubernetes 130Using kube-bench 133Troubleshooting 138Automation 139Summary 140CHAPTER 10 SECURING YOUR GIT REPOSITORIES 141Things to Consider 142Installing and Running Gitleaks 144Installing and Running GitRob 149Summary 151CHAPTER 11 AUTOMATED HOST SECURITY 153Machine Images 155Idempotency 156Secure Shell Example 158Kernel Changes 162Summary 163CHAPTER 12 SERVER SCANNING WITH NIKTO 165Things to Consider 165Installation 166Scanning a Second Host 170Running Options 171Command-Line Options 172Evasion Techniques 172The Main Nikto Configuration File 175Summary 176PART III CLOUD SECURITY 177CHAPTER 13 MONITORING CLOUD OPERATIONS 179Host Dashboarding with NetData 180Installing Netdata 180Host Installation 180Container Installation 183Collectors 186Uninstalling Host Packages 186Cloud Platform Interrogation with Komiser 186Installation Options 190Summary 191CHAPTER 14 CLOUD GUARDIANSHIP 193Installing Cloud Custodian 193Wrapper Installation 194Python Installation 195EC2 Interaction 196More Complex Policies 201IAM Policies 202S3 Data at Rest 202Generating Alerts 203Summary 205CHAPTER 15 CLOUD AUDITING 207Runtime, Host, and Cloud Testing with Lunar 207Installing to a Bash Default Shell 209Execution 209Cloud Auditing Against Benchmarks 213AWS Auditing with Cloud Reports 215Generating Reports 217EC2 Auditing 219CIS Benchmarks and AWS Auditing with Prowler 220Summary 223CHAPTER 16 AWS CLOUD STORAGE 225Buckets 226Native Security Settings 229Automated S3 Attacks 231Storage Hunting 234Summary 236PART IV ADVANCED KUBERNETES AND RUNTIME SECURITY 239CHAPTER 17 KUBERNETES EXTERNAL ATTACKS 241The Kubernetes Network Footprint 242Attacking the API Server 243API Server Information Discovery 243Avoiding API Server Information Disclosure 244Exploiting Misconfigured API Servers 245Preventing Unauthenticated Access to the API Server 246Attacking etcd 246etcd Information Discovery 246Exploiting Misconfigured etcd Servers 246Preventing Unauthorized etcd Access 247Attacking the Kubelet 248Kubelet Information Discovery 248Exploiting Misconfigured Kubelets 249Preventing Unauthenticated Kubelet Access 250Summary 250CHAPTER 18 KUBERNETES AUTHORIZATION WITH RBAC 251Kubernetes Authorization Mechanisms 251RBAC Overview 252RBAC Gotchas 253Avoid the cluster-admin Role 253Built-In Users and Groups Can Be Dangerous 254Read-Only Can Be Dangerous 254Create Pod is Dangerous 256Kubernetes Rights Can Be Transient 257Other Dangerous Objects 258Auditing RBAC 258Using kubectl 258Additional Tooling 259Rakkess 259kubectl-who-can 261Rback 261Summary 262CHAPTER 19 NETWORK HARDENING 265Container Network Overview 265Node IP Addresses 266Pod IP Addresses 266Service IP Addresses 267Restricting Traffic in Kubernetes Clusters 267Setting Up a Cluster with Network Policies 268Getting Started 268Allowing Access 271Egress Restrictions 273Network Policy Restrictions 274CNI Network Policy Extensions 275Cilium 275Calico 276Summary 278CHAPTER 20 WORKLOAD HARDENING 279Using Security Context in Manifests 279General Approach 280allowPrivilegeEscalation 280Capabilities 281privileged 283readOnlyRootFilesystem 283seccompProfile 283Mandatory Workload Security 285Pod Security Standards 285PodSecurityPolicy 286Setting Up PSPs 286Setting Up PSPs 288PSPs and RBAC 289PSP Alternatives 291Open Policy Agent 292Installation 292Enforcement Actions 295Kyverno 295Installation 296Operation 296Summary 298Index 299

Regulärer Preis: 25,99 €
Produktbild für Basics Interactive Design: User Experience Design

Basics Interactive Design: User Experience Design

By putting people at the centre of interactive design, user experience (UX) techniques are now right at the heart of digital media design and development. As a designer, you need to create work that will impact positively on everyone who is exposed to it. Whether it's passive and immutable or interactive and dynamic, the success of your design will depend largely on how well the user experience is constructed.User Experience Design shows how researching and understanding users' expectations and motivations can help you develop effective, targeted designs. The authors explore the use of scenarios, personas and prototyping in idea development, and will help you get the most out of the latest tools and techniques to produce interactive designs that users will love.With practical projects to get you started, and stunning examples from some of today's most innovative studios, this is an essential introduction to modern UXD.

Regulärer Preis: 108,00 €
Produktbild für Clean C++20

Clean C++20

Write maintainable, extensible, and durable software with modern C++. This book, updated for the recently released C++20 standard, is a must for every developer, software architect, or team leader who is interested in well-crafted C++ code, and thus also wants to save development costs. If you want to teach yourself about writing better C++ code, Clean C++20 is exactly what you need. It is written for C++ developers of all skill levels and shows by example how to write understandable, flexible, maintainable, and efficient C++ code. Even if you are a seasoned C++ developer, there are nuggets and data points in this book that you will find useful in your work.If you don't take care with your codebase, you can produce a large, messy, and unmaintainable beast in any programming language. However, C++ projects in particular are prone to get messy and tend to slip into a maintenance nightmare. There is lots of C++ code out there that looks as if it was written in the 1980s, completely ignoring principles and practices of well-written and modern C++.It seems that C++ developers have been forgotten by those who preach Software Craftsmanship and Clean Code principles. The web is full of C++ code examples that may be very fast and highly optimized, but whose developers have completely ignored elementary principles of good design and well-written code. This book will explain how to avoid this and how to get the most out of your C++ code. You'll find your coding becomes more efficient and, importantly, more fun.WHAT YOU WILL LEARN* Gain sound principles and rules for clean coding in C++* Carry out test-driven development (TDD)* Better modularize your C++ code base* Discover and apply C++ design patterns and idioms* Write C++ code in both object-oriented and functional programming stylesWHO THIS BOOK IS FORAny C++ developer or software engineer with an interest in producing better code.STEPHAN ROTH is a coach, consultant, and trainer for systems and software engineering with German consultancy company oose Innovative Informatik eG located in Hamburg. Before he joined oose, he worked for many years as a software developer, software architect, and systems engineer in the field of radio reconnaissance and communication intelligence systems. He has developed sophisticated applications, especially in a high-performance system environment, and graphical user interfaces using C++ and other programming languages. Stephan is an active supporter of the Software Craftsmanship movement and is concerned with principles and practices of Clean Code Development (CCD).CH01 - IntroductionCH02 - Build a Safety NetCH03 - Be PrincipledCH04 - Basics of Clean C++CH05 - Advanced concepts of modern C++CH06 - Object OrientationCH07 - Functional ProgrammingCH08 - Test Driven DevelopmentCH09 - Design Patterns and IdiomsAppendix A - Small UML GuideBibliography

Regulärer Preis: 46,99 €
Produktbild für E-Auto einfach erklärt

E-Auto einfach erklärt

Alles, was Sie über Elektroautos wissen müssen: von A wie Akku bis Z wie zu Hause laden.Überlegen Sie, ein Elektroauto zu kaufen oder suchen Sie als Neubesitzer/in einen schnellen Einstieg ins Thema? Timo Kauffmann erklärt in dem Buch »E-Auto einfach erklärt« genau, wie das mit dem Fahren und Laden eines Elektroautos funktioniert – von One-Pedal-Driving und Rekuperation über Ladekarten und -apps bis zur Installation einer heimischen Wallbox für Ihr E-Auto. Leicht verständliche Erläuterungen zu Akkus, Motoren und Kilowattstunden helfen Ihnen, die zugrundeliegende Technologie besser zu verstehen und Ihr Elektroauto effizienter zu nutzen. So machen Sie sich mit Ihrem neuen Auto schneller vertraut und können diese leise, saubere und komfortable Form des Fahrens wirklich genießen.Aus dem Inhalt:Entscheidungshilfe: Welches Elektroauto passt zu mir?Worauf Sie bei gebrauchten Elektroautos achten müssenKein Haus- oder Wohnungseigentümer und trotzdem zuhause laden?Faktencheck: 10 Antworten auf typische FragenEffizienz & Fahrspaß – keine Gegensätze!So funktionieren Elektromotoren und AkkusÜbersicht zu Stecker- und KabeltypenSo nutzen Sie öffentliche LadestationenWallboxen für daheim und unterwegsUmweltbonus und KfW-FörderungÜbersicht Ladekarten und Lade-AppsReiseplanung und LadestrategienTipps zur ReichweitenoptimierungPflege, Versicherung und PannenhilfeInhalt (PDF-Link)

Regulärer Preis: 24,90 €
Produktbild für Beginning Azure Synapse Analytics

Beginning Azure Synapse Analytics

Get started with Azure Synapse Analytics, Microsoft's modern data analytics platform. This book covers core components such as Synapse SQL, Synapse Spark, Synapse Pipelines, and many more, along with their architecture and implementation.The book begins with an introduction to core data and analytics concepts followed by an understanding of traditional/legacy data warehouse, modern data warehouse, and the most modern data lakehouse. You will go through the introduction and background of Azure Synapse Analytics along with its main features and key service capabilities. Core architecture is discussed, along with Synapse SQL. You will learn its main features and how to create a dedicated Synapse SQL pool and analyze your big data using Serverless Synapse SQL Pool. You also will learn Synapse Spark and Synapse Pipelines, with examples. And you will learn Synapse Workspace and Synapse Studio followed by Synapse Link and its features. You will go through use cases in Azure Synapse and understand the reference architecture for Synapse Analytics.After reading this book, you will be able to work with Azure Synapse Analytics and understand its architecture, main components, features, and capabilities.WHAT YOU WILL LEARN* Understand core data and analytics concepts and data lakehouse concepts* Be familiar with overall Azure Synapse architecture and its main components* Be familiar with Synapse SQL and Synapse Spark architecture components* Work with integrated Apache Spark (aka Synapse Spark) and Synapse SQL engines* Understand Synapse Workspace, Synapse Studio, and Synapse Pipeline* Study reference architecture and use casesWHO THIS BOOK IS FORAzure data analysts, data engineers, data scientists, and solutions architectsBHADRESH SHIYAL is an Azure data architect and Azure data engineer. For the past seven years, he has been working with a large multi-national IT corporation as Solutions Architect. Prior to that, he spent almost a decade in private and public sector banks in India in various IT positions working on various Microsoft technologies. He has 18 years of IT experience, including working for two years on an international assignment from London. He has much experience in application design, development, and deployment.He has worked on various technologies, including Visual Basic, SQL Server, SharePoint Technologies, .NET MVC, O365, Azure Data Factory, Azure Databricks, Azure Synapse Analytics, Azure Data Lake Storage Gen1/Gen2, Azure SQL Data Warehouse, Power BI, Spark SQL, Scala, Delta Lake, Azure Machine Learning, Azure Information Protection, Azure .NET SDK, Azure DevOps, and more.He holds multiple Azure certifications that include Microsoft Certified Azure Solutions Architect Expert, Microsoft Certified Azure Data Engineer Associate, Microsoft Certified Azure Data Scientist Associate, and Microsoft Certified Azure Data Analyst Associate.Bhadresh has worked as Solutions Architect on a large-scale Azure Data Lake implementation project as well as on a data transformation project and on large-scale customized content management systems. He has also worked as Technical Reviewer for the book Data Science using Azure, prior to authoring this book.CHAPTER 1: CORE DATA AND ANALYTICS CONCEPTSCHAPTER GOAL: Introducing readers to some of the important core data and analytics concepts as a foundationNO OF PAGES : 15SUB -TOPICS1. Introduction/Background2. Core Data Concepts1. Structured Data2. Unstructured Data3. Semi-Structured Data4. Batch Data5. Streaming Data6. Difference between Streaming Data and Batch Data7. Relational Data and its characteristics3. Core Analytics Concepts1. Data Ingestion1. ELT2. ETL2. Data Processing3. Data Exploration4. Data Visualization5. Analytics Techniques1. Descriptive2. Diagnostic3. Predictive4. Prescriptive5. Cognitive4. SummaryCHAPTER 2: MODERN DATA WAREHOUSE AND DATA LAKEHOUSECHAPTER GOAL: Providing conceptual understanding about traditional / legacy Data Warehouse, Modern Data Warehouse and finally the most modern Data Lakehouse.NO OF PAGES: 25SUB - TOPICS1. Introduction/Background2. What is Data Warehouse?3. Why do we need a Data Warehouse?4. What is Modern Data Warehouse?5. Comparison between Traditional Data Warehouse and Modern Data Warehouse?6. What is Data Lakehouse?7. Comparison between Data Warehouse and Data Lakehouse8. Benefits of Data Lakehouse9. Examples of Data Lakehouse10. SummaryCHAPTER 3: INTRODUCTION TO AZURE SYNAPSE ANALYTICSCHAPTER GOAL: Building foundational knowledge by introducing Azure Synapse Analytics, its main features and its key services capabilitiesNO OF PAGES : 20SUB - TOPICS:1. Introduction/Background2. What is Azure Synapse Analytics?3. Azure Synapse Analytics vs Azure SQL Datawarehouse4. Why should you learn Azure Synapse Analytics?5. Main Features1. Unified Experience2. Powerful Insights3. Limitless Scale4. Instant Clarity5. Security and Privacy6. Key Services Capabilities1. EDW2. Data Lake Exploration3. Multiple Language Support4. Low-Code or Code-Free Data Orchestration5. Integrated Apache Spark and SQL Engines6. Stream Analytics7. AI Integration8. BI Integration9. Management and Security7. SummaryCHAPTER 4: ARCHITECTURE AND ITS MAIN COMPONENTSCHAPTER GOAL: Explaining Azure Synapse Analytics Core Architecture and its main components as it is very different from traditional Data Warehouse Architecture and its components.NO OF PAGES: 15SUB - TOPICS:1. Introduction/Background2. High Level Architecture3. Main Components of Architecture1. Synapse SQL2. Synapse Spark3. Synapse Pipelines4. Synapse Studio5. Synapse Link4. SummaryCHAPTER 5: SYNAPSE SQLCHAPTER GOAL: Exploring Synapse SQL in detail including its architecture, its main features with some How-Tos to make the readers familiar with some important activities which can be carried out for Synapse SQLNO OF PAGES: 25SUB - TOPICS:1. Background / Introduction2. Synapse SQL Architecture Components1. Azure Storage2. Control Node3. Compute Node4. Data Movement Service5. Distributions3. Synapse SQL Pool4. Synapse SQL On-Demand5. Synapse SQL Features6. Resource Consumption Models7. Synapse SQL - Best Practices8. How-Tos1. Create an Azure Synapse SQL Pool2. Create an Azure Synapse SQL On-Demand3. Load Data using COPY Statement4. Load data from Azure Data Lake Storage for Synapse SQL5. Load data by using Azure Data Factory6. Ingest data into Azure Data Lake Storage Gen29. SummaryCHAPTER 6: SYNAPSE SPARKCHAPTER GOAL: Explaining Synapse Sparks and its main components including Delta Lake along with some How-Tos to make the readers familiar with important tasks pertaining to Synapse Spark.NO OF PAGES: 30SUB - TOPICS:1. Introduction/Background2. What is Apache Spark3. Synapse Spark Capabilities4. What is Delta Lake and its importance in Spark?5. Synapse Spark Job Optimization6. Development Libraries7. Apache Spark Machine Learning8. How-Tos1. Create Synapse Spark Cluster2. Load Data using Synapse Spark Cluster3. Export / Import Data with Apache Spark9. SummaryCHAPTER 7: SYNAPSE PIPELINESCHAPTER GOAL: Introducing Azure Synapse Pipelines and how it integrates with Azure Data Factory. Detailed explanation to various types of Pipeline activities with examples.No of pages: 20SUB - TOPICS:1. Introduction / Background2. Overview of Azure Data Factory3. Data Movement Activities4. Data Transformation Activities5. Control Flow Activities6. Copy Pipeline Example7. Transformation Pipeline Example8. Scheduling Pipelines9. SummaryCHAPTER 8: SYNAPSE WORKSPACE AND SYNAPSE STUDIOCHAPTER GOAL: To make readers familiar with Synapse Workspace and Synapse Studio including its main features and its capabilities and to give understanding about how to accomplish some important tasks using workspace and studio.NO OF PAGES: 25SUB - TOPICS:1. What is Synapse Workspace?2. Workspace Components and Features3. What is Synapse Studio?4. Main Features5. Capabilities (What it can do?)6. Linking Power BI to Synapse Studio7. How-To carry out important activities using Studio8. SummaryCHAPTER 9: SYNAPSE LINKCHAPTER GOAL: To explain differences between OLTP and OLAP, why HTAP is required and its benefits and then introducing Synapse Link along with its Cosmos DB integration, its features and use cases.NO OF PAGES: 20SUB - TOPICS:1. Introduction / Background2. OLTP vs OLAP3. What is HTAP?4. HTAP Benefits5. What is Azure Synapse Link?6. Azure Cosmos DB Analytical Store7. Synapse Link Features8. Synapse Link Use Cases9. SummaryCHAPTER 10: AZURE SYNAPSE USE CASES AND REFERENCE ARCHITECTURESChapter Goal: To make readers familiar with Synapse Workspace and Synapse Studio including its main features and its capabilities and to give understanding about how to accomplish some important tasks using workspace and studio.NO OF PAGES: 15SUB - TOPICS:1. Introduction / Background2. Where you should use Synapse Analytics?3. Where it should not be used?4. Few Examples of Use cases of Synapse Analytics5. Reference Architecture for Synapse Analytics6. Summary

