Allgemein
Embracing Risk
THIS BOOK PROVIDES AN INTRODUCTION TO THE THEORY AND PRACTICE OF CYBER INSURANCE. Insurance as an economic instrument designed for risk management through risk spreading has existed for centuries. Cyber insurance is one of the newest sub-categories of this old instrument. It emerged in the 1990s in response to an increasing impact that information security started to have on business operations. For much of its existence, the practice of cyber insurance has been on how to obtain accurate actuarial information to inform specifics of a cyber insurance contract. As the cybersecurity threat landscape continues to bring about novel forms of attacks and losses, ransomware insurance being the latest example, the insurance practice is also evolving in terms of what types of losses are covered, what are excluded, and how cyber insurance intersects with traditional casualty and property insurance. The central focus, however, has continued to be risk management through risk transfer, the key functionality of insurance.The goal of this book is to shift the focus from this conventional view of using insurance as primarily a risk management mechanism to one of risk control and reduction by looking for ways to re-align the incentives. On this front we have encouraging results that suggest the validity of using insurance as an effective economic and incentive tool to control cyber risk. This book is intended for someone interested in obtaining a quantitative understanding of cyber insurance and how innovation is possible around this centuries-old financial instrument.* Preface* Acknowledgments* Introduction: What is Insurance and What is Cyber Insurance?* A Basic Cyber Insurance Contract Model* Insuring Clients with Dependent Risks* A Practical Underwriting Process* How to Pre-Screen: Risk Assessment Using Data Analytics* Open Problems and Closing Thoughts* Bibliography* Author's Biography
Mit Arduino die elektronische Welt entdecken
Der Arduino-Mikrocontroller ist aus der Elektronikwelt nicht mehr wegzudenken, er hat sich zu einem Standard im Hobbybereich entwickelt. In unzahligen Projekten kommt das Arduino-Board zum Einsatz, Hunderttausende von ausgereiften Softwarelosungen stehen fur jeden zuganglich und unter freier Lizenz zur Verfugung. Der Arduino ist leicht zu programmieren. Preiswerte elektronische Bauteile wie LCDs, Sensoren und Motoren konnen an das Arduino-Board angeschlossen und damit gesteuert werden. Mit "e;Arduino die elektronische Welt entdecken"e; fhrt den Leser in die faszinierende Welt der Elektronik und Programmierung ein. Die Hardware wird leicht verstndlich dargestellt und die Programmierung des Mikrocontrollers Schritt fr Schritt grundstzlich erklrt. Herzstck des Buches sind 48 detailliert beschriebene Arduino-Bastelprojekte, wobei sich die Komplexitt von Projekt zu Projekt steigert. In jedem Bastelprojekt wird ein neues Grundlagenthema behandelt, neue Hardware wird eingefhrt und neue Programmierkniffeund -werkzeuge werden vorgestellt. Jedes Bastelprojekt ist mit zahlreichen Fotos und Abbildungen illustriert und kann Schritt fr Schritt nachgebaut werden. Alle verwendeten Bauteile werden genau erklrt und in ihrer prinzipiellen Funktionsweise vorgestellt. Die Bastelprojekte knnen beliebig erweitert und fr andere Zwecke angepasst werden. Generationen von Hobbybastlern haben mit Erik Bartmanns Bestsellerbuch bereits die Arduino-Programmierung gelernt. In der komplett berarbeiteten 4. Neuauflage des Arduino-Standardwerkes wurden neue Bauteile wie der ESP32 oder LoRaWAN aufgenommen und neue Entwicklerwerkzeuge wie Node-RED, KiCad und MQTT behandelt.
Stability Analysis and Controller Design of Local Model Networks
This book treats various methods for stability analysis and controller design of local model networks (LMNs). LMNs have proved to be a powerful tool in nonlinear dynamic system identification. Their system architecture is more suitable for controller design compared to alternative approximation methods. The main advantage is that linear controller design methods can be, at least locally, applied and combined with nonlinear optimization to calibrate stable state feedback as well as PID controller. The calibration of stable state-feedback controllers is based on the closed loop stability analysis methods. Here, global LMIs (Linear Matrix Inequalities) can be derived and numerically solved. For LMN based nonlinear PID controllers deriving global LMIs is not possible. Thus, two approaches are treated in this book. The first approach works iteratively to get LMIs in each iteration step. The second approach uses a genetic algorithm to determine the PID controller parameters where for each individual the stability is checked. It allows simultaneous enhancement of (competing) optimization criteria. CHRISTIAN MAYR received the M.S. degree in mechanical engineering, the Ph.D. degree in technical sciences from TU Wien, Vienna, Austria, in 2009 and 2013, respectively. Since 2013 he is with AVL List GmbH, Graz, Austria. First as Development Engineer, from 2017 as Project Manager, in 2020 as Team Leader and since 2021 Department Manager for Virtualization Application. Dynamic Local Model Networks.- Open Loop Stability Analysis.- Closed-Loop Stability Analysis and Controller Design.- PID Controller Design.
Die Oracle Datenbank 19c
Diese Einführung in die Oracle Datenbankadministration bietet einen schnellen Einstieg in die Installation, den Betrieb und das Backup einer Oracle 19c Datenbank. Dabei liegt der Fokus auf Datenbanken, die nicht in der Cloud, sondern auf eigenen Servern (on premise) betrieben werden. Es wird gezeigt, wie eine Einzelinstanz als herkömmliche Non-CDB oder als Multitenant-Containerdatenbank aufgesetzt werden kann und wie beim Aufbau eines Real Application Clusters vorgegangen werden muss. Erläutert werden die Komponenten, aus denen eine Datenbank und ihre Instanz bestehen, die Bedeutung von Speicherbereichen und Schemaobjekten. Die Besonderheiten einer Containerdatenbank gegenüber der älteren Non-CDB Architektur werden beschrieben. Hinweise werden gegeben, welche Initialisierungsparameter besser auf ihren Vorgabewerten belassen und welche unbedingt angepasst werden sollten. Besonderen Raum wurde dem Thema Backup und Recovery eingeräumt. Es wird gezeigt, welche Befehle in einem Sicherungsskript nicht fehlen sollten und wie Schäden an einer Oracle Datenbank erkannt und repariert werden können. Nach der Lektüre sollten sich Leserinnen und Leser nicht mehr orientierungslos gegenüber einer Oracle Datenbank fühlen.Thorsten Grebe berät und betreut seit über 15 Jahren Organisationen aus Wirtschaft und öffentlichem Dienst zur Oracle Datenbank. Er ist Oracle Certified Master (OCM) und hat auf der DOAG Jahreskonferenz in Nürnberg, Europas größter Oracle Anwenderkonferenz, mehrere Vorträge zu Kernthemen der Oracle Datenbank gehalten. Einführung - Installation - Oracle Datenbank Grundlagen - Backup und Recovery
Third Space, Information Sharing, and Participatory Design
SOCIETY FACES MANY CHALLENGES IN WORKPLACES, EVERYDAY LIFE SITUATIONS, AND EDUCATION CONTEXTS. Within information behavior research, there are often calls to bridge inclusiveness and for greater collaboration, with user-centered design approaches and, more specifically, participatory design practices. Collaboration and participation are essential in addressing contemporary societal challenges, designing creative information objects and processes, as well as developing spaces for learning, and information and research interventions. The intention is to improve access to information and the benefits to be gained from that. This also applies to bridging the digital divide and for embracing artificial intelligence. With regard to research and practices within information behavior, it is crucial to consider that all users should be involved. Many information activities (i.e., activities falling under the umbrella terms of information behavior and information practices) manifest through participation, and thus, methods such as participatory design may help unfold both information behavior and practices as well as the creation of information objects, new models, and theories. Information sharing is one of its core activities. For participatory design with its value set of democratic, inclusive, and open participation towards innovative practices in a diversity of contexts, it is essential to understand how information activities such as sharing manifest itself. For information behavior studies it is essential to deepen understanding of how information sharing manifests in order to improve access to information and the use of information.Third Space is a physical, virtual, cognitive, and conceptual space where participants may negotiate, reflect, and form new knowledge and worldviews working toward creative, practical and applicable solutions, finding innovative, appropriate research methods, interpreting findings, proposing new theories, recommending next steps, and even designing solutions such as new information objects or services. Information sharing in participatory design manifests in tandem with many other information interaction activities and especially information and cognitive processing. Although there are practices of individual information sharing and information encountering, information sharing mostly relates to collaborative information behavior practices, creativity, and collective decision-making.Our purpose with this book is to enable students, researchers, and practitioners within a multi-disciplinary research field, including information studies and Human–Computer Interaction approaches, to gain a deeper understanding of how the core activity of information