Regulärer Preis: 66,99 €
Produktbild für (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide

Your Complete Guide to Preparing for the CISSP Certification, Updated for the CISSP 2021 Exam The (ISC)2 CISSP Official Study Guide, 9th Edition is your one-stop resource for complete coverage of the 2021 CISSP exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to superior content including: assessment tests that check exam readiness, objective map, ­written labs, key topic exam essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank, assessable across multiple devices. Get prepared for the CISSP exam with Sybex. Coverage of all exam objectives in this Study Guide means you’ll be ready for: Security and Risk ManagementAsset SecuritySecurity Architecture and EngineeringCommunication and Network SecurityIdentity and Access Management (IAM)Security Assessment and TestingSecurity OperationsSoftware Development Security Interactive learning environment Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register to receive your unique PIN, and instantly gain one year of FREE access to: Interactive test bank with four additional practice exams, each with 125 unique questions. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam.More than 700 electronic flashcards to reinforce learning and last minute prep before the exam.Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared. ABOUT THE CISSP CERTIFICATION The CISSP is the most globally recognized certification in the information security market. This vendor neutral certification validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. (ISC)2 is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the (ISC)2 Code of Ethics, and maintain continuing education requirements or recertify every three years. Visit www.isc2.org to learn more. The only Official CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge (ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the examA searchable glossary in PDF to give you instant access to the key terms you need to know for the examNew for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. All of the online features are supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions. Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk ManagementAsset SecuritySecurity Architecture and EngineeringCommunication and Network SecurityIdentity and Access Management (IAM)Security Assessment and TestingSecurity OperationsSoftware Development Security Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame’s Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com. James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications. Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications. Introduction xxxvii Assessment Test lix Chapter 1 Security Governance Through Principles and Policies 1 Security 101 3 Understand and Apply Security Concepts 4 Confidentiality 5 Integrity 6 Availability 7 DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7 Protection Mechanisms 11 Security Boundaries 13 Evaluate and Apply Security Governance Principles 14 Third-Party Governance 15 Documentation Review 15 Manage the Security Function 16 Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17 Organizational Processes 19 Organizational Roles and Responsibilities 21 Security Control Frameworks 22 Due Diligence and Due Care 23 Security Policy, Standards, Procedures, and Guidelines 23 Security Policies 24 Security Standards, Baselines, and Guidelines 24 Security Procedures 25 Threat Modeling 26 Identifying Threats 26 Determining and Diagramming Potential Attacks 28 Performing Reduction Analysis 28 Prioritization and Response 30 Supply Chain Risk Management 31 Summary 33 Exam Essentials 33 Written Lab 36 Review Questions 37 Chapter 2 Personnel Security and Risk Management Concepts 43 Personnel Security Policies and Procedures 45 Job Descriptions and Responsibilities 45 Candidate Screening and Hiring 46 Onboarding: Employment Agreements and Policies 47 Employee Oversight 48 Offboarding, Transfers, and Termination Processes 49 Vendor, Consultant, and Contractor Agreements and Controls 52 Compliance Policy Requirements 53 Privacy Policy Requirements 54 Understand and Apply Risk Management Concepts 55 Risk Terminology and Concepts 56 Asset Valuation 58 Identify Threats and Vulnerabilities 60 Risk Assessment/Analysis 60 Risk Responses 66 Cost vs. Benefit of Security Controls 69 Countermeasure Selection and Implementation 72 Applicable Types of Controls 74 Security Control Assessment 76 Monitoring and Measurement 76 Risk Reporting and Documentation 77 Continuous Improvement 77 Risk Frameworks 79 Social Engineering 81 Social Engineering Principles 83 Eliciting Information 85 Prepending 85 Phishing 85 Spear Phishing 87 Whaling 87 Smishing 88 Vishing 88 Spam 89 Shoulder Surfing 90 Invoice Scams 90 Hoax 90 Impersonation and Masquerading 91 Tailgating and Piggybacking 91 Dumpster Diving 92 Identity Fraud 93 Typo Squatting 94 Influence Campaigns 94 Establish and Maintain a Security Awareness, Education, and Training Program 96 Awareness 97 Training 97 Education 98 Improvements 98 Effectiveness Evaluation 99 Summary 100 Exam Essentials 101 Written Lab 106 Review Questions 107 Chapter 3 Business Continuity Planning 113 Planning for Business Continuity 114 Project Scope and Planning 115 Organizational Review 116 BCP Team Selection 117 Resource Requirements 119 Legal and Regulatory Requirements 120 Business Impact Analysis 121 Identifying Priorities 122 Risk Identification 123 Likelihood Assessment 125 Impact Analysis 126 Resource Prioritization 128 Continuity Planning 128 Strategy Development 129 Provisions and Processes 129 Plan Approval and Implementation 131 Plan Approval 131 Plan Implementation 132 Training and Education 132 BCP Documentation 132 Summary 136 Exam Essentials 137 Written Lab 138 Review Questions 139 Chapter 4 Laws, Regulations, and Compliance 143 Categories of Laws 144 Criminal Law 144 Civil Law 146 Administrative Law 146 Laws 147 Computer Crime 147 Intellectual Property (IP) 152 Licensing 158 Import/Export 158 Privacy 160 State Privacy Laws 168 Compliance 169 Contracting and Procurement 171 Summary 171 Exam Essentials 172 Written Lab 173 Review Questions 174 Chapter 5 Protecting Security of Assets 179 Identifying and Classifying Information and Assets 180 Defining Sensitive Data 180 Defining Data Classifications 182 Defining Asset Classifications 185 Understanding Data States 185 Determining Compliance Requirements 186 Determining Data Security Controls 186 Establishing Information and Asset Handling Requirements 188 Data Maintenance 189 Data Loss Prevention 189 Marking Sensitive Data and Assets 190 Handling Sensitive Information and Assets 192 Data Collection Limitation 192 Data Location 193 Storing Sensitive Data 193 Data Destruction 194 Ensuring Appropriate Data and Asset Retention 197 Data Protection Methods 199 Digital Rights Management 199 Cloud Access Security Broker 200 Pseudonymization 200 Tokenization 201 Anonymization 202 Understanding Data Roles 204 Data Owners 204 Asset Owners 205 Business/Mission Owners 206 Data Processors and Data Controllers 206 Data Custodians 207 Administrators 207 Users and Subjects 208 Using Security Baselines 208 Comparing Tailoring and Scoping 209 Standards Selection 210 Summary 211 Exam Essentials 211 Written Lab 213 Review Questions 214 Chapter 6 Cryptography and Symmetric Key Algorithms 219 Cryptographic Foundations 220 Goals of Cryptography 220 Cryptography Concepts 223 Cryptographic Mathematics 224 Ciphers 230 Modern Cryptography 238 Cryptographic Keys 238 Symmetric Key Algorithms 239 Asymmetric Key Algorithms 241 Hashing Algorithms 244 Symmetric Cryptography 244 Cryptographic Modes of Operation 245 Data Encryption Standard 247 Triple DES 247 International Data Encryption Algorithm 248 Blowfish 249 Skipjack 249 Rivest Ciphers 249 Advanced Encryption Standard 250 CAST 250 Comparison of Symmetric Encryption Algorithms 251 Symmetric Key Management 252 Cryptographic Lifecycle 255 Summary 255 Exam Essentials 256 Written Lab 257 Review Questions 258 Chapter 7 PKI and Cryptographic Applications 263 Asymmetric Cryptography 264 Public and Private Keys 264 RSA 265 ElGamal 267 Elliptic Curve 268 Diffie–Hellman Key Exchange 269 Quantum Cryptography 270 Hash Functions 271 SHA 272 MD5 273 RIPEMD 273 Comparison of Hash Algorithm Value Lengths 274 Digital Signatures 275 HMAC 276 Digital Signature Standard 277 Public Key Infrastructure 277 Certificates 278 Certificate Authorities 279 Certificate Lifecycle 280 Certificate Formats 283 Asymmetric Key Management 284 Hybrid Cryptography 285 Applied Cryptography 285 Portable Devices 285 Email 286 Web Applications 290 Steganography and Watermarking 292 Networking 294 Emerging Applications 295 Cryptographic Attacks 297 Summary 301 Exam Essentials 302 Written Lab 303 Review Questions 304 Chapter 8 Principles of Security Models, Design, and Capabilities 309 Secure Design Principles 310 Objects and Subjects 311 Closed and Open Systems 312 Secure Defaults 314 Fail Securely 314 Keep It Simple 316 Zero Trust 317 Privacy by Design 319 Trust but Verify 319 Techniques for Ensuring CIA 320 Confinement 320 Bounds 320 Isolation 321 Access Controls 321 Trust and Assurance 321 Understand the Fundamental Concepts of Security Models 322 Trusted Computing Base 323 State Machine Model 325 Information Flow Model 325 Noninterference Model 326 Take-Grant Model 326 Access Control Matrix 327 Bell–LaPadula Model 328 Biba Model 330 Clark–Wilson Model 333 Brewer and Nash Model 334 Goguen–Meseguer Model 335 Sutherland Model 335 Graham–Denning Model 335 Harrison–Ruzzo–Ullman Model 336 Select Controls Based on Systems Security Requirements 337 Common Criteria 337 Authorization to Operate 340 Understand Security Capabilities of Information Systems 341 Memory Protection 341 Virtualization 342 Trusted Platform Module 342 Interfaces 343 Fault Tolerance 343 Encryption/Decryption 343 Summary 343 Exam Essentials 344 Written Lab 347 Review Questions 348 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353 Shared Responsibility 354 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355 Hardware 356 Firmware 370 Client-Based Systems 372 Mobile Code 372 Local Caches 375 Server-Based Systems 375 Large-Scale Parallel Data Systems 376 Grid Computing 377 Peer to Peer 378 Industrial Control Systems 378 Distributed Systems 380 High-Performance Computing (HPC) Systems 382 Internet of Things 383 Edge and Fog Computing 385 Embedded Devices and Cyber-Physical Systems 386 Static Systems 387 Network-Enabled Devices 388 Cyber-Physical Systems 389 Elements Related to Embedded and Static Systems 389 Security Concerns of Embedded and Static Systems 390 Specialized Devices 393 Microservices 394 Infrastructure as Code 395 Virtualized Systems 397 Virtual Software 399 Virtualized Networking 400 Software-Defined Everything 400 Virtualization Security Management 403 Containerization 405 Serverless Architecture 406 Mobile Devices 406 Mobile Device Security Features 408 Mobile Device Deployment Policies 420 Essential Security Protection Mechanisms 426 Process Isolation 426 Hardware Segmentation 427 System Security Policy 427 Common Security Architecture Flaws and Issues 428 Covert Channels 428 Attacks Based on Design or Coding Flaws 430 Rootkits 431 Incremental Attacks 431 Summary 432 Exam Essentials 433 Written Lab 440 Review Questions 441 Chapter 10 Physical Security Requirements 447 Apply Security Principles to Site and Facility Design 448 Secure Facility Plan 448 Site Selection 449 Facility Design 450 Implement Site and Facility Security Controls 452 Equipment Failure 453 Wiring Closets 454 Server Rooms/Data Centers 455 Intrusion Detection Systems 458 Cameras 460 Access Abuses 462 Media Storage Facilities 462 Evidence Storage 463 Restricted and Work Area Security 464 Utility Considerations 465 Fire Prevention, Detection, and Suppression 470 Implement and Manage Physical Security 476 Perimeter Security Controls 477 Internal Security Controls 481 Key Performance Indicators of Physical Security 483 Summary 484 Exam Essentials 485 Written Lab 488 Review Questions 489 Chapter 11 Secure Network Architecture and Components 495 OSI Model 497 History of the OSI Model 497 OSI Functionality 498 Encapsulation/Deencapsulation 498 OSI Layers 500 TCP/IP Model 504 Analyzing Network Traffic 505 Common Application Layer Protocols 506 Transport Layer Protocols 508 Domain Name System 509 DNS Poisoning 511 Domain Hijacking 514 Internet Protocol (IP) Networking 516 IPv4 vs. IPv6 516 IP Classes 517 ICMP 519 IGMP 519 ARP Concerns 519 Secure Communication Protocols 521 Implications of Multilayer Protocols 522 Converged Protocols 523 Voice over Internet Protocol (VoIP) 524 Software-Defined Networking 525 Microsegmentation 526 Wireless Networks 527 Securing the SSID 529 Wireless Channels 529 Conducting a Site Survey 530 Wireless Security 531 Wi-Fi Protected Setup (WPS) 533 Wireless MAC Filter 534 Wireless Antenna Management 534 Using Captive Portals 535 General Wi-Fi Security Procedure 535 Wireless Communications 536 Wireless Attacks 539 Other Communication Protocols 543 Cellular Networks 544 Content Distribution Networks (CDNs) 545 Secure Network Components 545 Secure Operation of Hardware 546 Common Network Equipment 547 Network Access Control 549 Firewalls 550 Endpoint Security 556 Cabling, Topology, and Transmission Media Technology 559 Transmission Media 559 Network Topologies 563 Ethernet 565 Sub-Technologies 566 Summary 569 Exam Essentials 570 Written Lab 574 Review Questions 575 Chapter 12 Secure Communications and Network Attacks 581 Protocol Security Mechanisms 582 Authentication Protocols 582 Port Security 585 Quality of Service (QoS) 585 Secure Voice Communications 586 Public Switched Telephone Network 586 Voice over Internet Protocol (VoIP) 586 Vishing and Phreaking 588 PBX Fraud and Abuse 589 Remote Access Security Management 590 Remote Access and Telecommuting Techniques 591 Remote Connection Security 591 Plan a Remote Access Security Policy 592 Multimedia Collaboration 593 Remote Meeting 593 Instant Messaging and Chat 594 Load Balancing 595 Virtual IPs and Load Persistence 596 Active-Active vs. Active-Passive 596 Manage Email Security 596 Email Security Goals 597 Understand Email Security Issues 599 Email Security Solutions 599 Virtual Private Network 602 Tunneling 603 How VPNs Work 604 Always-On 606 Split Tunnel vs. Full Tunnel 607 Common VPN Protocols 607 Switching and Virtual LANs 610 Network Address Translation 614 Private IP Addresses 616 Stateful NAT 617 Automatic Private IP Addressing 617 Third-Party Connectivity 618 Switching Technologies 620 Circuit Switching 620 Packet Switching 620 Virtual Circuits 621 WAN Technologies 622 Fiber-Optic Links 624 Security Control Characteristics 624 Transparency 625 Transmission Management Mechanisms 625 Prevent or Mitigate Network Attacks 625 Eavesdropping 626 Modification Attacks 626 Summary 626 Exam Essentials 628 Written Lab 630 Review Questions 631 Chapter 13 Managing Identity and Authentication 637 Controlling Access to Assets 639 Controlling Physical and Logical Access 640 The CIA Triad and Access Controls 640 Managing Identification and Authentication 641 Comparing Subjects and Objects 642 Registration, Proofing, and Establishment of Identity 643 Authorization and Accountability 644 Authentication Factors Overview 645 Something You Know 647 Something You Have 650 Something You Are 651 Multifactor Authentication (MFA) 655 Two-Factor Authentication with Authenticator Apps 655 Passwordless Authentication 656 Device Authentication 657 Service Authentication 658 Mutual Authentication 659 Implementing Identity Management 659 Single Sign-On 659 SSO and Federated Identities 660 Credential Management Systems 662 Credential Manager Apps 663 Scripted Access 663 Session Management 663 Managing the Identity and Access Provisioning Lifecycle 664 Provisioning and Onboarding 665 Deprovisioning and Offboarding 666 Defining New Roles 667 Account Maintenance 667 Account Access Review 667 Summary 668 Exam Essentials 669 Written Lab 671 Review Questions 672 Chapter 14 Controlling and Monitoring Access 677 Comparing Access Control Models 678 Comparing Permissions, Rights, and Privileges 678 Understanding Authorization Mechanisms 679 Defining Requirements with a Security Policy 681 Introducing Access Control Models 681 Discretionary Access Control 682 Nondiscretionary Access Control 683 Implementing Authentication Systems 690 Implementing SSO on the Internet 691 Implementing SSO on Internal Networks 694 Understanding Access Control Attacks 699 Risk Elements 700 Common Access Control Attacks 700 Core Protection Methods 713 Summary 714 Exam Essentials 715 Written Lab 717 Review Questions 718 Chapter 15 Security Assessment and Testing 723 Building a Security Assessment and Testing Program 725 Security Testing 725 Security Assessments 726 Security Audits 727 Performing Vulnerability Assessments 731 Describing Vulnerabilities 731 Vulnerability Scans 732 Penetration Testing 742 Compliance Checks 745 Testing Your Software 746 Code Review and Testing 746 Interface Testing 751 Misuse Case Testing 751 Test Coverage Analysis 752 Website Monitoring 752 Implementing Security Management Processes 753 Log Reviews 753 Account Management 754 Disaster Recovery and Business Continuity 754 Training and Awareness 755 Key Performance and Risk Indicators 755 Summary 756 Exam Essentials 756 Written Lab 758 Review Questions 759 Chapter 16 Managing Security Operations 763 Apply Foundational Security Operations Concepts 765 Need to Know and Least Privilege 765 Separation of Duties (SoD) and Responsibilities 767 Two-Person Control 768 Job Rotation 768 Mandatory Vacations 768 Privileged Account Management 769 Service Level Agreements (SLAs) 771 Addressing Personnel Safety and Security 771 Duress 771 Travel 772 Emergency Management 773 Security Training and Awareness 773 Provision Resources Securely 773 Information and Asset Ownership 774 Asset Management 774 Apply Resource Protection 776 Media Management 776 Media Protection Techniques 776 Managed Services in the Cloud 779 Shared Responsibility with Cloud Service Models 780 Scalability and Elasticity 782 Perform Configuration Management (CM) 782 Provisioning 783 Baselining 783 Using Images for Baselining 783 Automation 784 Managing Change 785 Change Management 787 Versioning 788 Configuration Documentation 788 Managing Patches and Reducing Vulnerabilities 789 Systems to Manage 789 Patch Management 789 Vulnerability Management 791 Vulnerability Scans 792 Common Vulnerabilities and Exposures 792 Summary 793 Exam Essentials 794 Written Lab 796 Review Questions 797 Chapter 17 Preventing and Responding to Incidents 801 Conducting Incident Management 803 Defining an Incident 803 Incident Management Steps 804 Implementing Detective and Preventive Measures 810 Basic Preventive Measures 810 Understanding Attacks 811 Intrusion Detection and Prevention Systems 820 Specific Preventive Measures 828 Logging and Monitoring 834 Logging Techniques 834 The Role of Monitoring 837 Monitoring Techniques 840 Log Management 844 Egress Monitoring 844 Automating Incident Response 845 Understanding SOAR 845 Machine Learning and AI Tools 846 Threat Intelligence 847 The Intersection of SOAR, Machine Learning, AI, and Threat Feeds 850 Summary 851 Exam Essentials 852 Written Lab 855 Review Questions 856 Chapter 18 Disaster Recovery Planning 861 The Nature of Disaster 863 Natural Disasters 864 Human-Made Disasters 869 Understand System Resilience, High Availability, and Fault Tolerance 875 Protecting Hard Drives 875 Protecting Servers 877 Protecting Power Sources 878 Trusted Recovery 879 Quality of Service 880 Recovery Strategy 880 Business Unit and Functional Priorities 881 Crisis Management 882 Emergency Communications 882 Workgroup Recovery 883 Alternate Processing Sites 883 Database Recovery 888 Recovery Plan Development 890 Emergency Response 891 Personnel and Communications 891 Assessment 892 Backups and Off-site Storage 892 Software Escrow Arrangements 896 Utilities 897 Logistics and Supplies 897 Recovery vs. Restoration 897 Training, Awareness, and Documentation 898 Testing and Maintenance 899 Read-Through Test 899 Structured Walk-Through 900 Simulation Test 900 Parallel Test 900 Full-Interruption Test 900 Lessons Learned 901 Maintenance 901 Summary 902 Exam Essentials 902 Written Lab 903 Review Questions 904 Chapter 19 Investigations and Ethics 909 Investigations 910 Investigation Types 910 Evidence 913 Investigation Process 919 Major Categories of Computer Crime 923 Military and Intelligence Attacks 924 Business Attacks 925 Financial Attacks 926 Terrorist Attacks 926 Grudge Attacks 927 Thrill Attacks 928 Hacktivists 928 Ethics 929 Organizational Code of Ethics 929 (ISC)2 Code of Ethics 930 Ethics and the Internet 931 Summary 933 Exam Essentials 934 Written Lab 935 Review Questions 936 Chapter 20 Software Development Security 941 Introducing Systems Development Controls 943 Software Development 943 Systems Development Lifecycle 952 Lifecycle Models 955 Gantt Charts and PERT 964 Change and Configuration Management 964 The DevOps Approach 966 Application Programming Interfaces 967 Software Testing 969 Code Repositories 970 Service-Level Agreements 971 Third-Party Software Acquisition 972 Establishing Databases and Data Warehousing 973 Database Management System Architecture 973 Database Transactions 977 Security for Multilevel Databases 978 Open Database Connectivity 982 NoSQL 982 Storage Threats 983 Understanding Knowledge-Based Systems 984 Expert Systems 984 Machine Learning 985 Neural Networks 986 Summary 987 Exam Essentials 987 Written Lab 988 Review Questions 989 Chapter 21 Malicious Code and Application Attacks 993 Malware 994 Sources of Malicious Code 995 Viruses 995 Logic Bombs 999 Trojan Horses 1000 Worms 1001 Spyware and Adware 1004 Ransomware 1004 Malicious Scripts 1005 Zero-Day Attacks 1006 Malware Prevention 1006 Platforms Vulnerable to Malware 1007 Antimalware Software 1007 Integrity Monitoring 1008 Advanced Threat Protection 1008 Application Attacks 1009 Buffer Overflows 1009 Time of Check to Time of Use 1010 Backdoors 1011 Privilege Escalation and Rootkits 1011 Injection Vulnerabilities 1012 SQL Injection Attacks 1012 Code Injection Attacks 1016 Command Injection Attacks 1016 Exploiting Authorization Vulnerabilities 1017 Insecure Direct Object References 1018 Directory Traversal 1018 File Inclusion 1020 Exploiting Web Application Vulnerabilities 1020 Cross-Site Scripting (XSS) 1021 Request Forgery 1023 Session Hijacking 1024 Application Security Controls 1025 Input Validation 1025 Web Application Firewalls 1027 Database Security 1028 Code Security 1029 Secure Coding Practices 1031 Source Code Comments 1031 Error Handling 1032 Hard-Coded Credentials 1033 Memory Management 1034 Summary 1035 Exam Essentials 1035 Written Lab 1036 Review Questions 1037 Appendix A Answers to Review Questions 1041 Chapter 1: Security Governance Through Principles and Policies 1042 Chapter 2: Personnel Security and Risk Management Concepts 1045 Chapter 3: Business Continuity Planning 1049 Chapter 4: Laws, Regulations, and Compliance 1051 Chapter 5: Protecting Security of Assets 1053 Chapter 6: Cryptography and Symmetric Key Algorithms 1056 Chapter 7: PKI and Cryptographic Applications 1058 Chapter 8: Principles of Security Models, Design, and Capabilities 1060 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1062 Chapter 10: Physical Security Requirements 1067 Chapter 11: Secure Network Architecture and Components 1071 Chapter 12: Secure Communications and Network Attacks 1075 Chapter 13: Managing Identity and Authentication 1078 Chapter 14: Controlling and Monitoring Access 1080 Chapter 15: Security Assessment and Testing 1082 Chapter 16: Managing Security Operations 1084 Chapter 17: Preventing and Responding to Incidents 1086 Chapter 18: Disaster Recovery Planning 1089 Chapter 19: Investigations and Ethics 1091 Chapter 20: Software Development Security 1093 Chapter 21: Malicious Code and Application Attacks 1095 Appendix B Answers to Written Labs 1099 Chapter 1: Security Governance Through Principles and Policies 1100 Chapter 2: Personnel Security and Risk Management Concepts 1100 Chapter 3: Business Continuity Planning 1101 Chapter 4: Laws, Regulations, and Compliance 1102 Chapter 5: Protecting Security of Assets 1102 Chapter 6: Cryptography and Symmetric Key Algorithms 1103 Chapter 7: PKI and Cryptographic Applications 1104 Chapter 8: Principles of Security Models, Design, and Capabilities 1104 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1105 Chapter 10: Physical Security Requirements 1106 Chapter 11: Secure Network Architecture and Components 1108 Chapter 12: Secure Communications and Network Attacks 1109 Chapter 13: Managing Identity and Authentication 1110 Chapter 14: Controlling and Monitoring Access 1111 Chapter 15: Security Assessment and Testing 1111 Chapter 16: Managing Security Operations 1112 Chapter 17: Preventing and Responding to Incidents 1113 Chapter 18: Disaster Recovery Planning 1113 Chapter 19: Investigations and Ethics 1114 Chapter 20: Software Development Security 1114 Chapter 21: Malicious Code and Application Attacks 1115 Index 1117