sharing in participatory design, in which Third Space may be a platform for information interaction, is taking place when using methods utilized in participatory design to address contemporary societal challenges. This could also apply for information behavior studies using participatory design as methodology. We elaborate interpretations of core concepts such as participatory design, Third Space, information sharing, and collaborative information behavior, before discussing participatory design methods and processes in more depth. We also touch on information behavior, information practice, and other important concepts. Third Space, information sharing, and information interaction are discussed in some detail. A framework, with Third Space as a core intersecting zone, platform, and adaptive and creative space to study information sharing and other information behavior and interactions are suggested. As a tool to envision information behavior and suggest future practices, participatory design serves as a set of methods and tools in which new interpretations of the design of information behavior studies and eventually new information objects are being initiated involving multiple stakeholders in future information landscapes. For this purpose, we argue that Third Space can be used as an intersection zone to study information sharing and other information activities, but more importantly it can serve as a Third Space Information Behavior (TSIB) study framework where participatory design methodology and processes are applied to information behavior research studies and applications such as information objects, systems, and services with recognition of the importance of situated awareness.* Preface* Acknowledgments* Abbreviations* Introduction: Contemporary Challenges Faced in the Emerging Information Context* Foundation and Components* Participatory Design as an Approach for Participation* Third Space* Information Sharing and Other Information Activities* Third Space as an Intersection Zone for Information Behavior Studies* Conclusion and the Way Forward* Appendix A: General Guideline for Conducting a Participatory Design Workshop Called Future Workshop* Bibliography* Authors' Biographies
Clean C++20
Write maintainable, extensible, and durable software with modern C++. This book, updated for the recently released C++20 standard, is a must for every developer, software architect, or team leader who is interested in well-crafted C++ code, and thus also wants to save development costs. If you want to teach yourself about writing better C++ code, Clean C++20 is exactly what you need. It is written for C++ developers of all skill levels and shows by example how to write understandable, flexible, maintainable, and efficient C++ code. Even if you are a seasoned C++ developer, there are nuggets and data points in this book that you will find useful in your work.If you don't take care with your codebase, you can produce a large, messy, and unmaintainable beast in any programming language. However, C++ projects in particular are prone to get messy and tend to slip into a maintenance nightmare. There is lots of C++ code out there that looks as if it was written in the 1980s, completely ignoring principles and practices of well-written and modern C++.It seems that C++ developers have been forgotten by those who preach Software Craftsmanship and Clean Code principles. The web is full of C++ code examples that may be very fast and highly optimized, but whose developers have completely ignored elementary principles of good design and well-written code. This book will explain how to avoid this and how to get the most out of your C++ code. You'll find your coding becomes more efficient and, importantly, more fun.WHAT YOU WILL LEARN* Gain sound principles and rules for clean coding in C++* Carry out test-driven development (TDD)* Better modularize your C++ code base* Discover and apply C++ design patterns and idioms* Write C++ code in both object-oriented and functional programming stylesWHO THIS BOOK IS FORAny C++ developer or software engineer with an interest in producing better code.STEPHAN ROTH is a coach, consultant, and trainer for systems and software engineering with German consultancy company oose Innovative Informatik eG located in Hamburg. Before he joined oose, he worked for many years as a software developer, software architect, and systems engineer in the field of radio reconnaissance and communication intelligence systems. He has developed sophisticated applications, especially in a high-performance system environment, and graphical user interfaces using C++ and other programming languages. Stephan is an active supporter of the Software Craftsmanship movement and is concerned with principles and practices of Clean Code Development (CCD).CH01 - IntroductionCH02 - Build a Safety NetCH03 - Be PrincipledCH04 - Basics of Clean C++CH05 - Advanced concepts of modern C++CH06 - Object OrientationCH07 - Functional ProgrammingCH08 - Test Driven DevelopmentCH09 - Design Patterns and IdiomsAppendix A - Small UML GuideBibliography
Beginning Azure Synapse Analytics
Get started with Azure Synapse Analytics, Microsoft's modern data analytics platform. This book covers core components such as Synapse SQL, Synapse Spark, Synapse Pipelines, and many more, along with their architecture and implementation.The book begins with an introduction to core data and analytics concepts followed by an understanding of traditional/legacy data warehouse, modern data warehouse, and the most modern data lakehouse. You will go through the introduction and background of Azure Synapse Analytics along with its main features and key service capabilities. Core architecture is discussed, along with Synapse SQL. You will learn its main features and how to create a dedicated Synapse SQL pool and analyze your big data using Serverless Synapse SQL Pool. You also will learn Synapse Spark and Synapse Pipelines, with examples. And you will learn Synapse Workspace and Synapse Studio followed by Synapse Link and its features. You will go through use cases in Azure Synapse and understand the reference architecture for Synapse Analytics.After reading this book, you will be able to work with Azure Synapse Analytics and understand its architecture, main components, features, and capabilities.WHAT YOU WILL LEARN* Understand core data and analytics concepts and data lakehouse concepts* Be familiar with overall Azure Synapse architecture and its main components* Be familiar with Synapse SQL and Synapse Spark architecture components* Work with integrated Apache Spark (aka Synapse Spark) and Synapse SQL engines* Understand Synapse Workspace, Synapse Studio, and Synapse Pipeline* Study reference architecture and use casesWHO THIS BOOK IS FORAzure data analysts, data engineers, data scientists, and solutions architectsBHADRESH SHIYAL is an Azure data architect and Azure data engineer. For the past seven years, he has been working with a large multi-national IT corporation as Solutions Architect. Prior to that, he spent almost a decade in private and public sector banks in India in various IT positions working on various Microsoft technologies. He has 18 years of IT experience, including working for two years on an international assignment from London. He has much experience in application design, development, and deployment.He has worked on various technologies, including Visual Basic, SQL Server, SharePoint Technologies, .NET MVC, O365, Azure Data Factory, Azure Databricks, Azure Synapse Analytics, Azure Data Lake Storage Gen1/Gen2, Azure SQL Data Warehouse, Power BI, Spark SQL, Scala, Delta Lake, Azure Machine Learning, Azure Information Protection, Azure .NET SDK, Azure DevOps, and more.He holds multiple Azure certifications that include Microsoft Certified Azure Solutions Architect Expert, Microsoft Certified Azure Data Engineer Associate, Microsoft Certified Azure Data Scientist Associate, and Microsoft Certified Azure Data Analyst Associate.Bhadresh has worked as Solutions Architect on a large-scale Azure Data Lake implementation project as well as on a data transformation project and on large-scale customized content management systems. He has also worked as Technical Reviewer for the book Data Science using Azure, prior to authoring this book.CHAPTER 1: CORE DATA AND ANALYTICS CONCEPTSCHAPTER GOAL: Introducing readers to some of the important core data and analytics concepts as a foundationNO OF PAGES : 15SUB -TOPICS1. Introduction/Background2. Core Data Concepts1. Structured Data2. Unstructured Data3. Semi-Structured Data4. Batch Data5. Streaming Data6. Difference between Streaming Data and Batch Data7. Relational Data and its characteristics3. Core Analytics Concepts1. Data Ingestion1. ELT2. ETL2. Data Processing3. Data Exploration4. Data Visualization5. Analytics Techniques1. Descriptive2. Diagnostic3. Predictive4. Prescriptive5. Cognitive4. SummaryCHAPTER 2: MODERN DATA WAREHOUSE AND DATA LAKEHOUSECHAPTER GOAL: Providing conceptual understanding about traditional / legacy Data Warehouse, Modern Data Warehouse and finally the most modern Data Lakehouse.NO OF PAGES: 25SUB - TOPICS1. Introduction/Background2. What is Data Warehouse?3. Why do we need a Data Warehouse?4. What is Modern Data Warehouse?5. Comparison between Traditional Data Warehouse and Modern Data Warehouse?6. What is Data Lakehouse?7. Comparison between Data Warehouse and Data Lakehouse8. Benefits of Data Lakehouse9. Examples of Data Lakehouse10. SummaryCHAPTER 3: INTRODUCTION TO AZURE SYNAPSE ANALYTICSCHAPTER GOAL: Building foundational knowledge by introducing Azure Synapse Analytics, its main features and its key services capabilitiesNO OF PAGES : 20SUB - TOPICS:1. Introduction/Background2. What is Azure Synapse Analytics?3. Azure Synapse Analytics vs Azure SQL Datawarehouse4. Why should you learn Azure Synapse Analytics?5. Main Features1. Unified Experience2. Powerful Insights3. Limitless Scale4. Instant Clarity5. Security and Privacy6. Key Services Capabilities1. EDW2. Data Lake Exploration3. Multiple Language Support4. Low-Code or Code-Free Data Orchestration5. Integrated Apache Spark and SQL Engines6. Stream Analytics7. AI Integration8. BI Integration9. Management and Security7. SummaryCHAPTER 4: ARCHITECTURE AND ITS MAIN COMPONENTSCHAPTER GOAL: Explaining Azure Synapse Analytics Core Architecture and its main components as it is very different from traditional Data Warehouse Architecture and its components.NO OF PAGES: 15SUB - TOPICS:1. Introduction/Background2. High Level Architecture3. Main Components of Architecture1. Synapse SQL2. Synapse Spark3. Synapse Pipelines4. Synapse Studio5. Synapse Link4. SummaryCHAPTER 5: SYNAPSE SQLCHAPTER GOAL: Exploring Synapse SQL in detail including its architecture, its main features with some How-Tos to make the readers familiar with some important activities which can be carried out for Synapse SQLNO OF PAGES: 25SUB - TOPICS:1. Background / Introduction2. Synapse SQL Architecture Components1. Azure Storage2. Control Node3. Compute Node4. Data Movement Service5. Distributions3. Synapse SQL Pool4. Synapse SQL On-Demand5. Synapse SQL Features6. Resource Consumption Models7. Synapse SQL - Best Practices8. How-Tos1. Create an Azure Synapse SQL Pool2. Create an Azure Synapse SQL On-Demand3. Load Data using COPY Statement4. Load data from Azure Data Lake Storage for Synapse SQL5. Load data by using Azure Data Factory6. Ingest data into Azure Data Lake Storage Gen29. SummaryCHAPTER 6: SYNAPSE SPARKCHAPTER GOAL: Explaining Synapse Sparks and its main components including Delta Lake along with some How-Tos to make the readers familiar with important tasks pertaining to Synapse Spark.NO OF PAGES: 30SUB - TOPICS:1. Introduction/Background2. What is Apache Spark3. Synapse Spark Capabilities4. What is Delta Lake and its importance in Spark?5. Synapse Spark Job Optimization6. Development Libraries7. Apache Spark Machine Learning8. How-Tos1. Create Synapse Spark Cluster2. Load Data using Synapse Spark Cluster3. Export / Import Data with Apache Spark9. SummaryCHAPTER 7: SYNAPSE PIPELINESCHAPTER GOAL: Introducing Azure Synapse Pipelines and how it integrates with Azure Data Factory. Detailed explanation to various types of Pipeline activities with examples.No of pages: 20SUB - TOPICS:1. Introduction / Background2. Overview of Azure Data Factory3. Data Movement Activities4. Data Transformation Activities5. Control Flow Activities6. Copy Pipeline Example7. Transformation Pipeline Example8. Scheduling Pipelines9. SummaryCHAPTER 8: SYNAPSE WORKSPACE AND SYNAPSE STUDIOCHAPTER GOAL: To make readers familiar with Synapse Workspace and Synapse Studio including its main features and its capabilities and to give understanding about how to accomplish some important tasks using workspace and studio.NO OF PAGES: 25SUB - TOPICS:1. What is Synapse Workspace?2. Workspace Components and Features3. What is Synapse Studio?4. Main Features5. Capabilities (What it can do?)6. Linking Power BI to Synapse Studio7. How-To carry out important activities using Studio8. SummaryCHAPTER 9: SYNAPSE LINKCHAPTER GOAL: To explain differences between OLTP and OLAP, why HTAP is required and its benefits and then introducing Synapse Link along with its Cosmos DB integration, its features and use cases.NO OF PAGES: 20SUB - TOPICS:1. Introduction / Background2. OLTP vs OLAP3. What is HTAP?4. HTAP Benefits5. What is Azure Synapse Link?6. Azure Cosmos DB Analytical Store7. Synapse Link Features8. Synapse Link Use Cases9. SummaryCHAPTER 10: AZURE SYNAPSE USE CASES AND REFERENCE ARCHITECTURESChapter Goal: To make readers familiar with Synapse Workspace and Synapse Studio including its main features and its capabilities and to give understanding about how to accomplish some important tasks using workspace and studio.NO OF PAGES: 15SUB - TOPICS:1. Introduction / Background2. Where you should use Synapse Analytics?3. Where it should not be used?4. Few Examples of Use cases of Synapse Analytics5. Reference Architecture for Synapse Analytics6. Summary
(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide
Your Complete Guide to Preparing for the CISSP Certification, Updated for the CISSP 2021 Exam The (ISC)2 CISSP Official Study Guide, 9th Edition is your one-stop resource for complete coverage of the 2021 CISSP exam objectives. You’ll prepare for the exam smarter and faster with Sybex thanks to superior content including: assessment tests that check exam readiness, objective map, written labs, key topic exam essentials, and challenging chapter review questions. Reinforce what you have learned with the exclusive Sybex online learning environment and test bank, assessable across multiple devices. Get prepared for the CISSP exam with Sybex. Coverage of all exam objectives in this Study Guide means you’ll be ready for: Security and Risk ManagementAsset SecuritySecurity Architecture and EngineeringCommunication and Network SecurityIdentity and Access Management (IAM)Security Assessment and TestingSecurity OperationsSoftware Development Security Interactive learning environment Take your exam prep to the next level with Sybex’s superior interactive online study tools. To access our learning environment, simply visit www.wiley.com/go/sybextestprep, register to receive your unique PIN, and instantly gain one year of FREE access to: Interactive test bank with four additional practice exams, each with 125 unique questions. Practice exams help you identify areas where further review is needed. Get more than 90% of the answers correct, and you're ready to take the certification exam.More than 700 electronic flashcards to reinforce learning and last minute prep before the exam.Comprehensive glossary in PDF format gives you instant access to the key terms so you are fully prepared. ABOUT THE CISSP CERTIFICATION The CISSP is the most globally recognized certification in the information security market. This vendor neutral certification validates an information security professional's deep technical and managerial knowledge and experience to effectively design, engineer, and manage the overall security posture of an organization. (ISC)2 is a global nonprofit organization that maintains the Common Body of Knowledge for information security professionals. Candidates must have experience, subscribe to the (ISC)2 Code of Ethics, and maintain continuing education requirements or recertify every three years. Visit www.isc2.org to learn more. The only Official CISSP Study Guide - fully updated for the 2021 CISSP Body of Knowledge (ISC)2 Certified Information Systems Security Professional (CISSP) Official Study Guide, 9th Edition has been completely updated based on the latest 2021 CISSP Exam Outline. This bestselling Sybex Study Guide covers 100% of the exam objectives. You'll prepare for the exam smarter and faster with Sybex thanks to expert content, knowledge from our real-world experience, advice on mastering this adaptive exam, access to the Sybex online interactive learning environment, and much more. Reinforce what you've learned with key topic exam essentials and chapter review questions. The three co-authors of this book bring decades of experience as cybersecurity practitioners and educators, integrating real-world expertise with the practical knowledge you'll need to successfully pass the CISSP exam. Combined, they've taught cybersecurity concepts to millions of students through their books, video courses, and live training programs. Along with the book, you also get access to Sybex's superior online interactive learning environment that includes: Over 900 new and improved practice test questions with complete answer explanations. This includes all of the questions from the book plus four additional online-only practice exams, each with 125 unique questions. You can use the online-only practice exams as full exam simulations. Our questions will help you identify where you need to study more. Get more than 90 percent of the answers correct, and you're ready to take the certification exam.More than 700 Electronic Flashcards to reinforce your learning and give you last-minute test prep before the examA searchable glossary in PDF to give you instant access to the key terms you need to know for the examNew for the 9th edition: Audio Review. Author Mike Chapple reads the Exam Essentials for each chapter providing you with 2 hours and 50 minutes of new audio review for yet another way to reinforce your knowledge as you prepare. All of the online features are supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questions. Coverage of all of the exam topics in the book means you'll be ready for: Security and Risk ManagementAsset SecuritySecurity Architecture and EngineeringCommunication and Network SecurityIdentity and Access Management (IAM)Security Assessment and TestingSecurity OperationsSoftware Development Security Mike Chapple, PhD, CISSP, is Teaching Professor of IT, Analytics, and Operations at the University of Notre Dame’s Mendoza College of Business. He is a cybersecurity professional and educator with over 25 years of experience. Mike provides cybersecurity certification resources at his website, CertMike.com. James Michael Stewart, CISSP, CEH, CHFI, ECSA, CND, ECIH, CySA+, PenTest+, CASP+, Security+, Network+, A+, CISM, and CFR, has been writing and training for more than 25 years, with a current focus on security. He has been writing