Regulärer Preis: 47,99 €
Produktbild für Bausteine eines Managements Künstlicher Intelligenz

Bausteine eines Managements Künstlicher Intelligenz

Algorithmen Künstlicher Intelligenz werden stetig weiterentwickelt und kommen in immer mehr Anwendungen in Wirtschaft und Gesellschaft zum Einsatz. Es werden professionelle Prozesse und Strukturen benötigt, um Anwendungen zu entwickeln, zu betreiben und in den betrieblichen Kontext zu integrieren. Dieses essential beschreibt die grundsätzlichen Prozesse eines Managements Künstlicher Intelligenz und zeigt Beispiele für konkreten unternehmerischen Nutzen. Wettbewerbsvorteile durch Künstliche Intelligenz.- Grundlagen.- Stand in Wissenschaft und Praxis.- Managementmodell.- Nächste Schritte.

Regulärer Preis: 4,48 €
Produktbild für (ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests

FULL-LENGTH PRACTICE TESTS COVERING ALL CISSP DOMAINS FOR THE ULTIMATE EXAM PREPThe (ISC)2 CISSP Official Practice Tests is a major resource for (ISC)2 Certified Information Systems Security Professional (CISSP) candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2021 version of the exam to ensure up-to-date preparation, and are designed to cover what you will see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.* Test your knowledge of the 2021 exam domains* Identify areas in need of further study* Gauge your progress throughout your exam preparation* Practice test taking with Sybex’s online test environment containing the questions from the bookThe CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.ABOUT THE AUTHORSMIKE CHAPPLE, PhD, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business and serves as the Academic Director of the University’s Master of Science in Business Analytics program. He holds multiple additional certifications, including the CIPP/US, CySA+, CISM, PenTest+, and Security+. He is a bestselling author of more than 25 books including (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide,7th, 8th, and 9th Editions.DAVID SEIDL, CISSP, is Vice President for Information Technology and CIO at Miami University. During his IT career, he has served in a variety of technical and information security roles including serving at the Senior Director for Campus Technology Services at the University of Notre Dame where he co-led Notre Dame’s move to the cloud. He holds multiple additional technical certifications including CySA+, Pentest+, GPEN, and GCIH. David has written books on security certification and cyberwarfare, including co-authoring the previous editions of CISSP (ISC)2 Official Practice Tests as well as multiple cybersecurity Sybex Study Guides and Practice Tests for other certifications.Introduction xvCHAPTER 1 SECURITY AND RISK MANAGEMENT (DOMAIN 1) 1CHAPTER 2 ASSET SECURITY (DOMAIN 2) 25CHAPTER 3 SECURITY ARCHITECTURE AND ENGINEERING (DOMAIN 3) 49CHAPTER 4 COMMUNICATION AND NETWORK SECURITY (DOMAIN 4) 73CHAPTER 5 IDENTITY AND ACCESS MANAGEMENT (DOMAIN 5) 97CHAPTER 6 SECURITY ASSESSMENT AND TESTING (DOMAIN 6) 121CHAPTER 7 SECURITY OPERATIONS (DOMAIN 7) 145CHAPTER 8 SOFTWARE DEVELOPMENT SECURITY (DOMAIN 8) 169CHAPTER 9 PRACTICE TEST 1 195CHAPTER 10 PRACTICE TEST 2 225CHAPTER 11 PRACTICE TEST 3 253CHAPTER 12 PRACTICE TEST 4 283APPENDIX ANSWERS 311Chapter 1: Security and Risk Management (Domain 1) 312Chapter 2: Asset Security (Domain 2) 321Chapter 3: Security Architecture and Engineering (Domain 3) 333Chapter 4: Communication and Network Security (Domain 4) 342Chapter 5: Identity and Access Management (Domain 5) 353Chapter 6: Security Assessment and Testing (Domain 6) 365Chapter 7: Security Operations (Domain 7) 377Chapter 8: Software Development Security (Domain 8) 389Chapter 9: Practice Test 1 400Chapter 10: Practice Test 2 414Chapter 11: Practice Test 3 428Chapter 12: Practice Test 4 441Index 457

Regulärer Preis: 27,99 €
Produktbild für Running Microsoft Workloads on AWS

Running Microsoft Workloads on AWS

Did you know that Amazon Web Services runs nearly double the amount of Microsoft Workloads in the cloud than any other provider?RUNNING MICROSOFT WORKLOADS IN AWS is your single-source solution for learning the best practice skills and guidance that AWS consultants offer their customers in the field. Over 70% of enterprise workloads are based on Microsoft technologies and AWS has been running these technologies in the AWS Cloud for more than 12 years—far longer than Microsoft’s own Azure cloud platform.This book introduces AWS foundations and compares them to traditional Microsoft architectures, showing you how to design your AWS Cloud platform to run your current Microsoft solutions. It covers the crucial area of identity and access control, showing how to implement Active Directory inside the AWS platform and the most secure ways of enabling Single Sign On from your own data centers and from Microsoft AzureAD.The book goes in-depth and shows how developers across the globe are using their existing .NET skills to develop directly on top of AWS, using current AWS development services such as AWS Code Pipeline, AWS Code Build, and AWS Code Deploy to create the next generation of cloud-native applications using the most popular cloud serverless service—AWS Lambda.WHAT YOU WILL LEARN* Be familiar with the basic building blocks of AWS and how the terminology differs from your own data center and Microsoft Azure* Understand Amazon Machine Images (AMI) strategies and solutions to best manage the trade-off between speed and manageability* Run one of the most popular Microsoft products: SQL Server on AWS* Be aware of the different database architecture designs for using Amazon RDS and Amazon EC2* Read an overview of Serverless Development in the AWS cloud from a Microsoft .NET perspective* Know migration strategies for moving your Microsoft Workloads to the AWS CloudWHO THIS BOOK IS FORCovers high-level concepts and solutions for CTOs and CCTOs; provides a solution for architects; and dives deep into the topic for administrators and DevOps engineersRyan Pothecary is Senior Specialist Solution Architect for a Cloud-based services company, which he joined four years ago. He has worked on the AWS platform for the last eight years as part of a near 30-year career in IT. Over the last four years he’s worked directly with customers and partners who are moving to the AWS Cloud. He specializes in helping customers move Microsoft Workloads to AWS and works with customers throughout their entire cloud journey. He is also a member of a Community of engineers, architects, and consultants who help customers run Microsoft Workloads on AWS in every part of the world. Outside of work he is determined to learn how to play the guitar his wife bought him, even though he has small stubby fingers.

Regulärer Preis: 66,99 €
Produktbild für Multi-Platform Graphics Programming with Kivy

Multi-Platform Graphics Programming with Kivy

Modern science requires computer graphics models to provide realistic visual renderings. Learning the appropriate programming tools for 2D and 3D modeling doesn’t have to be so difficult. This book reviews the best programming tools to achieve this and explains how to apply them to mobile platforms like Android.Multi-Platform Graphics Programming with Kivy provides a straightforward introductory approach for designing 2D, 3D, and stereoscopic applications, using analytical equations from vector algebra. Throughout the book you’ll look closely at this approach and develop scenes in Kivy, taking advantage of powerful mathematical functions for arrays by NumPy for Python.Unbuntu is used to develop the programs, which allows you to easily convert to Android platform. Each chapter contains step-by-step descriptions on each subject and provides complete program listings.WHAT YOU’LL LEARN* Work with Kivy, a modern, powerful multi-platform graphics system* Convert and run programs on Android devices* Program, fill faces, and rotate 2D and 3D polygons* Apply the concepts of 2D and 3D applications* Develop stereoscopic scenes* Review a straightforward introduction to 2D, 3D, and stereoscopic graphics applications* Use simple analytical equations from vector algebraWHO THIS BOOK IS FORThe primary audience is students and researchers in graphics programming with experience in analytical equations.Moisés Cywiak is a researcher in physical optical sciences with over 20 years of teaching experience in physics, mathematics, electronic engineering, and programming in C, C++, and python, in Centro de Investigaciones en Óptica A.C.David Cywiak received his Ph.D. degree in physics in 2014 from Universidad de Guanajuato. From 2012 to 2013 he collaborated as a guest researcher at the Dalton Cardiovascular Research Center, University of Missouri-Columbia, in the development of an optical-photoacoustic system intended for the detection of photoacoustic signals generated by cancerous cells. Since 2014 he has been working as a metrologist in the Thermometry Department at Centro Nacional de Metrologia, México. His research includes photoacoustics, optical engineering and radiation thermometry. He has over 7 years of experience teaching physics, mathematics and programming in C for undergraduate students. He also has over 5 years of experience teaching Temperature measurement techniques and calibration of instruments in the thermometry area for industry professionals.Chapter 1: Preliminaries. Software installation1.1. installing pip3 and IDLE1.2. Installing kivy1.3. Installing buildozerChapter 2: Polygon rotation in two dimensions2.1. Rotation equations2.2. Mapping equations to the screenChapter 3: Two dimensional polygon programming3.1. Polygon structure3.2. Drawing the edges of the polygon3.3. Filling the polygon with lines3.4. Rotating the polygon3.5. The kivy platform3.6. main.py listing3.7. File.kv lisitng3.8. Using buildozerChapter 4: Three-dimensional projections and rotations4.1. Projection of a three-dimensional point into a plane4.2. Rotation of a point in a planeChapter 5: Programming three-dimensional polygons5.1. Polygon structure5.2. Basic functions5.3. main.py listing5.4. File.kvChapter 6: Stereoscopic 3D Programming6.1. Basics of a stereoscopic view6.2. Programming and ORing the images6.3. Projections6.4. Polygon structure6.5. DrawAxes function6.6. Points of projection6.7. main.py listing6.8. File.kvChapter 7: 3D plots programming7.1. Program basic operations7.2. Function overview7.3. Generating the axes, the mesh and the function7.4. Plotting the function in the screen7.5. Rotating the plot7.6. main.py listing7.7. File.kv listingChapter 8: Stereoscopic 3D plots8.1. Creating the function, coordinates and mesh8.2. Creating two images for stereoscopic effects8.3. Drawing the plot8.4. main.py listing8.5. File.kv listing8.6. Surfaces with saddle pointsChapter 9: 3D parametric plots9.1. Parametric equations9.2. Plotting9.3. main.py9.4. File.kvChapter 10: Stereoscopic 3D parametric plots10.1. Generating the function10.2. Creating PIL images for the stereoscopic effect10.3. Plotting the function10.4. main.py10.5. File.kvChapter 11: Sympy11.1. Analytical expressions and symbols11.2. Declaring functions with analytical expressions11.3. Solving equations11.4. Solving simultaneous equations11.5. Differentiation11.6. IntegrationChapter 12: Plotting functions in spherical coordinates12.1. Spherical coordinates12.2. Spherical differential equation example12.3. The associated Legendre polynomials12.4. Plotting 3D spherical coordinates12.5. main.py listing12.6. File.kv listing12.7. Incorporating sympy into the Android projectChapter 13. Stereoscopic plots of spherical functions13.1. Creating the stereoscopic scenes13.2. main.py listing13.3. File.kv listingChapter 14. Stereoscopic simple numerical method for the gravitational N-body problem14.1. The gravitational N-body problem14.2. Motion equations14.3. Numerical approach of the dynamic equations14.4. Capturing numerical data14.5. Five planets example14.6. main.py listing14.7. File.kvChapter 15. Stereoscopic cylindrical coordinates plotting. Aberrations of optical lenses15.1. Ideal lens focusing. The Fresnel diffraction integral15.2. Departure from the ideal lens15.3. The wave aberration function in cylindrical coordinates15.4. Stereoscopic plot of the wave aberration terms in cylindrical coordinates15.5. main.py listing15.6. File.kv listingChapter 16. Stereoscopic plotting of three-dimensional conics16.1. Analytical approach16.2. Stereoscopic ellipsoid plotting16.3. main.py (Ellipsoid)16.4. File.kv16.5. HyperboloidChapter 1: Preliminaries. Software installation1.1. installing pip3 and IDLE1.2. Installing kivy1.3. Installing buildozerChapter 2: Polygon rotation in two dimensions2.1. Rotation equations2.2. Mapping equations to the screenChapter 3: Two dimensional polygon programming3.1. Polygon structure3.2. Drawing the edges of the polygon3.3. Filling the polygon with lines3.4. Rotating the polygon3.5. The kivy platform3.6. main.py listing3.7. File.kv lisitng3.8. Using buildozerChapter 4: Three-dimensional projections and rotations4.1. Projection of a three-dimensional point into a plane4.2. Rotation of a point in a planeChapter 5: Programming three-dimensional polygons5.1. Polygon structure5.2. Basic functions5.3. main.py listing5.4. File.kvChapter 6: Stereoscopic 3D Programming6.1. Basics of a stereoscopic view6.2. Programming and ORing the images6.3. Projections6.4. Polygon structure6.5. DrawAxes function6.6. Points of projection6.7. main.py listing6.8. File.kvChapter 7: 3D plots programming7.1. Program basic operations7.2. Function overview7.3. Generating the axes, the mesh and the function7.4. Plotting the function in the screen7.5. Rotating the plot7.6. main.py listing7.7. File.kv listingChapter 8: Stereoscopic 3D plots8.1. Creating the function, coordinates and mesh8.2. Creating two images for stereoscopic effects8.3. Drawing the plot8.4. main.py listing8.5. File.kv listing8.6. Surfaces with saddle pointsChapter 9: 3D parametric plots9.1. Parametric equations9.2. Plotting9.3. main.py9.4. File.kvChapter 10: Stereoscopic 3D parametric plots10.1. Generating the function10.2. Creating PIL images for the stereoscopic effect10.3. Plotting the function10.4. main.py10.5. File.kvChapter 11: Sympy11.1. Analytical expressions and symbols11.2. Declaring functions with analytical expressions11.3. Solving equations11.4. Solving simultaneous equations11.5. Differentiation11.6. IntegrationChapter 12: Plotting functions in spherical coordinates12.1. Spherical coordinates12.2. Spherical differential equation example12.3. The associated Legendre polynomials12.4. Plotting 3D spherical coordinates12.5. main.py listing12.6. File.kv listing12.7. Incorporating sympy into the Android projectChapter 13. Stereoscopic plots of spherical functions13.1. Creating the stereoscopic scenes13.2. main.py listing13.3. File.kv listingChapter 14. Stereoscopic simple numerical method for the gravitational N-body problem14.1. The gravitational N-body problem14.2. Motion equations14.3. Numerical approach of the dynamic equations14.4. Capturing numerical data14.5. Five planets example14.6. main.py listing14.7. File.kvChapter 15. Stereoscopic cylindrical coordinates plotting. Aberrations of optical lenses15.1. Ideal lens focusing. The Fresnel diffraction integral15.2. Departure from the ideal lens15.3. The wave aberration function in cylindrical coordinates15.4. Stereoscopic plot of the wave aberration terms in cylindrical coordinates15.5. main.py listing15.6. File.kv listingChapter 16. Stereoscopic plotting of three-dimensional conics16.1. Analytical approach16.2. Stereoscopic ellipsoid plotting16.3. main.py (Ellipsoid)16.4. File.kv16.5. Hyperboloid16.6. main.py (Hyperboloid)Chapter 17. Two-dimensional Fourier transform17.1. One-dimensional Fourier transform17.2. Rectangular and sinc functions17.3. Code for calculating the discrete one-dimensional Fourier transform17.4. Two-dimensional Fourier transform17.5. Discrete two-dimensional Fourier transform17.6. main.py lisitng17.7. File.kv listing17.8. The Fourier transform of the circular function17.9. Analytical formulation for the Fourier transform of the circular functionChapter 18. Stereoscopic two-dimensional Fourier transform18.1. Piloting the functions18.2. main.py listing18.3. File.kv listing16.6. main.py (Hyperboloid)Chapter 17. Two-dimensional Fourier transform17.1. One-dimensional Fourier transform17.2. Rectangular and sinc functions17.3. Code for calculating the discrete one-dimensional Fourier transform17.4. Two-dimensional Fourier transform17.5. Discrete two-dimensional Fourier transform17.6. main.py lisitng17.7. File.kv listing17.8. The Fourier transform of the circular function17.9. Analytical formulation for the Fourier transform of the circular functionChapter 18. Stereoscopic two-dimensional Fourier transform18.1. Piloting the functions18.2. main.py listing18.3. File.kv listing

Regulärer Preis: 56,99 €
Produktbild für Modellierung

Modellierung

Die Grundlagen der Modellierung beherrschen!Die Modellierung ist eine typische Arbeitsmethode in der Informatik: Aufgaben, Probleme oder Strukturen werden untersucht und formal beschrieben. Erst danach werden sie durch den Entwurf von Software, Algorithmen, Daten oder Hardware gelöst bzw. implementiert. Zur Anwendung der Modellierung steht ein breites Spektrum von Kalkülen und Notationen zur Verfügung.Dieses Buch soll eine Übersicht über die wichtigsten Kalküle der Informatik und ein grundlegendes Verständnis für diese vermitteln. Anhand von vielen praktischen Beispielen lernen Sie die grundlegenden Modellierungstechniken kennen und werden in deren Anwendung eingeführt.Dieses Buch vermittelt systematisch und praxisnah den Lehrstoff für Einführungsvorlesungen zur Modellierung und eignet sich für Bachelor-Studiengänge der Informatik und verwandter Fächer. Es werden behandelt:- Modellierung mit Wertebereichen- Terme und Algebren- Logik- Modellierung mit Graphen- Modellierung von Strukturen- Modellierung von Abläufen- FallstudienAuf plus.hanser-fachbuch.de finden Sie zu diesem Titel kostenloses digitales Zusatzmaterial in Form von umfassenden Vorlesungsmaterialien und Übungen mitsamt Lösungen. Prof. Dr. Uwe Kastens und Prof. Dr. Hans Kleine Büning lehrten Informatik an der Universität Paderborn und hielten dort im Wechsel die Modellierungsvorlesung.

Regulärer Preis: 29,99 €
Produktbild für UX for XR

UX for XR

Extending traditional digital platforms to the new frontier of extended reality (XR) requires taking into account what best practices, new concepts, and conventions have been established and what learnings can be brought forward from case studies involving industry leaders. By looking at practical examples from the field of handheld AR breakthroughs, virtual reality (VR) success stories and experimental interaction concept of pioneering XR platforms, you'll see how it's possible to map out a framework of user experience (UX) guidelines to close in on opportunities and challenges that lay ahead.This book defines, identifies, and analyzes UX practices for XR environments and reviews the techniques and tools for prototyping and designing XR user interactions. You'll approach the design for experiential state and spatial cognition, using established UX key performance indicators, while taking into account the social dynamics, emotional framework and wider industry context.UX design and strategy for the XR space is a new frontier, so _UX for XR _focuses on case studies and industry research to illustrate the relationship between UX design and the growth of immersive technologies. Practical examples will demonstrate how you should apply UX design principles using designing interactions in XR by identifying the importance of spaces, senses and storyboarding.WHAT YOU'LL LEARN* Explore the challenges and opportunities of designing for XR* See how spatial interaction is revolutionizing human computer interaction* Examine sensory input and interaction beyond the screen* Work with 3D Interaction Design and build a strong 3D UX* Understand VR and augmented reality essentials for emotion-rich user experiences* Apply UX research techniques for the XR spaceWHO THIS BOOK IS FORThis book is primarily for UX designers, consultants, and strategists; XR developers; and media professionalsChapter 1: Introduction.- Chapter 2: The History and Future of XR.- Chapter 3: The Rise of UX and How it Drives XR User Adoption.- Chapter 4: UX and experience design: From screen to 3D space.- Chapter 5: Pioneering platforms and UX learnings.- Chapter 6: Practical approaches: UX and XR in the real world.

Regulärer Preis: 39,99 €
Produktbild für Introduction to Python for Kids

Introduction to Python for Kids

Want to create cool games and apps to impress your friends (or yourself), but not sure where to start? Or, have you tried your hand at programming, but got utterly bored after combing through hundreds of pages of dry text? Then you’ve come to the right place! This book is the perfect blend of education and fun for kids 8 years and above looking to learn the magic of Python, one of the easiest and most powerful programming languages around, all while solving fun puzzles and building your own projects on the way.Yes, there’ll be chapters on the fundamentals of Python, such as variables, numbers, strings, automation with conditions, loops and functions, objects, and files. But, early on in the book you’ll get started with Turtle, a Python package that was custom-made for kids like you. It lets you literally draw and animate on your computer! Every concept will be interspersed with a fun mini project with Turtle, so you’ll never get bored. Once you get the fundamentals down, you’ll dive right into Tkinter and Pygame, more fun Python packages (goodbye theory!) and you’ll learn all about creating apps and games like the ones you see and use every day (bouncing ball, temperature converter, calculator, rock-paper-scissors, and so much more!).There are also four capstone projects at the end of the book that convert everything you’ve learned so far into full-blown apps and games that you can show off to your friends, parents, and even teachers! You’ll be creating a snake game with Turtle, a tic tac toe game with Tkinter, a full-fledged paint app, again with Tkinter, and finally, a classic space shooters game with Pygame (the cherry on top). Every project chapter will be accompanied with the logic behind the game/app and an explanation on how you’ve arrived at the logic. You’ll develop strong problem solving skills that’ll help you create future projects on your own.There are also two chapters dedicated to just creating fun mini projects and puzzles, one of them placed in the middle of the book to give you a welcome break from all the learning. The book ends with an overview on web development with Python and ideas for more fun projects and puzzles you can solve on your own. Become the “most likely to succeed” kid in your grade while having the most fun getting there!WHAT YOU'LL LEARN* Gain a gentle, but thorough introduction into the world of programming and Python* Create programs and solve problems with core Python concepts* Build mini projects and capstone projects (showcase worthy) with Turtle, Tkinter, and Pygame * Develop programming skills while doing the puzzles and activities described in the book WHO THIS BOOK IS FORKids 8 years and above.Aarthi Elumalai is a programmer, educator, entrepreneur, and innovator. She has a Bachelor of Engineering degree in Computer Science from Anna University, Chennai.Since then, she has managed a team of programmers and worked with 100s of clients. She is also launched a dozen web apps, plugins and software that are being used by thousands of customers online.She has over 15 years of experience in programming. She started coding in Basics at the age of 12, but her love for programming took root when she came across C programming at the age of 15.She is the founder of DigiFisk, an E-learning platform that has more than 60,000 students all over the world. Her courses are well-received by the masses, and her unique, project-based approach is a refreshing change to many. She teaches the complex world of programming by solving a ton of practical exercises and puzzles along the way. Her courses and books always come with hands-on training in creating real world projects using the knowledge learned so her students get better equipped for the real world.When she is not working on her next course or book, you'll see her researching her next product idea and refining her existing products. She is currently committed to bringing the sheer power of artificial intelligence to make life easier for small business owners.Chapter 1. Did You Know?.- Chapter 2. Let's Install Python.- Chapter 3. Your First Python Program.- Chapter 4. Python Loves Numbers.- Chapter 5. Let's Play With Our Numbers.- Chapter 6. Draw Cool Stuff with Turtle.- Chapter 7. A Turtle Deep Dive.- Chapter 8. Play with Letters and Words.- Chapter 9. Follow My Command! . Chapter 10. Automate a Little.- Chapter 11. Lots and Lots of Information.- Chapter 12. Fun Mini Projects Galore.- Chapter 13. Automate with Functions.- Chapter 14. Let’s Create Real World Objects.- Chapter 15. Python and Files.- Chapter 16. Create Cool apps with TKinter.-Chapter 17. Tic Tac Toe Game with Tkinter .- Chapter 18. Project: Paint App with Tkinter.- Chapter 19. Project: Snake Game with Turtle .- Chapter 20. Become a Game Developer with PyGame.- Chapter 21. Project: Space Shooters Game with PyGame.- Chapter 22. Web Development with Python.- Chapter 23. More Mini Projects.- Chapter 24. What’s Next?.