and teaching CISSP materials since 2002. He is the author of and contributor to more than 75 books on security certifications. Darril Gibson, CISSP, Security+, CASP, is the CEO of YCDA (short for You Can Do Anything), and he has authored or coauthored more than 40 books. Darril regularly writes, consults, and teaches on a wide variety of technical and security topics and holds several certifications. Introduction xxxvii Assessment Test lix Chapter 1 Security Governance Through Principles and Policies 1 Security 101 3 Understand and Apply Security Concepts 4 Confidentiality 5 Integrity 6 Availability 7 DAD, Overprotection, Authenticity, Non-repudiation, and AAA Services 7 Protection Mechanisms 11 Security Boundaries 13 Evaluate and Apply Security Governance Principles 14 Third-Party Governance 15 Documentation Review 15 Manage the Security Function 16 Alignment of Security Function to Business Strategy, Goals, Mission, and Objectives 17 Organizational Processes 19 Organizational Roles and Responsibilities 21 Security Control Frameworks 22 Due Diligence and Due Care 23 Security Policy, Standards, Procedures, and Guidelines 23 Security Policies 24 Security Standards, Baselines, and Guidelines 24 Security Procedures 25 Threat Modeling 26 Identifying Threats 26 Determining and Diagramming Potential Attacks 28 Performing Reduction Analysis 28 Prioritization and Response 30 Supply Chain Risk Management 31 Summary 33 Exam Essentials 33 Written Lab 36 Review Questions 37 Chapter 2 Personnel Security and Risk Management Concepts 43 Personnel Security Policies and Procedures 45 Job Descriptions and Responsibilities 45 Candidate Screening and Hiring 46 Onboarding: Employment Agreements and Policies 47 Employee Oversight 48 Offboarding, Transfers, and Termination Processes 49 Vendor, Consultant, and Contractor Agreements and Controls 52 Compliance Policy Requirements 53 Privacy Policy Requirements 54 Understand and Apply Risk Management Concepts 55 Risk Terminology and Concepts 56 Asset Valuation 58 Identify Threats and Vulnerabilities 60 Risk Assessment/Analysis 60 Risk Responses 66 Cost vs. Benefit of Security Controls 69 Countermeasure Selection and Implementation 72 Applicable Types of Controls 74 Security Control Assessment 76 Monitoring and Measurement 76 Risk Reporting and Documentation 77 Continuous Improvement 77 Risk Frameworks 79 Social Engineering 81 Social Engineering Principles 83 Eliciting Information 85 Prepending 85 Phishing 85 Spear Phishing 87 Whaling 87 Smishing 88 Vishing 88 Spam 89 Shoulder Surfing 90 Invoice Scams 90 Hoax 90 Impersonation and Masquerading 91 Tailgating and Piggybacking 91 Dumpster Diving 92 Identity Fraud 93 Typo Squatting 94 Influence Campaigns 94 Establish and Maintain a Security Awareness, Education, and Training Program 96 Awareness 97 Training 97 Education 98 Improvements 98 Effectiveness Evaluation 99 Summary 100 Exam Essentials 101 Written Lab 106 Review Questions 107 Chapter 3 Business Continuity Planning 113 Planning for Business Continuity 114 Project Scope and Planning 115 Organizational Review 116 BCP Team Selection 117 Resource Requirements 119 Legal and Regulatory Requirements 120 Business Impact Analysis 121 Identifying Priorities 122 Risk Identification 123 Likelihood Assessment 125 Impact Analysis 126 Resource Prioritization 128 Continuity Planning 128 Strategy Development 129 Provisions and Processes 129 Plan Approval and Implementation 131 Plan Approval 131 Plan Implementation 132 Training and Education 132 BCP Documentation 132 Summary 136 Exam Essentials 137 Written Lab 138 Review Questions 139 Chapter 4 Laws, Regulations, and Compliance 143 Categories of Laws 144 Criminal Law 144 Civil Law 146 Administrative Law 146 Laws 147 Computer Crime 147 Intellectual Property (IP) 152 Licensing 158 Import/Export 158 Privacy 160 State Privacy Laws 168 Compliance 169 Contracting and Procurement 171 Summary 171 Exam Essentials 172 Written Lab 173 Review Questions 174 Chapter 5 Protecting Security of Assets 179 Identifying and Classifying Information and Assets 180 Defining Sensitive Data 180 Defining Data Classifications 182 Defining Asset Classifications 185 Understanding Data States 185 Determining Compliance Requirements 186 Determining Data Security Controls 186 Establishing Information and Asset Handling Requirements 188 Data Maintenance 189 Data Loss Prevention 189 Marking Sensitive Data and Assets 190 Handling Sensitive Information and Assets 192 Data Collection Limitation 192 Data Location 193 Storing Sensitive Data 193 Data Destruction 194 Ensuring Appropriate Data and Asset Retention 197 Data Protection Methods 199 Digital Rights Management 199 Cloud Access Security Broker 200 Pseudonymization 200 Tokenization 201 Anonymization 202 Understanding Data Roles 204 Data Owners 204 Asset Owners 205 Business/Mission Owners 206 Data Processors and Data Controllers 206 Data Custodians 207 Administrators 207 Users and Subjects 208 Using Security Baselines 208 Comparing Tailoring and Scoping 209 Standards Selection 210 Summary 211 Exam Essentials 211 Written Lab 213 Review Questions 214 Chapter 6 Cryptography and Symmetric Key Algorithms 219 Cryptographic Foundations 220 Goals of Cryptography 220 Cryptography Concepts 223 Cryptographic Mathematics 224 Ciphers 230 Modern Cryptography 238 Cryptographic Keys 238 Symmetric Key Algorithms 239 Asymmetric Key Algorithms 241 Hashing Algorithms 244 Symmetric Cryptography 244 Cryptographic Modes of Operation 245 Data Encryption Standard 247 Triple DES 247 International Data Encryption Algorithm 248 Blowfish 249 Skipjack 249 Rivest Ciphers 249 Advanced Encryption Standard 250 CAST 250 Comparison of Symmetric Encryption Algorithms 251 Symmetric Key Management 252 Cryptographic Lifecycle 255 Summary 255 Exam Essentials 256 Written Lab 257 Review Questions 258 Chapter 7 PKI and Cryptographic Applications 263 Asymmetric Cryptography 264 Public and Private Keys 264 RSA 265 ElGamal 267 Elliptic Curve 268 Diffie–Hellman Key Exchange 269 Quantum Cryptography 270 Hash Functions 271 SHA 272 MD5 273 RIPEMD 273 Comparison of Hash Algorithm Value Lengths 274 Digital Signatures 275 HMAC 276 Digital Signature Standard 277 Public Key Infrastructure 277 Certificates 278 Certificate Authorities 279 Certificate Lifecycle 280 Certificate Formats 283 Asymmetric Key Management 284 Hybrid Cryptography 285 Applied Cryptography 285 Portable Devices 285 Email 286 Web Applications 290 Steganography and Watermarking 292 Networking 294 Emerging Applications 295 Cryptographic Attacks 297 Summary 301 Exam Essentials 302 Written Lab 303 Review Questions 304 Chapter 8 Principles of Security Models, Design, and Capabilities 309 Secure Design Principles 310 Objects and Subjects 311 Closed and Open Systems 312 Secure Defaults 314 Fail Securely 314 Keep It Simple 316 Zero Trust 317 Privacy by Design 319 Trust but Verify 319 Techniques for Ensuring CIA 320 Confinement 320 Bounds 320 Isolation 321 Access Controls 321 Trust and Assurance 321 Understand the Fundamental Concepts of Security Models 322 Trusted Computing Base 323 State Machine Model 325 Information Flow Model 325 Noninterference Model 326 Take-Grant Model 326 Access Control Matrix 327 Bell–LaPadula Model 328 Biba Model 330 Clark–Wilson Model 333 Brewer and Nash Model 334 Goguen–Meseguer Model 335 Sutherland Model 335 Graham–Denning Model 335 Harrison–Ruzzo–Ullman Model 336 Select Controls Based on Systems Security Requirements 337 Common Criteria 337 Authorization to Operate 340 Understand Security Capabilities of Information Systems 341 Memory Protection 341 Virtualization 342 Trusted Platform Module 342 Interfaces 343 Fault Tolerance 343 Encryption/Decryption 343 Summary 343 Exam Essentials 344 Written Lab 347 Review Questions 348 Chapter 9 Security Vulnerabilities, Threats, and Countermeasures 353 Shared Responsibility 354 Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements 355 Hardware 356 Firmware 370 Client-Based Systems 372 Mobile Code 372 Local Caches 375 Server-Based Systems 375 Large-Scale Parallel Data Systems 376 Grid Computing 377 Peer to Peer 378 Industrial Control Systems 378 Distributed Systems 380 High-Performance Computing (HPC) Systems 382 Internet of Things 383 Edge and Fog Computing 385 Embedded Devices and Cyber-Physical Systems 386 Static Systems 387 Network-Enabled Devices 388 Cyber-Physical Systems 389 Elements Related to Embedded and Static Systems 389 Security Concerns of Embedded and Static Systems 390 Specialized Devices 393 Microservices 394 Infrastructure as Code 395 Virtualized Systems 397 Virtual Software 399 Virtualized Networking 400 Software-Defined Everything 400 Virtualization Security Management 403 Containerization 405 Serverless Architecture 406 Mobile Devices 406 Mobile Device Security Features 408 Mobile Device Deployment Policies 420 Essential Security Protection Mechanisms 426 Process Isolation 426 Hardware Segmentation 427 System Security Policy 427 Common Security Architecture Flaws and Issues 428 Covert Channels 428 Attacks Based on Design or Coding Flaws 430 Rootkits 431 Incremental Attacks 431 Summary 432 Exam Essentials 433 Written Lab 440 Review Questions 441 Chapter 10 Physical Security Requirements 447 Apply Security Principles to Site and Facility Design 448 Secure Facility Plan 448 Site Selection 449 Facility Design 450 Implement Site and Facility Security Controls 452 Equipment Failure 453 Wiring Closets 454 Server Rooms/Data Centers 455 Intrusion Detection Systems 458 Cameras 460 Access Abuses 462 Media Storage Facilities 462 Evidence Storage 463 Restricted and Work Area Security 464 Utility Considerations 465 Fire Prevention, Detection, and Suppression 470 Implement and Manage Physical Security 476 