Regulärer Preis: 46,99 €
Produktbild für Machine Learning for Oracle Database Professionals

Machine Learning for Oracle Database Professionals

Database developers and administrators will use this book to learn how to deploy machine learning models in Oracle Database and in Oracle’s Autonomous Database cloud offering. The book covers the technologies that make up the Oracle Machine Learning (OML) platform, including OML4SQL, OML Notebooks, OML4R, and OML4Py. The book focuses on Oracle Machine Learning as part of the Oracle Autonomous Database collaborative environment. Also covered are advanced topics such as delivery and automation pipelines.Throughout the book you will find practical details and hand-on examples showing you how to implement machine learning and automate deployment of machine learning. Discussion around the examples helps you gain a conceptual understanding of machine learning. Important concepts discussed include the methods involved, the algorithms to choose from, and mechanisms for process and deployment. Seasoned database professionals looking to make the leap into machine learning as a growth path will find much to like in this book as it helps you step up and use your current knowledge of Oracle Database to transition into providing machine learning solutions.WHAT YOU WILL LEARN* Use the Oracle Machine Learning (OML) Notebooks for data visualization and machine learning model building and evaluation* Understand Oracle offerings for machine learning* Develop machine learning with Oracle database using the built-in machine learning packages* Develop and deploy machine learning models using OML4SQL and OML4R* Leverage the Oracle Autonomous Database and its collaborative environment for Oracle Machine Learning* Develop and deploy machine learning projects in Oracle Autonomous Database* Build an automated pipeline that can detect and handle changes in data/model performanceWHO THIS BOOK IS FORDatabase developers and administrators who want to learn about machine learning, developers who want to build models and applications using Oracle Database’s built-in machine learning feature set, and administrators tasked with supporting applications on Oracle Database that make use of the Oracle Machine Learning feature setHELI HELSKYAHO is CEO for Miracle Finland Oy. She holds a master’s degree in computer science from the University of Helsinki and specializes in databases. At the moment she is working on her doctoral studies, researching and teaching at the University of Helsinki. Her research areas cover big data, multi-model databases, schema discovery, and methods and tools for utilizing semi-structured data for decision making.Heli has been working in IT since 1990. She has held several positions, but every role has included databases and database designing. She believes that understanding your data makes using the data much easier. She is an Oracle ACE Director, an Oracle Groundbreaker Ambassador, and a frequent speaker at many conferences. She is the author of several books and has been listed as one of the TOP 100 influencers in the IT sector in Finland for each year from 2015 to 2020.JEAN YU is a Senior Staff MLOps Engineer at Habana Labs, an Intel company. Prior to that, she was a Senior Data Engineer on the IBM Hybrid Cloud Management Data Science Team. Her current interests include deep learning, model productization, and distributed training of massive transformer-based language models. She holds a master's degree in computer science from the University of Texas at San Antonio. She has more than 25 years of experience in developing, deploying, and managing software applications, as well as in leading development teams. Her recent awards include an Outstanding Technical Achievement Award for significant innovation in Cloud Brokerage Cost and Asset Management products in 2019 as well as an Outstanding Technical Achievement Award for Innovation in the Delivery of Remote Maintenance Upgrade for Tivoli Storage Manager in 2011.Jean is a master inventor with 14 patents granted. She has been a voting member of the IBM Invention Review Board from 2006 to 2020. She has been a speaker at conferences such as North Central Oracle Apps User Group Training Day 2019 and Collaborate 2020.KAI YU is a Distinguished Engineer of the Dell Technical Leadership Community. He is responsible for providing technical leadership to Dell Oracle Solutions Engineering. He has over 27 years of experience in architecting and implementing various IT solutions, specializing in Oracle database, IT infrastructure, and cloud as well as business analytics and machine learning.Kai has been a frequent speaker at various IT/Oracle conferences with over 200 presentations in more than 20 countries. He also authored 36 articles in technical journals such as IEEE Transactions on Big Data, and has co-authored the Apress book Expert Oracle RAC12c. He has been an Oracle ACE Director since 2010, and has served on the IOUG/Quest Conference committee and served as IOUG RAC SIG president and IOUG CLOUG SIG co-founder and vice president. He received the 2011 OAUG Innovator of Year award and the 2012 Oracle Excellence Award: Technologist of the Year: Cloud Architect by Oracle Magazine. He holds two master’s degrees in computer science and engineering from the Huazhong University of Science and Technology and the University of Wyoming.1. Introduction to Machine Learning2. Oracle and Machine Learning3: Oracle Machine Learning for SQL4. Oracle Autonomous Database for Machine Learning5. Running Oracle Machine Learning with Autonomous Database6: Building Machine Learning Models with OML Notebooks7. Oracle Analytics Cloud8. Delivery and Automation Pipeline in Machine Learning9. ML Deployment Pipeline Using Oracle Machine Learning10. Building Reproducible ML Pipelines Using Oracle Machine Learning

Regulärer Preis: 66,99 €
Produktbild für Introduction to Video Game Engine Development

Introduction to Video Game Engine Development

Start your video game development journey by learning how to build a 2D game engine from scratch. Using Java (with NetBeans as your IDE and using Java’s graphics framework) or by following along in C# (with Visual Studio as your IDE and using the MonoGame framework), you’ll cover the design and implementation of a 2D game engine in detail. Each class will be reviewed with demonstration code. You’ll gain experience using the engine by building a game from the ground up.Introduction to Video Game Engine Development reviews the design and implementation of a 2D game engine in three parts. Part 1 covers the low-level API class by class. You’ll see how to abstract lower-level functionality and design a set of classes that interact seamlessly with each other. You’ll learn how to draw objects, play sounds, render text, and more. In Part 2, you’ll review the mid-level API that is responsible for drawing the game, loading resources, and managing user input. Lastly, in Part 3, you’ll build a game from the ground up following a step-by-step process using the 2D game engine you just reviewed.On completing this book, you’ll have a solid foundation in video game engine design and implementation. You’ll also get exposure to building games from scratch, creating the solid foundation you’ll need to work with more advanced game engines, and industry tools, that require learning complex software, APIs, and IDEs.WHAT YOU WILL LEARN* Gain experience with lower-level game engine APIs and abstracting framework functionality* Write application-level APIs: launching the game, loading resources, settings, processing input, and more * Discover cross-platform APIs in the game engine projects written in both Java and C#/MonoGame * Develop games with an SDK-based game engine and simplified tool chain focused on direct control of the game through code* Master creating games by using the game engine to build a game from the ground up with only code and an IDEWHO THIS BOOK IS FORThose of you out there with some programming experience, moderate to advanced, who want to learn how to write video games using modern game engine designs.Victor Brusca is an experienced software developer specializing in building cross-platform applications and APIs. He regards himself as a self-starter with a keen eye for detail, an obsessive protection of systems/data, and a desire to write well-documented, well-encapsulated code. With over 14 years' software development experience, he has been involved in game and game engine projects on J2ME, T-Mobile SideKick, WebOS, Windows Phone, Xbox 360, Android, iOS, and web platforms.Chapter 1: MmgBase API IntroductionChapter 2: Base ClassesChapter 3: Helper ClassesChapter 4: Other ClassesChapter 5: Advanced ClassesChapter 6: Widget ClassesChapter 7: Animation ClassesChapter 8: Game Screen ClassesChapter 9: MmgCore API IntroductionChapter 10: Static Main Entry PointChapter 11: Dynamic SettingsChapter 12: Event HandlersChapter 13: Resource LoadingChapter 14: Game ScreensChapter 15: Game Build IntroductionChapter 16: PongClone Project SetupChapter 17: PongClone Main Menu ScreenChapter 18: PongClone Game ScreenChapter 19: Conclusion

Regulärer Preis: 79,99 €
Produktbild für PowerShell for Beginners

PowerShell for Beginners

Learn the basic tools and commands to write scripts in PowerShell 7. This hands-on guide is designed to get you up and running on PowerShell quickly - introducing interactive menus, reading and writing files, and creating code that talks over the network to other scripts, with mini games to facilitate learning.PowerShell for Beginners starts with an introduction to PowerShell and its components. It further discusses the various tools and commands required for writing scripts in PowerShell 7, with learning reinforced by writing mini games. You will learn how to use variables and conditional statements for writing scripts followed by loops and arrays. You will then work with functions and classes in PowerShell. Moving forward, you will go through the PowerShell Console, customizing the title and text colors. Along the way you will see how to read a key press and make sound in PowerShell. The final sections cover game engine layout, how to build a title screen, and implementing the game design using code flow, title screens, levels, and much more.After reading the book you will be able to begin working with PowerShell 7 scripts and understand how to use its tools and commands effectively.WHAT YOU WILL LEARN* Use Microsoft Visual Studio Code to develop scripts* Understand variables, loops and conditional statements in PowerShell* Work with scripts to develop a game* Discover and use ASCII art generators* Comprehend game objects and code* Create client-server scripts that communicate over a network* Read and write to files* Capture input from the keyboard* Make PowerShell speak words to help the visually impaired* Create text-based adventure gamesWHO THIS BOOK IS FORSoftware developers who want to start working with PowerShell scripts.IAN WATERS works for Southern IT Networks Ltd as the technical director. He works with Managed Service Providers (MSPs) striving to provide the best possible IT support services to businesses in the south east of England. Ian has an overall experience of 15 years in IT where he has been working on Windows Server, Exchange, Active Directory, Microsoft 365, PowerShell, and many more. He is a frequent blogger and posts articles related to Microsoft’s new technologies on Slash Admin.Chapter 1: Introduction.Chapter 2: Beginners Guide to PowerShell and Visual Studio CodeChapter 3: Variables.Chapter 4: Conditional Statements.Chapter 5: Loops.Chapter 6: Arrays.Chapter 7: Functions.Chapter 8: Classes.Chapter 9: Customising The Console.Chapter 10: User Input.Chapter 11: Dragon Slayer.Chapter 12: Getting Colourful.Chapter 13: ASCII Table.Chapter 14: Cursor Control.Chapter 15: Background Processing.Chapter 16: Networking.Chapter 18: Working with Files.Chapter 19: Game EngineChapter 20: Creating ASCII ArtChapter 21: Power Bomber

Regulärer Preis: 56,99 €
Produktbild für Essential Computer Science

Essential Computer Science

Understand essential computer science concepts and skills. This book focuses on the foundational and fundamental concepts upon which expertise in specific areas can be developed, including computer architecture, programming language, algorithm and data structure, operating systems, computer networks, distributed systems, security, and more.According to code.org, there are 500,000 open programming positions available in the US— compared to an annual crop of just 50,000 graduating computer science majors. The US Department of Labor predicted that there will be almost a million and a half computer science jobs in the very near future, but only enough programmers to fill roughly one third of these jobs.To bridge the gap, many people not formally trained in computer science are employed in programming jobs. Although they are able to start programming and coding quickly, it often takes them time to acquire the necessary understanding to gain the requisite skills to become an efficient computer engineer or advanced developer.WHAT YOU WILL LEARN* The fundamentals of how a computer works* The basics of computer programming and programming paradigms* How to write efficient programs* How the hardware and software work together to provide a good user experience and enhance the usability of the system* How computers can talk to each other* How to ensure the security of the system* The fundamentals of cloud offerings, implications/trade-offs, and deployment/adoption configurations* The fundamentals of machine learningWHO THIS BOOK IS FORComputer programmers lacking a formal education in computer science, and anyone with a formal education in computer science, looking to develop a general understanding of computer science fundamentalsPAUL D. CRUTCHER is Senior Principal Engineer at Intel Corporation and manages the Platform Software Architecture team in the Client Computing Group. He has worked at Intel for more than 25 years and has also worked at two smaller software companies. Paul has a degree in computer science, with expertise spanning software development, architecture, integration, and validation based on systems engineering best practices in multiple areas. He holds several patents and has written multiple papers and presentations.NEERAJ KUMAR SINGH is a Principal Engineer at Intel with more than 15 years of system software and platform design experience. His areas of expertise are hardware software co-design, system/platform architecture, and system software design & development. Neeraj is the lead author of two other books: System on Chip Interfaces for Low Power Design and Industrial System Engineering for Drones: A Guide with Best Practices for Designing, in addition to many other papers and presentations.PETER TIEGS is Principle Engineer at Intel with 20 years of software experience. Inside Intel he often consults on DevOps topics such as build automation and source code branching. Over the last decade Peter evangelized continuous integration and delivery as well as agile practices at Intel. He has written software at all levels of the stack from embedded C code to VUE.js. His programming language of choice is Python.Chapter 1: Concept and Fundamentals of Computer SystemIn this chapter we discuss a brief history and evolution of a computer System, and fundamentals of how it operates.1. Evolution of Computer System2. Von Neumann Model/Architecture: I/O, CPU and memory1. Fetch:2. Decode,3. Execute3. Fetch: Address and Data4. Decode: Instructions and Instruction Set Architecture:1. Encode/Decode1. Number Representation2. Negative Numbers3. Little Endian/Big Endian.2. Instruction Format, Opcode, Operand3. Addressing modes4. ISA:1. Categories: RISC, CISC etc.2. Examples: x86, ARM etc.5. Execute:1. Fundamentals of Digital Logic2. Examples: ADD, SUB.6. Computer Hardware Advancements/Extensions:1. Compute Block: Pipelining, and Predictive Execution and Data Hazards2. Memory Hierarchy: Cache (inclusive, exclusive), Memory3. Interrupt Based vs. Polling1. Interrupt Service Routine4. DMA5. Multiprocessor: SIMD, MIMD, VLIW etc.7. Basic Architecture of x86 based computer1. Stack, PC, General Purpose Registers (GPRs) etc.8. IO Devices- Interface and Controller Advancements, Example: PCIe, USB1. Controller, Bus, and Device9. Internal and External View of an Example Computer System Design10. References and further reading:1. Digital Logic and Computer Design: Morris Mano2. Computer Organization and Design: The Hardware/Software Interface: Hennessy and PattersonChapter 2: Programming the Computer HardwareIn the preceding chapter we discussed the fundamentals about the computer hardware and architecture. Now having understood that, let’s discuss how to program/instruct the hardware to do what we want/need.1. What’s programming?2. Assembly and Machine language3. Programming in High Level Language- why?4. Programming Language Fundamentals:1. Language Definition:· Syntax· High Level Constructs to Machine Level Mapping, example:1. Variable definition to memory allocation2. Assignment to mov3. Operators to respective: ADD, SUB, MUL etc.4. Conditional to cmp and jmp5. Loops to cmp and jmp etc.6. Functions to call and return, and stack· Other Key Concepts:1. Variable Scope and Lifetime,2. Data Type and Type Casting3. Formal, and Actual Parameter(arguments),4. Function Call by Value and Reference5. Lambda functions2. Translation from High Level to Machine Level Language:· Lexical: picking up tokens· Parser: Syntax and Semantic Analysis· Code Generation1. Intermediate code- why?2. Optimization- why?3. Symbol Table4. Libraries and Runtime?· Why?· Linking Process· Static, and Dynamic libraries· Benefits and tradeoffs- DLL Hell?5. IDE: The one that puts it all together5. Programming Paradigms:1. Procedural, Object Oriented,2. Interpreted vs Compiled etc.3. Why different Languages?6. Good Code1. Architecture and2. Design Patterns7. References and further reading:1. Compilers: Principles, Techniques, and Tools: Aho Ullman Sethi2. The art of computer Programming: Knuth3. Linkers and Loaders: LevineChapter 3: Algorithm and Data StructureWe’ve discussed computer hardware and how to program it to achieve desired purpose. In this chapter we will discuss how to make programs more efficient.1. What is an Algorithm2. Good and *not so good* Algorithm:1. Time/Space Complexity2. Asymptotic Notation3. Fundamental Data Structure and Algorithm:1. Store (Data Structure): Stack, Queue, Tree, Graph, Linked List, Array, Hash2. Making use of the Data: Searching, Sorting4. Problem Solving Techniques:1. Recursion,2. Divide and Conquer3. Dynamic programming,4. Brute force,5. Greedy Algorithms,5. Class of problems:1. NP Complete and NP Hard problems2. Tractable and Intractable problems.6. Databases:1. Why: Persistence and Volume2. Fundamental Requirements: ACID3. Brief History of Database System Evolution4. Most Prominent Current Database Systems:· Structured Data/ Unstructured Data· Relational Data: Oracle, MySQL etc.· NoSQL1. Why2. Brief History and Examples: Graph database Neo4j, BigTable, CouchDB, Cassandra, MongoDB7. References and further reading:1. Introduction to Algorithms: Thomas Cormen2. Database System Concepts: Avi SilberschatzChapter 4: Operating SystemHaving discussed the computer hardware and software fundamentals, now we will discuss how they work together to provide a good user experience and enhance the usability of the system.1. Purpose of Operating System:1. Bridge between User and the Hardware2. What Systems need OS2. Key Drivers:1. General Purpose: Multifunction2. Multi-processor,3. Multi-tasking4. Multiuser3. Key Function:1. User Authentication:· Virtualize CPU: Scheduling: Affinity, Preemption2. Virtualize Memory:· Segmentation, Paging, Demand Paging, Swapping3. Access and Protection:· Serialization: Deadlocks, Locks, and Semaphores· Separation:1. User Mode and Kernel/*Super User* Mode2. Separation Implementation1. Protection Ring/Layers3. Switching between Kernel and User Mode4. Access to Hardware:1. Device Driver, DDI, and Driver Models4. User Shell: UI/Command Based· Launching an Application· Application/Program vs Process/Thread· Application/Executable Format.· Application Loading Process5. Persistence of Configuration and Settings· Registry for Windows· Configuration Files for Linux4. OS Categories:1. Real time, and General Purpose2. Design Considerations for Real time OS5. Reference:1. Operating System Concepts: Silberschatz, Galvin2. Operating Systems: Three Easy Pieces: Andrea CChapter 5: Computer Networks and Distributed Systems So far, we discussed the computer systems in isolation. There is a need for computers to talk to each other to enable communication and create distributed systems. In this chapter we will discuss how computers can talk to each other.1. History/Evolution of Networks/Internet2. Protocol-Stateful and Stateless Protocol3. Internet protocol (IP), TCP and UDP1. Host, IP Address, MAC, Port, Socket2. DNS, DHCP3. Proxy, Firewall, Router, Firewall4. Distributed Systems: Prominent Architectures1. Client-Server2. Peer-to-Peer3. N-Tier5. Distributed System Example:1. World Wide Web- How it Works?2. FTP- How it Works6. Case Study: Developing Web Application1. System Architecture2. Frontend- Technologies3. Backend - Technologies7. Reference and further reading:1. Computer Networking: A Top-Down Approach: Kurose RossChapter 6: Computer SecurityNow, that we discussed about the computer systems and how they can and do work together in computer networks. It becomes of pertinent importance to ensure the security of the system. In this chapter we’ll talk about the same.1. Security- What and Why?2. Security of Standalone System:1. Physical Security2. Access Control- Authentication· Authentication: Purpose· Active Directory/Kerberos· Integrated Windows Authentication· Biometric3. Malware(viruses) and Antiviruses- How they Work?3. Communication Security1. Cryptography· Symmetric, Asymmetric: Public and Private· Various Algorithms:(AES-512, DES, …)2. Hashing, Signing, Salting4. Putting it in Practice1. Algorithms to Exchange the Keys2. Certificate3. Digital signatures4. Chain and Root of Trust5. Certification Authorities, and Trust Chain6. Certificate Stores5. Applications of the Security Concepts/Mechanisms:1. Secure Boot2. Network Security: TLS, SSL, HTTPS, IPsec, VPNChapter 7: Cloud Computing Traditionally, the businesses have managed their backend servers on their own at their premise. However, there is a trend to consolidate these resources and services somewhere (cloud) on network. And, these services can be used by businesses as needed. The resources can thus be shared and optimized. The services are provided and managed by “cloud service providers.” In this chapter we’ll discuss about the cloud offerings, implications/trade-off and deployment/adoption configurations.1. Cloud and its Offerings (Types)1. IaaS2. SaaS3. PaaS2. Benefits of Cloud Computing3. Cloud Deployment/Adoption Configurations1. Private,2. Public3. Hybrid,4. Cloud Resource Types: VM/Compute, Database, File Share, Lambda etc.5. Cloud Interface/Mechanism6. Developing and Deploying on Cloud1. Cloud Orchestration and Deployment7. Top Cloud Providers: AWS, Azure, Google Cloud, Oracle etc.8. Considerations for Developing Portable and Interoperable SolutionsChapter 8: Machine LearningSo far, we, the human beings, have been developing algorithms and programs which computers just carry out. The algorithms and logic are developed and coded by human beings. The evolution in processing power and data storage has allowed computers to be able to learn and develop logic/intelligence form the data inputs- aka machine learning. In this chapter we discuss the fundamentals of machine learning.What it is? Algorithmic Programming vs. Machine Learning1. Fundamental Concepts in Machine Learning:· Model· Training· Inference2. Four Different Categories of Machine Learning:· Supervised· Unsupervised· Semi-supervised· Reinforcement3. Real and Practical Applications of Machine Learning· Ex: Web Search, E-Comm/Social Media Suggestions etc.2. Evolution of Machine Learning:1. Data Science to AI and ML3. Practical Machine Learning:1. Top leading machine learning frameworks· TensorFlow, PyTorch, ONNX, CAFFE, Keras, Firebase ML kit etc.4. Machine Learning and Cloud- Relationship and Dependency?Appendix: A: SDLCPlanning, Analysis, Design, Implementation, Test, Deploy and MaintenanceAppendix B: Software Engineering Practices:1. Planning and Management Practices: Agile2. Documentation3. Testing:1. Phases and Categories of Testing and Goals· Algorithm Testing, Unit Testing, Integration etc.2. Test Driven Development4. Developing for Debug5. Continuous Integration and Continuous Deployment1. Purpose and Mechanism?2. Tools: Jenkins, TeamCity etc.6. Build Optimization and Tools:1. Purpose and Mechanism2. Tools: Make, Maven, Gradle7. SCM1. Goal and Mechanism2. Tools: P4, SVN, GitAppendix: C: ACPI System States Appendix: C: Complete Flow of Boot to OS1. Computer BIOS and Boot process2. Co-ordination b/w Firmware and OS3. ACPI and Power Management?

Regulärer Preis: 56,99 €
Produktbild für Bewegung!

Bewegung!

Das Wichtigste an Präsentationen ist ihr Inhalt - ganz klar! Aber es kommt auch darauf an, diesen Inhalt so zu präsentieren, dass die Zuschauer ihn optimal aufnehmen können und jederzeit gedanklich bei dem Punkt sind, den der Präsentator gerade erläutert. Deshalb sollten Inhalte Stück für Stück auf Mausklick eingeblendet werden - so wird niemand abgelenkt. Was sich bewegt, wirkt immer anregender und interessanter als statische Inhalte. Es kommt nur darauf an, diese Bewegung sinnvoll und passend zum Kontext zu gestalten: Ein Diagramm kann schrittweise aufgebaut werden, eine Tabelle nach und nach aufgedeckt, ein Prozess mit einem Video leicht erläutert werden. Excel-Tabellen können innerhalb der Präsentation lesbar präsentiert werden. Alle Inhalte richten sich an Anwender im beruflichen Umfeld. Die gezeigten Möglichkeiten eignen sich natürlich auch für die Arbeit mit Kindern und alle anderen Anwendungen von PowerPoint!Ina Koys ist langjährige Trainerin für MS-Office-Produkte. Viele Fragen werden in den Kursen immer wieder gestellt, aber selten in Fachbüchern behandelt. Einige davon beantwortet sie jetzt in der Reihe "kurz & knackig".

Regulärer Preis: 3,99 €
Produktbild für Betriebswirtschaftliche KI-Anwendungen

Betriebswirtschaftliche KI-Anwendungen

Digitalisierung und Künstliche Intelligenz ermöglichen Unternehmen disruptive Erweiterungen ihrer Geschäftsmodelle. Wer rechtzeitig digitale KI-Geschäftsmodelle einführt, wird seinen Erfolg nachhaltig sichern können. Aber wie und wo können solche Modelle Anwendung finden? Diese Publikation gibt Antworten, wo KI-Geschäftsmodelle greifen können, und wie diese von der ersten Idee bis zur produktiven Anwendung realisiert werden können. KI-Anwendungen in der Betriebswirtschaft.- Grundlagen und Technik.- Digitale Geschäftsmodelle auf Basis Künstlicher Intelligenz.- Prototyp einer digitalen KI-Anwendung.- Beispielanwendung 1.- Beispielanwendung 2.- Beispielanwendung 3.-  Der Weg zum Erfolg mit KI.