Perimeter Security Controls 477 Internal Security Controls 481 Key Performance Indicators of Physical Security 483 Summary 484 Exam Essentials 485 Written Lab 488 Review Questions 489 Chapter 11 Secure Network Architecture and Components 495 OSI Model 497 History of the OSI Model 497 OSI Functionality 498 Encapsulation/Deencapsulation 498 OSI Layers 500 TCP/IP Model 504 Analyzing Network Traffic 505 Common Application Layer Protocols 506 Transport Layer Protocols 508 Domain Name System 509 DNS Poisoning 511 Domain Hijacking 514 Internet Protocol (IP) Networking 516 IPv4 vs. IPv6 516 IP Classes 517 ICMP 519 IGMP 519 ARP Concerns 519 Secure Communication Protocols 521 Implications of Multilayer Protocols 522 Converged Protocols 523 Voice over Internet Protocol (VoIP) 524 Software-Defined Networking 525 Microsegmentation 526 Wireless Networks 527 Securing the SSID 529 Wireless Channels 529 Conducting a Site Survey 530 Wireless Security 531 Wi-Fi Protected Setup (WPS) 533 Wireless MAC Filter 534 Wireless Antenna Management 534 Using Captive Portals 535 General Wi-Fi Security Procedure 535 Wireless Communications 536 Wireless Attacks 539 Other Communication Protocols 543 Cellular Networks 544 Content Distribution Networks (CDNs) 545 Secure Network Components 545 Secure Operation of Hardware 546 Common Network Equipment 547 Network Access Control 549 Firewalls 550 Endpoint Security 556 Cabling, Topology, and Transmission Media Technology 559 Transmission Media 559 Network Topologies 563 Ethernet 565 Sub-Technologies 566 Summary 569 Exam Essentials 570 Written Lab 574 Review Questions 575 Chapter 12 Secure Communications and Network Attacks 581 Protocol Security Mechanisms 582 Authentication Protocols 582 Port Security 585 Quality of Service (QoS) 585 Secure Voice Communications 586 Public Switched Telephone Network 586 Voice over Internet Protocol (VoIP) 586 Vishing and Phreaking 588 PBX Fraud and Abuse 589 Remote Access Security Management 590 Remote Access and Telecommuting Techniques 591 Remote Connection Security 591 Plan a Remote Access Security Policy 592 Multimedia Collaboration 593 Remote Meeting 593 Instant Messaging and Chat 594 Load Balancing 595 Virtual IPs and Load Persistence 596 Active-Active vs. Active-Passive 596 Manage Email Security 596 Email Security Goals 597 Understand Email Security Issues 599 Email Security Solutions 599 Virtual Private Network 602 Tunneling 603 How VPNs Work 604 Always-On 606 Split Tunnel vs. Full Tunnel 607 Common VPN Protocols 607 Switching and Virtual LANs 610 Network Address Translation 614 Private IP Addresses 616 Stateful NAT 617 Automatic Private IP Addressing 617 Third-Party Connectivity 618 Switching Technologies 620 Circuit Switching 620 Packet Switching 620 Virtual Circuits 621 WAN Technologies 622 Fiber-Optic Links 624 Security Control Characteristics 624 Transparency 625 Transmission Management Mechanisms 625 Prevent or Mitigate Network Attacks 625 Eavesdropping 626 Modification Attacks 626 Summary 626 Exam Essentials 628 Written Lab 630 Review Questions 631 Chapter 13 Managing Identity and Authentication 637 Controlling Access to Assets 639 Controlling Physical and Logical Access 640 The CIA Triad and Access Controls 640 Managing Identification and Authentication 641 Comparing Subjects and Objects 642 Registration, Proofing, and Establishment of Identity 643 Authorization and Accountability 644 Authentication Factors Overview 645 Something You Know 647 Something You Have 650 Something You Are 651 Multifactor Authentication (MFA) 655 Two-Factor Authentication with Authenticator Apps 655 Passwordless Authentication 656 Device Authentication 657 Service Authentication 658 Mutual Authentication 659 Implementing Identity Management 659 Single Sign-On 659 SSO and Federated Identities 660 Credential Management Systems 662 Credential Manager Apps 663 Scripted Access 663 Session Management 663 Managing the Identity and Access Provisioning Lifecycle 664 Provisioning and Onboarding 665 Deprovisioning and Offboarding 666 Defining New Roles 667 Account Maintenance 667 Account Access Review 667 Summary 668 Exam Essentials 669 Written Lab 671 Review Questions 672 Chapter 14 Controlling and Monitoring Access 677 Comparing Access Control Models 678 Comparing Permissions, Rights, and Privileges 678 Understanding Authorization Mechanisms 679 Defining Requirements with a Security Policy 681 Introducing Access Control Models 681 Discretionary Access Control 682 Nondiscretionary Access Control 683 Implementing Authentication Systems 690 Implementing SSO on the Internet 691 Implementing SSO on Internal Networks 694 Understanding Access Control Attacks 699 Risk Elements 700 Common Access Control Attacks 700 Core Protection Methods 713 Summary 714 Exam Essentials 715 Written Lab 717 Review Questions 718 Chapter 15 Security Assessment and Testing 723 Building a Security Assessment and Testing Program 725 Security Testing 725 Security Assessments 726 Security Audits 727 Performing Vulnerability Assessments 731 Describing Vulnerabilities 731 Vulnerability Scans 732 Penetration Testing 742 Compliance Checks 745 Testing Your Software 746 Code Review and Testing 746 Interface Testing 751 Misuse Case Testing 751 Test Coverage Analysis 752 Website Monitoring 752 Implementing Security Management Processes 753 Log Reviews 753 Account Management 754 Disaster Recovery and Business Continuity 754 Training and Awareness 755 Key Performance and Risk Indicators 755 Summary 756 Exam Essentials 756 Written Lab 758 Review Questions 759 Chapter 16 Managing Security Operations 763 Apply Foundational Security Operations Concepts 765 Need to Know and Least Privilege 765 Separation of Duties (SoD) and Responsibilities 767 Two-Person Control 768 Job Rotation 768 Mandatory Vacations 768 Privileged Account Management 769 Service Level Agreements (SLAs) 771 Addressing Personnel Safety and Security 771 Duress 771 Travel 772 Emergency Management 773 Security Training and Awareness 773 Provision Resources Securely 773 Information and Asset Ownership 774 Asset Management 774 Apply Resource Protection 776 Media Management 776 Media Protection Techniques 776 Managed Services in the Cloud 779 Shared Responsibility with Cloud Service Models 780 Scalability and Elasticity 782 Perform Configuration Management (CM) 782 Provisioning 783 Baselining 783 Using Images for Baselining 783 Automation 784 Managing Change 785 Change Management 787 Versioning 788 Configuration Documentation 788 Managing Patches and Reducing Vulnerabilities 789 Systems to Manage 789 Patch Management 789 Vulnerability Management 791 Vulnerability Scans 792 Common Vulnerabilities and Exposures 792 Summary 793 Exam Essentials 794 Written Lab 796 Review Questions 797 Chapter 17 Preventing and Responding to Incidents 801 Conducting Incident Management 803 Defining an Incident 803 Incident Management Steps 804 Implementing Detective and Preventive Measures 810 Basic Preventive Measures 810 Understanding Attacks 811 Intrusion Detection and Prevention Systems 820 Specific Preventive Measures 828 Logging and Monitoring 834 Logging Techniques 834 The Role of Monitoring 837 Monitoring Techniques 840 Log Management 844 Egress Monitoring 844 Automating Incident Response 845 Understanding SOAR 845 Machine Learning and AI Tools 846 Threat Intelligence 847 The Intersection of SOAR, Machine Learning, AI, and Threat Feeds 850 Summary 851 Exam Essentials 852 Written Lab 855 Review Questions 856 Chapter 18 Disaster Recovery Planning 861 The Nature of Disaster 863 Natural Disasters 864 Human-Made Disasters 869 Understand System Resilience, High Availability, and Fault Tolerance 875 Protecting Hard Drives 875 Protecting Servers 877 Protecting Power Sources 878 Trusted Recovery 879 Quality of Service 880 Recovery Strategy 880 Business Unit and Functional Priorities 881 Crisis Management 882 Emergency Communications 882 Workgroup Recovery 883 Alternate Processing Sites 883 Database Recovery 888 Recovery Plan Development 890 Emergency Response 891 Personnel and Communications 891 Assessment 892 Backups and Off-site Storage 892 Software Escrow Arrangements 896 Utilities 897 Logistics and Supplies 897 Recovery vs. Restoration 897 Training, Awareness, and Documentation 898 Testing and Maintenance 899 Read-Through Test 899 Structured Walk-Through 900 Simulation Test 900 Parallel Test 900 Full-Interruption Test 900 Lessons Learned 901 Maintenance 901 Summary 902 Exam Essentials 902 Written Lab 903 Review Questions 904 Chapter 19 Investigations and Ethics 909 Investigations 910 Investigation Types 910 Evidence 913 Investigation Process 919 Major Categories of Computer Crime 923 Military and Intelligence Attacks 924 Business Attacks 925 Financial Attacks 926 Terrorist Attacks 926 Grudge Attacks 927 Thrill Attacks 928 Hacktivists 928 Ethics 929 Organizational Code of Ethics 929 (ISC)2 Code of Ethics 930 Ethics and the Internet 931 Summary 933 Exam Essentials 934 Written Lab 935 Review Questions 936 Chapter 20 Software Development Security 941 Introducing Systems Development Controls 943 Software Development 943 Systems Development Lifecycle 952 Lifecycle Models 955 Gantt Charts and PERT 964 Change and Configuration Management 964 The DevOps Approach 966 Application Programming Interfaces 967 Software Testing 969 Code Repositories 970 Service-Level Agreements 971 Third-Party Software Acquisition 972 Establishing Databases and Data Warehousing 973 Database Management System Architecture 973 Database Transactions 977 Security for Multilevel Databases 978 Open Database Connectivity 982 NoSQL 982 Storage Threats 983 Understanding Knowledge-Based Systems 984 Expert Systems 984 Machine Learning 985 Neural Networks 986 Summary 987 Exam Essentials 987 Written Lab 988 Review Questions 989 Chapter 21 Malicious Code and Application Attacks 993 Malware 994 Sources of Malicious Code 995 Viruses 995 Logic Bombs 999 Trojan Horses 1000 Worms 1001 Spyware and Adware 1004 Ransomware 1004 Malicious Scripts 1005 Zero-Day Attacks 1006 Malware Prevention 1006 Platforms Vulnerable to Malware 1007 Antimalware Software 1007 Integrity Monitoring 1008 Advanced Threat Protection 1008 Application Attacks 1009 Buffer Overflows 1009 Time of Check to Time of Use 1010 Backdoors 1011 Privilege Escalation and Rootkits 1011 Injection Vulnerabilities 1012 SQL Injection Attacks 1012 Code Injection Attacks 1016 Command Injection Attacks 1016 Exploiting Authorization Vulnerabilities 1017 Insecure Direct Object References 1018 Directory Traversal 1018 File Inclusion 1020 Exploiting Web Application Vulnerabilities 1020 Cross-Site Scripting (XSS) 1021 Request Forgery 1023 Session Hijacking 1024 Application Security Controls 1025 Input Validation 1025 Web Application Firewalls 1027 Database Security 1028 Code Security 1029 Secure Coding Practices 1031 Source Code Comments 1031 Error Handling 1032 Hard-Coded Credentials 1033 Memory Management 1034 Summary 1035 Exam Essentials 1035 Written Lab 1036 Review Questions 1037 Appendix A Answers to Review Questions 1041 Chapter 1: Security Governance Through Principles and Policies 1042 Chapter 2: Personnel Security and Risk Management Concepts 1045 Chapter 3: Business Continuity Planning 1049 Chapter 4: Laws, Regulations, and Compliance 1051 Chapter 5: Protecting Security of Assets 1053 Chapter 6: Cryptography and Symmetric Key Algorithms 1056 Chapter 7: PKI and Cryptographic Applications 1058 Chapter 8: Principles of Security Models, Design, and Capabilities 1060 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1062 Chapter 10: Physical Security Requirements 1067 Chapter 11: Secure Network Architecture and Components 1071 Chapter 12: Secure Communications and Network Attacks 1075 Chapter 13: Managing Identity and Authentication 1078 Chapter 14: Controlling and Monitoring Access 1080 Chapter 15: Security Assessment and Testing 1082 Chapter 16: Managing Security Operations 1084 Chapter 17: Preventing and Responding to Incidents 1086 Chapter 18: Disaster Recovery Planning 1089 Chapter 19: Investigations and Ethics 1091 Chapter 20: Software Development Security 1093 Chapter 21: Malicious Code and Application Attacks 1095 Appendix B Answers to Written Labs 1099 Chapter 1: Security Governance Through Principles and Policies 1100 Chapter 2: Personnel Security and Risk Management Concepts 1100 Chapter 3: Business Continuity Planning 1101 Chapter 4: Laws, Regulations, and Compliance 1102 Chapter 5: Protecting Security of Assets 1102 Chapter 6: Cryptography and Symmetric Key Algorithms 1103 Chapter 7: PKI and Cryptographic Applications 1104 Chapter 8: Principles of Security Models, Design, and Capabilities 1104 Chapter 9: Security Vulnerabilities, Threats, and Countermeasures 1105 Chapter 10: Physical Security Requirements 1106 Chapter 11: Secure Network Architecture and Components 1108 Chapter 12: Secure Communications and Network Attacks 1109 Chapter 13: Managing Identity and Authentication 1110 Chapter 14: Controlling and Monitoring Access 1111 Chapter 15: Security Assessment and Testing 1111 Chapter 16: Managing Security Operations 1112 Chapter 17: Preventing and Responding to Incidents 1113 Chapter 18: Disaster Recovery Planning 1113 Chapter 19: Investigations and Ethics 1114 Chapter 20: Software Development Security 1114 Chapter 21: Malicious Code and Application Attacks 1115 Index 1117
Bausteine eines Managements Künstlicher Intelligenz
Algorithmen Künstlicher Intelligenz werden stetig weiterentwickelt und kommen in immer mehr Anwendungen in Wirtschaft und Gesellschaft zum Einsatz. Es werden professionelle Prozesse und Strukturen benötigt, um Anwendungen zu entwickeln, zu betreiben und in den betrieblichen Kontext zu integrieren. Dieses essential beschreibt die grundsätzlichen Prozesse eines Managements Künstlicher Intelligenz und zeigt Beispiele für konkreten unternehmerischen Nutzen. Wettbewerbsvorteile durch Künstliche Intelligenz.- Grundlagen.- Stand in Wissenschaft und Praxis.- Managementmodell.- Nächste Schritte.
(ISC)2 CISSP Certified Information Systems Security Professional Official Practice Tests
FULL-LENGTH PRACTICE TESTS COVERING ALL CISSP DOMAINS FOR THE ULTIMATE EXAM PREPThe (ISC)2 CISSP Official Practice Tests is a major resource for (ISC)2 Certified Information Systems Security Professional (CISSP) candidates, providing 1300 unique practice questions. The first part of the book provides 100 questions per domain. You also have access to four unique 125-question practice exams to help you master the material. As the only official practice tests endorsed by (ISC)2, this book gives you the advantage of full and complete preparation. These practice tests align with the 2021 version of the exam to ensure up-to-date preparation, and are designed to cover what you will see on exam day. Coverage includes: Security and Risk Management, Asset Security, Security Architecture and Engineering, Communication and Network Security, Identity and Access Management (IAM), Security Assessment and Testing, Security Operations, and Software Development Security.The CISSP credential signifies a body of knowledge and a set of guaranteed skills that put you in demand in the marketplace. This book is your ticket to achieving this prestigious certification, by helping you test what you know against what you need to know.* Test your knowledge of the 2021 exam domains* Identify areas in need of further study* Gauge your progress throughout your exam preparation* Practice test taking with Sybex’s online test environment containing the questions from the bookThe CISSP exam is refreshed every few years to ensure that candidates are up-to-date on the latest security topics and trends. Currently-aligned preparation resources are critical, and periodic practice tests are one of the best ways to truly measure your level of understanding.ABOUT THE AUTHORSMIKE CHAPPLE, PhD, CISSP, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business and serves as the Academic Director of the University’s Master of Science in Business Analytics program. He holds multiple additional certifications, including the CIPP/US, CySA+, CISM, PenTest+, and Security+. He is a bestselling author of more than 25 books including (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide,7th, 8th, and 9th Editions.DAVID SEIDL, CISSP, is Vice President for Information Technology and CIO at Miami University. During his IT career, he has served in a variety of technical and information security roles including serving at the Senior Director for Campus Technology Services at the University of Notre Dame where he co-led Notre Dame’s move to the cloud. He holds multiple additional technical certifications including CySA+, Pentest+, GPEN, and GCIH. David has written books on security certification and cyberwarfare, including co-authoring the previous editions of CISSP (ISC)2 Official Practice Tests as well as multiple cybersecurity Sybex Study Guides and Practice Tests for other certifications.Introduction xvCHAPTER 1 SECURITY AND RISK MANAGEMENT (DOMAIN 1) 1CHAPTER 2 ASSET SECURITY (DOMAIN 2) 25CHAPTER 3 SECURITY ARCHITECTURE AND ENGINEERING (DOMAIN 3) 49CHAPTER 4 COMMUNICATION AND NETWORK SECURITY (DOMAIN 4) 73CHAPTER 5 IDENTITY AND ACCESS MANAGEMENT (DOMAIN 5) 97CHAPTER 6 SECURITY ASSESSMENT AND TESTING (DOMAIN 6) 121CHAPTER 7 SECURITY OPERATIONS (DOMAIN 7) 145CHAPTER 8 SOFTWARE DEVELOPMENT SECURITY (DOMAIN 8) 169CHAPTER 9 PRACTICE TEST 1 195CHAPTER 10 PRACTICE TEST 2 225CHAPTER 11 PRACTICE TEST 3 253CHAPTER 12 PRACTICE TEST 4 283APPENDIX ANSWERS 311Chapter 1: Security and Risk Management (Domain 1) 312Chapter 2: Asset Security (Domain 2) 321Chapter 3: Security Architecture and Engineering (Domain 3) 333Chapter 4: Communication and Network Security (Domain 4) 342Chapter 5: Identity and Access Management (Domain 5) 353Chapter 6: Security Assessment and Testing (Domain 6) 365Chapter 7: Security Operations (Domain 7) 377Chapter 8: Software Development Security (Domain 8) 389Chapter 9: Practice Test 1 400Chapter 10: Practice Test 2 414Chapter 11: Practice Test 3 428Chapter 12: Practice Test 4 441Index 457
Modellierung
Die Grundlagen der Modellierung beherrschen!Die Modellierung ist eine typische Arbeitsmethode in der Informatik: Aufgaben, Probleme oder Strukturen werden untersucht und formal beschrieben. Erst danach werden sie durch den Entwurf von Software, Algorithmen, Daten oder Hardware gelöst bzw. implementiert. Zur Anwendung der Modellierung steht ein breites Spektrum von Kalkülen und Notationen zur Verfügung.Dieses Buch soll eine Übersicht über die wichtigsten Kalküle der Informatik und ein grundlegendes Verständnis für diese vermitteln. Anhand von vielen praktischen Beispielen lernen Sie die grundlegenden Modellierungstechniken kennen und werden in deren Anwendung eingeführt.Dieses Buch vermittelt systematisch und praxisnah den Lehrstoff für Einführungsvorlesungen zur Modellierung und eignet sich für Bachelor-Studiengänge der Informatik und verwandter Fächer. Es werden behandelt:- Modellierung mit Wertebereichen- Terme und Algebren- Logik- Modellierung mit Graphen- Modellierung von Strukturen- Modellierung von Abläufen- FallstudienAuf plus.hanser-fachbuch.de finden Sie zu diesem Titel kostenloses digitales Zusatzmaterial in Form von umfassenden Vorlesungsmaterialien und Übungen mitsamt Lösungen. Prof. Dr. Uwe Kastens und Prof. Dr. Hans Kleine Büning lehrten Informatik an der Universität Paderborn und hielten dort im Wechsel die Modellierungsvorlesung.