Regulärer Preis: 62,99 €
Produktbild für Cybersecurity and Third-Party Risk

Cybersecurity and Third-Party Risk

MOVE BEYOND THE CHECKLIST AND FULLY PROTECT YOURSELF FROM THIRD-PARTY CYBERSECURITY RISKOver the last decade, there have been hundreds of big-name organizations in every sector that have experienced a public breach due to a vendor. While the media tends to focus on high-profile breaches like those that hit Target in 2013 and Equifax in 2017, 2020 has ushered in a huge wave of cybersecurity attacks, a near 800% increase in cyberattack activity as millions of workers shifted to working remotely in the wake of a global pandemic.The 2020 SolarWinds supply-chain attack illustrates that lasting impact of this dramatic increase in cyberattacks. Using a technique known as Advanced Persistent Threat (APT), a sophisticated hacker leveraged APT to steal information from multiple organizations from Microsoft to the Department of Homeland Security not by attacking targets directly, but by attacking a trusted partner or vendor. In addition to exposing third-party risk vulnerabilities for other hackers to exploit, the damage from this one attack alone will continue for years, and there are no signs that cyber breaches are slowing.Cybersecurity and Third-Party Risk delivers proven, active, and predictive risk reduction strategies and tactics designed to keep you and your organization safe. Cybersecurity and IT expert and author Gregory Rasner shows you how to transform third-party risk from an exercise in checklist completion to a proactive and effective process of risk mitigation.* Understand the basics of third-party risk management* Conduct due diligence on third parties connected to your network* Keep your data and sensitive information current and reliable* Incorporate third-party data requirements for offshoring, fourth-party hosting, and data security arrangements into your vendor contracts* Learn valuable lessons from devasting breaches suffered by other companies like Home Depot, GM, and EquifaxThe time to talk cybersecurity with your data partners is now.Cybersecurity and Third-Party Risk is a must-read resource for business leaders and security professionals looking for a practical roadmap to avoiding the massive reputational and financial losses that come with third-party security breaches.GREGORY C. RASNER is the lead of Cyber Third-Party Risk at Truist Financial Corporation. He has extensive experience in cybersecurity and technology leadership in banking, biotech, software, telecom, and manufacturing. He is the author of several published articles on Third Party Risk and is a sought-after keynote speaker in this area.Foreword xviIntroduction xviiiSECTION 1 CYBERSECURITY THIRD-PARTY RISKCHAPTER 1 WHAT IS THE RISK? 1The SolarWinds Supply-Chain Attack 4The VGCA Supply-Chain Attack 6The Zyxel Backdoor Attack 9Other Supply-Chain Attacks 10Problem Scope 12Compliance Does Not Equal Security 15Third-Party Breach Examples 17Third-Party Risk Management 24Cybersecurity and Third-Party Risk 27Cybersecurity Third-Party Risk as a Force Multiplier 32Conclusion 33CHAPTER 2 CYBERSECURITY BASICS 35Cybersecurity Basics for Third-Party Risk 38Cybersecurity Frameworks 46Due Care and Due Diligence 53Cybercrime and Cybersecurity 56Types of Cyberattacks 59Analysis of a Breach 63The Third-Party Breach Timeline: Target 66Inside Look: Home Depot Breach 68Conclusion 72CHAPTER 3 WHAT THE COVID-19 PANDEMIC DID TO CYBERSECURITY AND THIRD-PARTY RISK 75The Pandemic Shutdown 77Timeline of the Pandemic Impact on Cybersecurity 80Post-Pandemic Changes and Trends 84Regulated Industries 98An Inside Look: P&N Bank 100SolarWinds Attack Update 102Conclusion 104CHAPTER 4 THIRD-PARTY RISK MANAGEMENT 107Third-Party Risk Management Frameworks 113ISO 27036:2013+ 114NIST 800-SP 116NIST 800-161 Revision 1: Upcoming Revision 125NISTIR 8272 Impact Analysis Tool for Interdependent Cyber Supply-Chain Risks 125The Cybersecurity and Third-Party Risk Program Management 127Kristina Conglomerate (KC) Enterprises 128KC Enterprises’ Cyber Third-Party Risk Program 131Inside Look: Marriott 140Conclusion 141CHAPTER 5 ONBOARDING DUE DILIGENCE 143Intake 145Data Privacy 146Cybersecurity 147Amount of Data 149Country Risk and Locations 149Connectivity 150Data Transfer 150Data Location 151Service-Level Agreement or Recovery Time Objective 151Fourth Parties 152Software Security 152KC Enterprises Intake/Inherent Risk Cybersecurity Questionnaire 153Cybersecurity in Request for Proposals 154Data Location 155Development 155Identity and Access Management 156Encryption 156Intrusion Detection/Prevention System 157Antivirus and Malware 157Data Segregation 158Data Loss Prevention 158Notification 158Security Audits 159Cybersecurity Third-Party Intake 160Data Security Intake Due Diligence 161Next Steps 167Ways to Become More Efficient 173Systems and Organization Controls Reports 174Chargebacks 177Go-Live Production Reviews 179Connectivity Cyber Reviews 179Inside Look: Ticketmaster and Fourth Parties 182Conclusion 183CHAPTER 6 ONGOING DUE DILIGENCE 185Low-Risk Vendor Ongoing Due Diligence 189Moderate-Risk Vendor Ongoing Due Diligence 193High-Risk Vendor Ongoing Due Diligence 196“Too Big to Care” 197A Note on Phishing 200Intake and Ongoing Cybersecurity Personnel 203Ransomware: A History and Future 203Asset Management 205Vulnerability and Patch Management 206802.1x or Network Access Control (NAC) 206Inside Look: GE Breach 207Conclusion 208CHAPTER 7 ON-SITE DUE DILIGENCE 211On-site Security Assessment 213Scheduling Phase 214Investigation Phase 215Assessment Phase 217On-site Questionnaire 221Reporting Phase 227Remediation Phase 227Virtual On-site Assessments 229On-site Cybersecurity Personnel 231On-site Due Diligence and the Intake Process 233Vendors Are Partners 234Consortiums and Due Diligence 235Conclusion 237CHAPTER 8 CONTINUOUS MONITORING 239What is Continuous Monitoring? 241Vendor Security-Rating Tools 241Inside Look: Health Share of Oregon’s Breach 251Enhanced Continuous Monitoring 252Software Vulnerabilities/Patching Cadence 253Fourth-Party Risk 253Data Location 254Connectivity Security 254Production Deployment 255Continuous Monitoring Cybersecurity Personnel 258Third-Party Breaches and the Incident Process 258Third-Party Incident Management 259Inside Look: Uber’s Delayed Data Breach Reporting 264Inside Look: Nuance Breach 265Conclusion 266CHAPTER 9 OFFBOARDING 267Access to Systems, Data, and Facilities 270Physical Access 274Return of Equipment 275Contract Deliverables and Ongoing Security 275Update the Vendor Profile 276Log Retention 276Inside Look: Morgan StanleyDecommissioning Process Misses 277Inside Look: Data Sanitization 279Conclusion 283SECTION 2 NEXT STEPSCHAPTER 10 SECURING THE CLOUD 285Why is the Cloud So Risky? 287Introduction to NIST Service Models 288Vendor Cloud Security Reviews 289The Shared Responsibility Model 290Inside Look: Cloud Controls Matrix by the Cloud Security Alliance 295Security Advisor Reports as Patterns 298Inside Look: The Capital One Breach 312Conclusion 313CHAPTER 11 CYBERSECURITY AND LEGAL PROTECTIONS 315Legal Terms and Protections 317Cybersecurity Terms and Conditions 321Offshore Terms and Conditions 324Hosted/Cloud Terms and Conditions 327Privacy Terms and Conditions 331Inside Look: Heritage Valley Health vs. Nuance 334Conclusion 335CHAPTER 12 SOFTWARE DUE DILIGENCE 337The Secure Software Development Lifecycle 340Lessons from SolarWinds and Critical Software 342Inside Look: Juniper 344On-Premises Software 346Cloud Software 348Open Web Application Security Project Explained 350OWASP Top 10 350OWASP Web Security Testing Guide 352Open Source Software 353Software Composition Analysis 355Inside Look: Heartbleed 355Mobile Software 357Testing Mobile Applications 358Code Storage 360Conclusion 362CHAPTER 13 NETWORK DUE DILIGENCE 365Third-Party Connections 368Personnel Physical Security 368Hardware Security 370Software Security 371Out-of-Band Security 372Cloud Connections 374Vendor Connectivity Lifecycle Management 375Zero Trust for Third Parties 379Internet of Things and Third Parties 385Trusted Platform Module and Secure Boot 388Inside Look: The Target Breach (2013) 390Conclusion 391CHAPTER 14 OFFSHORE THIRD-PARTY CYBERSECURITY RISK 393Onboarding Offshore Vendors 397Ongoing Due Diligence for Offshore Vendors 399Physical Security 399Offboarding Due Diligence for Offshore Vendors 402Inside Look: A Reminder on Country Risk 404Country Risk 405KC’s Country Risk 406Conclusion 409CHAPTER 15 TRANSFORM TO PREDICTIVE 411The Data 414Vendor Records 415Due Diligence Records 416Contract Language 416Risk Acceptances 417Continuous Monitoring 417Enhanced Continuous Monitoring 417How Data is Stored 418Level Set 418A Mature to Predictive Approach 420The Predictive Approach at KC Enterprises 420Use Case #1: Early Intervention 423Use Case #2: Red Vendors 425Use Case #3: Reporting 426Conclusion 427CHAPTER 16 CONCLUSION 429Advanced Persistent Threats Are the New Danger 431Cybersecurity Third-Party Risk 435Index 445

Regulärer Preis: 27,99 €
Produktbild für Visual Analysis of Multilayer Networks

Visual Analysis of Multilayer Networks

THIS IS AN OVERVIEW AND STRUCTURED ANALYSIS OF CONTEMPORARY MULTILAYER NETWORK VISUALIZATION. IT SURVEYS TECHNIQUES AS WELL AS TOOLS, TASKS, AND ANALYTICS FROM WITHIN APPLICATION DOMAINS. It also identifies research opportunities and examines outstanding challenges along with potential solutions and future research directions for addressing them.Visual Analysis of Multilayer Networks is not only for visualization researchers, but for those who need to visualize multilayer networks in the domain of complex systems, as well as anyone solving problems within application domains.The emergence of multilayer networks as a concept from the field of complex systems provides many new opportunities for the visualization of network complexity, and has also raised many new exciting challenges. The multilayer network model recognizes that the complexity of relationships between entities in real-world systems is better embraced as several interdependent subsystems (or layers) rather than a simple graph approach. Despite only recently being formalized and defined, this model can be applied to problems in the domains of life sciences, sociology, digital humanities, and more. Within the domain of network visualization there already are many existing systems, which visualize data sets having many characteristics of multilayer networks, and many techniques, which are applicable to their visualization.* Preface* Figure Credits* Introduction and Overview* Multilayer Networks Across Domains* The Layer as an Entity* Task Taxonomy for Multilayer Networks* Visualization of Nodes and Relationships Across Layers* Interacting with and Analyzing Multilayer Networks* Attribute Visualization and Multilayer Networks* Evaluation of Multilayer Network Visualization Systems and Techniques* Conclusions* Bibliography* Authors' Biographies* List of Figures

Regulärer Preis: 49,99 €
Produktbild für Interface for an App

Interface for an App

This book is an account of how I addressed the need for a smartphone app that would allow someone with Type 1 diabetes to self-manage their condition.Its presentation highlights the major features of the app’s interface design. They include the selection of metaphors appropriate to a user’s need to form a mental model of the app; the importance of visible context; the benefits of consistency; and considerations of a user’s cognitive and perceptual abilities. The latter is a key feature of the book.But the book is also about the design process, and especially about the valuable contributions made by the many focus group meetings in which design ideas were first presented to people with Type 1 diabetes. Their critique, and sometimes their rejection, of interface ideas were crucial to the development of the app.I hope this book will prove useful for teaching and design guidance.* Terminology * Affordance * Mental Models and Metaphors * Dialogue * Exploration * Chapter Summaries * Introduction * The Requirements * Structure and Layout * Interface Metaphors * Dialogue * Data Entry * Explore * Favourites * Photographs * Exercise * Health * Advice * A Dialogue Check * Conclusions * Reflections on Affordance and Design * Colleagues * Appendix 1: Interaction Consistency Appendix 2: A Novel Usability Tool * References * Author Biography

Regulärer Preis: 35,99 €
Produktbild für Beginning Microsoft 365 Collaboration Apps

Beginning Microsoft 365 Collaboration Apps

Start making the most of the latest collaboration tools in Microsoft 365—including Teams, SharePoint, Power Apps, Power BI, Power Automate, Microsoft Groups, Office ProPlus, Yammer, Planner, Stream, Forms, and OneDrive. Integrate these collaboration tools into your team’s projects to boost productivity, engagement, innovation, and enjoyment at work. This book walks you through all the latest features, teaching you how to choose the right tools and get the most out of them for your situation.While technologies for collaboration are more advanced than ever before, there also are more of them, making it all the more confusing. BEGINNING MICROSOFT 365 COLLABORATION APPS will help you make sense of what is available and provide prescriptive guidance to you and your team on how to be more productive.This fully updated and expanded new edition contains lots of new content, screenshots and samples, and all new chapters on Power BI and Power Apps.WHAT YOU WILL LEARN* Know the collaboration applications and features available across Microsoft 365, and how to choose the ones that are right for you and your colleagues in any given situation* Understand the software-as-a-service (SaaS) model and how it enables users to be more effective and productive in remote situations* Discover how multi-device usability and real-time cloud synchronization can help your team collaborate anytime, anywhere, across the apps* Find out how Planner can help you manage projects and tasks, even without a project manager* Explore Microsoft Power Automate and Power Apps to connect applications and services and create codeless applications and workflowsWHO THIS BOOK IS FORMicrosoft 365 business users with a limited technical background. You should be familiar with the Microsoft Office suite of products such as Word and Outlook, and work in a team environment. An active Microsoft 365 would be useful as well.RALPH MERCURIO is a Microsoft Certified Professional with 18 years of experience. He works for the City of Durham in North Carolina and focuses his efforts on providing collaborative solutions to its many departments. He has held various roles in the technology field, including as a SharePoint infrastructure architect consulting for various companies in the New York City metro area.Ralph also has experience architecting and deploying solutions that leverage the best features of SharePoint/Microsoft 365 and provide real business value while solving user experience issues. He has seen many technology changes throughout the years and he discovered a passion for helping users find ways to leverage what they need to know to learn a new technology. With Microsoft 365, he has made it his goal to help users realize the potential of this powerful platform in order to get the most out of these ever-changing applications.BRIAN MERRILL is a Microsoft Certified Educator (MCE) and a Microsoft Certified trainer (MCT). He is currently the Educational Technology Analyst for one of the largest school districts in Pennsylvania. In that role he serves as the global administrator of the district’s Microsoft 365 environment, managing Microsoft Teams and SharePoint, and training faculty and staff on new technologies and systems. Brian is also adjunct faculty at the University of Harrisburg of Science and Technology, where he teaches courses in the Learning Technology and Media Studies program. Teaching courses on Learning Technologies and Solutions as well as Microsoft tools. Brian is a Microsoft Innovative Educator Expert and a member of the Minecraft for Education Advisory Board.PART 1: GETTING STARTED* Chapter 1: Welcome to Microsoft 365PART 2: THE APPLICATIONS* Chapter 2: SharePoint Online* Chapter 3: OneDrive* Chapter 4: Microsoft 365 Groups* Chapter 5: Teams* Chapter 6: Yammer* Chapter 7: Office* Chapter 8: Planner* Chapter 9: Stream* Chapter 10: Forms* Chapter 11: Power Automate* Chapter 12: Power BI* Chapter 13: PowerApps* Chapter 14: Making sense of it all

Regulärer Preis: 79,99 €