Machine Learning for Oracle Database Professionals
Database developers and administrators will use this book to learn how to deploy machine learning models in Oracle Database and in Oracle’s Autonomous Database cloud offering. The book covers the technologies that make up the Oracle Machine Learning (OML) platform, including OML4SQL, OML Notebooks, OML4R, and OML4Py. The book focuses on Oracle Machine Learning as part of the Oracle Autonomous Database collaborative environment. Also covered are advanced topics such as delivery and automation pipelines.Throughout the book you will find practical details and hand-on examples showing you how to implement machine learning and automate deployment of machine learning. Discussion around the examples helps you gain a conceptual understanding of machine learning. Important concepts discussed include the methods involved, the algorithms to choose from, and mechanisms for process and deployment. Seasoned database professionals looking to make the leap into machine learning as a growth path will find much to like in this book as it helps you step up and use your current knowledge of Oracle Database to transition into providing machine learning solutions.WHAT YOU WILL LEARN* Use the Oracle Machine Learning (OML) Notebooks for data visualization and machine learning model building and evaluation* Understand Oracle offerings for machine learning* Develop machine learning with Oracle database using the built-in machine learning packages* Develop and deploy machine learning models using OML4SQL and OML4R* Leverage the Oracle Autonomous Database and its collaborative environment for Oracle Machine Learning* Develop and deploy machine learning projects in Oracle Autonomous Database* Build an automated pipeline that can detect and handle changes in data/model performanceWHO THIS BOOK IS FORDatabase developers and administrators who want to learn about machine learning, developers who want to build models and applications using Oracle Database’s built-in machine learning feature set, and administrators tasked with supporting applications on Oracle Database that make use of the Oracle Machine Learning feature setHELI HELSKYAHO is CEO for Miracle Finland Oy. She holds a master’s degree in computer science from the University of Helsinki and specializes in databases. At the moment she is working on her doctoral studies, researching and teaching at the University of Helsinki. Her research areas cover big data, multi-model databases, schema discovery, and methods and tools for utilizing semi-structured data for decision making.Heli has been working in IT since 1990. She has held several positions, but every role has included databases and database designing. She believes that understanding your data makes using the data much easier. She is an Oracle ACE Director, an Oracle Groundbreaker Ambassador, and a frequent speaker at many conferences. She is the author of several books and has been listed as one of the TOP 100 influencers in the IT sector in Finland for each year from 2015 to 2020.JEAN YU is a Senior Staff MLOps Engineer at Habana Labs, an Intel company. Prior to that, she was a Senior Data Engineer on the IBM Hybrid Cloud Management Data Science Team. Her current interests include deep learning, model productization, and distributed training of massive transformer-based language models. She holds a master's degree in computer science from the University of Texas at San Antonio. She has more than 25 years of experience in developing, deploying, and managing software applications, as well as in leading development teams. Her recent awards include an Outstanding Technical Achievement Award for significant innovation in Cloud Brokerage Cost and Asset Management products in 2019 as well as an Outstanding Technical Achievement Award for Innovation in the Delivery of Remote Maintenance Upgrade for Tivoli Storage Manager in 2011.Jean is a master inventor with 14 patents granted. She has been a voting member of the IBM Invention Review Board from 2006 to 2020. She has been a speaker at conferences such as North Central Oracle Apps User Group Training Day 2019 and Collaborate 2020.KAI YU is a Distinguished Engineer of the Dell Technical Leadership Community. He is responsible for providing technical leadership to Dell Oracle Solutions Engineering. He has over 27 years of experience in architecting and implementing various IT solutions, specializing in Oracle database, IT infrastructure, and cloud as well as business analytics and machine learning.Kai has been a frequent speaker at various IT/Oracle conferences with over 200 presentations in more than 20 countries. He also authored 36 articles in technical journals such as IEEE Transactions on Big Data, and has co-authored the Apress book Expert Oracle RAC12c. He has been an Oracle ACE Director since 2010, and has served on the IOUG/Quest Conference committee and served as IOUG RAC SIG president and IOUG CLOUG SIG co-founder and vice president. He received the 2011 OAUG Innovator of Year award and the 2012 Oracle Excellence Award: Technologist of the Year: Cloud Architect by Oracle Magazine. He holds two master’s degrees in computer science and engineering from the Huazhong University of Science and Technology and the University of Wyoming.1. Introduction to Machine Learning2. Oracle and Machine Learning3: Oracle Machine Learning for SQL4. Oracle Autonomous Database for Machine Learning5. Running Oracle Machine Learning with Autonomous Database6: Building Machine Learning Models with OML Notebooks7. Oracle Analytics Cloud8. Delivery and Automation Pipeline in Machine Learning9. ML Deployment Pipeline Using Oracle Machine Learning10. Building Reproducible ML Pipelines Using Oracle Machine Learning
Introduction to Video Game Engine Development
Start your video game development journey by learning how to build a 2D game engine from scratch. Using Java (with NetBeans as your IDE and using Java’s graphics framework) or by following along in C# (with Visual Studio as your IDE and using the MonoGame framework), you’ll cover the design and implementation of a 2D game engine in detail. Each class will be reviewed with demonstration code. You’ll gain experience using the engine by building a game from the ground up.Introduction to Video Game Engine Development reviews the design and implementation of a 2D game engine in three parts. Part 1 covers the low-level API class by class. You’ll see how to abstract lower-level functionality and design a set of classes that interact seamlessly with each other. You’ll learn how to draw objects, play sounds, render text, and more. In Part 2, you’ll review the mid-level API that is responsible for drawing the game, loading resources, and managing user input. Lastly, in Part 3, you’ll build a game from the ground up following a step-by-step process using the 2D game engine you just reviewed.On completing this book, you’ll have a solid foundation in video game engine design and implementation. You’ll also get exposure to building games from scratch, creating the solid foundation you’ll need to work with more advanced game engines, and industry tools, that require learning complex software, APIs, and IDEs.WHAT YOU WILL LEARN* Gain experience with lower-level game engine APIs and abstracting framework functionality* Write application-level APIs: launching the game, loading resources, settings, processing input, and more * Discover cross-platform APIs in the game engine projects written in both Java and C#/MonoGame * Develop games with an SDK-based game engine and simplified tool chain focused on direct control of the game through code* Master creating games by using the game engine to build a game from the ground up with only code and an IDEWHO THIS BOOK IS FORThose of you out there with some programming experience, moderate to advanced, who want to learn how to write video games using modern game engine designs.Victor Brusca is an experienced software developer specializing in building cross-platform applications and APIs. He regards himself as a self-starter with a keen eye for detail, an obsessive protection of systems/data, and a desire to write well-documented, well-encapsulated code. With over 14 years' software development experience, he has been involved in game and game engine projects on J2ME, T-Mobile SideKick, WebOS, Windows Phone, Xbox 360, Android, iOS, and web platforms.Chapter 1: MmgBase API IntroductionChapter 2: Base ClassesChapter 3: Helper ClassesChapter 4: Other ClassesChapter 5: Advanced ClassesChapter 6: Widget ClassesChapter 7: Animation ClassesChapter 8: Game Screen ClassesChapter 9: MmgCore API IntroductionChapter 10: Static Main Entry PointChapter 11: Dynamic SettingsChapter 12: Event HandlersChapter 13: Resource LoadingChapter 14: Game ScreensChapter 15: Game Build IntroductionChapter 16: PongClone Project SetupChapter 17: PongClone Main Menu ScreenChapter 18: PongClone Game ScreenChapter 19: Conclusion
PowerShell for Beginners
Learn the basic tools and commands to write scripts in PowerShell 7. This hands-on guide is designed to get you up and running on PowerShell quickly - introducing interactive menus, reading and writing files, and creating code that talks over the network to other scripts, with mini games to facilitate learning.PowerShell for Beginners starts with an introduction to PowerShell and its components. It further discusses the various tools and commands required for writing scripts in PowerShell 7, with learning reinforced by writing mini games. You will learn how to use variables and conditional statements for writing scripts followed by loops and arrays. You will then work with functions and classes in PowerShell. Moving forward, you will go through the PowerShell Console, customizing the title and text colors. Along the way you will see how to read a key press and make sound in PowerShell. The final sections cover game engine layout, how to build a title screen, and implementing the game design using code flow, title screens, levels, and much more.After reading the book you will be able to begin working with PowerShell 7 scripts and understand how to use its tools and commands effectively.WHAT YOU WILL LEARN* Use Microsoft Visual Studio Code to develop scripts* Understand variables, loops and conditional statements in PowerShell* Work with scripts to develop a game* Discover and use ASCII art generators* Comprehend game objects and code* Create client-server scripts that communicate over a network* Read and write to files* Capture input from the keyboard* Make PowerShell speak words to help the visually impaired* Create text-based adventure gamesWHO THIS BOOK IS FORSoftware developers who want to start working with PowerShell scripts.IAN WATERS works for Southern IT Networks Ltd as the technical director. He works with Managed Service Providers (MSPs) striving to provide the best possible IT support services to businesses in the south east of England. Ian has an overall experience of 15 years in IT where he has been working on Windows Server, Exchange, Active Directory, Microsoft 365, PowerShell, and many more. He is a frequent blogger and posts articles related to Microsoft’s new technologies on Slash Admin.Chapter 1: Introduction.Chapter 2: Beginners Guide to PowerShell and Visual Studio CodeChapter 3: Variables.Chapter 4: Conditional Statements.Chapter 5: Loops.Chapter 6: Arrays.Chapter 7: Functions.Chapter 8: Classes.Chapter 9: Customising The Console.Chapter 10: User Input.Chapter 11: Dragon Slayer.Chapter 12: Getting Colourful.Chapter 13: ASCII Table.Chapter 14: Cursor Control.Chapter 15: Background Processing.Chapter 16: Networking.Chapter 18: Working with Files.Chapter 19: Game EngineChapter 20: Creating ASCII ArtChapter 21: Power Bomber
Essential Computer Science
Understand essential computer science concepts and skills. This book focuses on the foundational and fundamental concepts upon which expertise in specific areas can be developed, including computer architecture, programming language, algorithm and data structure, operating systems, computer networks, distributed systems, security, and more.According to code.org, there are 500,000 open programming positions available in the US— compared to an annual crop of just 50,000 graduating computer science majors. The US Department of Labor predicted that there will be almost a million and a half computer science jobs in the very near future, but only enough programmers to fill roughly one third of these jobs.To bridge the gap, many people not formally trained in computer science are employed in programming jobs. Although they are able to start programming and coding quickly, it often takes them time to acquire the necessary understanding to gain the requisite skills to become an efficient computer engineer or advanced developer.WHAT YOU WILL LEARN* The fundamentals of how a computer works* The basics of computer programming and programming paradigms* How to write efficient programs* How the hardware and software work together to provide a good user experience and enhance the usability of the system* How computers can talk to each other* How to ensure the security of the system* The fundamentals of cloud offerings, implications/trade-offs, and deployment/adoption configurations* The fundamentals of machine learningWHO THIS BOOK IS FORComputer programmers lacking a formal education in computer science, and anyone with a formal education in computer science, looking to develop a general understanding of computer science fundamentalsPAUL D. CRUTCHER is Senior Principal Engineer at Intel Corporation and manages the Platform Software Architecture team in the Client Computing Group. He has worked at Intel for more than 25 years and has also worked at two smaller software companies. Paul has a degree in computer science, with expertise spanning software development, architecture, integration, and validation based on systems engineering best practices in multiple areas. He holds several patents and has written multiple papers and presentations.NEERAJ KUMAR SINGH is a Principal Engineer at Intel with more than 15 years of system software and platform design experience. His areas of expertise are hardware software co-design, system/platform architecture, and system software design & development. Neeraj is the lead author of two other books: System on Chip Interfaces for Low Power Design and Industrial System Engineering for Drones: A Guide with Best Practices for Designing, in addition to many other papers and presentations.PETER TIEGS is Principle Engineer at Intel with 20 years of software experience. Inside Intel he often consults on DevOps topics such as build automation and source code branching. Over the last decade Peter evangelized continuous integration and delivery as well as agile practices at Intel. He has written software at all levels of the stack from embedded C code to VUE.js. His programming language of choice is Python.Chapter 1: Concept and Fundamentals of Computer SystemIn this chapter we discuss a brief history and evolution of a computer System, and fundamentals of how it operates.1. Evolution of Computer System2. Von Neumann Model/Architecture: I/O, CPU and memory1. Fetch:2. Decode,3. Execute3. Fetch: Address and Data4. Decode: Instructions and Instruction Set Architecture:1. Encode/Decode1. Number Representation2. Negative Numbers3. Little Endian/Big Endian.2. Instruction Format, Opcode, Operand3. Addressing modes4. ISA:1. Categories: RISC, CISC etc.2. Examples: x86, ARM etc.5. Execute:1. Fundamentals of Digital Logic2. Examples: ADD, SUB.6. Computer Hardware Advancements/Extensions:1. Compute Block: Pipelining, and Predictive Execution and Data Hazards2. Memory Hierarchy: Cache (inclusive, exclusive), Memory3. Interrupt Based vs. Polling1. Interrupt Service Routine4. DMA5. Multiprocessor: SIMD, MIMD, VLIW etc.7. Basic Architecture of x86 based computer1. Stack, PC, General Purpose Registers (GPRs) etc.8. IO Devices- Interface and Controller Advancements, Example: PCIe, USB1. Controller, Bus, and Device9. Internal and External View of an Example Computer System Design10. References and further reading:1. Digital Logic and Computer Design: Morris Mano2. Computer Organization and Design: The Hardware/Software Interface: Hennessy and PattersonChapter 2: Programming the Computer HardwareIn the preceding chapter we discussed the fundamentals about the computer hardware and architecture. Now having understood that, let’s discuss how to program/instruct the hardware to do what we want/need.1. What’s programming?2. Assembly and Machine language3. Programming in High Level Language- why?4. Programming Language Fundamentals:1. Language Definition:· Syntax· High Level Constructs to Machine Level Mapping, example:1. Variable definition to memory allocation2. Assignment to mov3. Operators to respective: ADD, SUB, MUL etc.4. Conditional to cmp and jmp5. Loops to cmp and jmp etc.6. Functions to call and return, and stack· Other Key Concepts:1. Variable Scope and Lifetime,2. Data Type and Type Casting3. Formal, and Actual Parameter(arguments),4. Function Call by Value and Reference5. Lambda functions2. Translation from High Level to Machine Level Language:· Lexical: picking up tokens· Parser: Syntax and Semantic Analysis· Code Generation1. Intermediate code- why?2. Optimization- why?3. Symbol Table4. Libraries and Runtime?· Why?· Linking Process· Static, and Dynamic libraries· Benefits and tradeoffs- DLL Hell?5. IDE: The one that puts it all together5. Programming Paradigms:1. Procedural, Object Oriented,2. Interpreted vs Compiled etc.3. Why different Languages?6. Good Code1. Architecture and2. Design Patterns7. References and further reading:1. Compilers: Principles, Techniques, and Tools: Aho Ullman Sethi2. The art of computer Programming: Knuth3. Linkers and Loaders: LevineChapter 3: Algorithm and Data StructureWe’ve discussed computer hardware and how to program it to achieve desired purpose. In this chapter we will discuss how to make programs more efficient.1. What is an Algorithm2. Good and *not so good* Algorithm:1. Time/Space Complexity2. Asymptotic Notation3. Fundamental Data Structure and Algorithm:1. Store (Data Structure): Stack, Queue, Tree, Graph, Linked List, Array, Hash2. Making use of the Data: Searching, Sorting4. Problem Solving Techniques:1. Recursion,2. Divide and Conquer3. Dynamic programming,4. Brute force,5. Greedy Algorithms,5. Class of problems:1. NP Complete and NP Hard problems2. Tractable and Intractable problems.6. Databases:1. Why: Persistence and Volume2. Fundamental Requirements: ACID3. Brief History of Database System Evolution4. Most Prominent Current Database Systems:· Structured Data/ Unstructured Data· Relational Data: Oracle, MySQL etc.· NoSQL1. Why2. Brief History and Examples: Graph database Neo4j, BigTable, CouchDB, Cassandra, MongoDB7. References and further reading:1. Introduction to Algorithms: Thomas Cormen2. Database System Concepts: Avi SilberschatzChapter 4: Operating SystemHaving discussed the computer hardware and software fundamentals, now we will discuss how they work together to provide a good user experience and enhance the usability of the system.1. Purpose of Operating System:1. Bridge between User and the Hardware2. What Systems need OS2. Key Drivers:1. General Purpose: Multifunction2. Multi-processor,3. Multi-tasking4. Multiuser3. Key Function:1. User Authentication:· Virtualize CPU: Scheduling: Affinity, Preemption2. Virtualize Memory:· Segmentation, Paging, Demand Paging, Swapping3. Access and Protection:· Serialization: Deadlocks, Locks, and Semaphores· Separation:1. User Mode and Kernel/*Super User* Mode2. Separation Implementation1. Protection Ring/Layers3. Switching between Kernel and User Mode4. Access to Hardware:1. Device Driver, DDI, and Driver Models4. User Shell: UI/Command Based· Launching an Application· Application/Program vs Process/Thread· Application/Executable Format.· Application Loading Process5. Persistence of Configuration and Settings· Registry for Windows· Configuration Files for Linux4. OS Categories:1. Real time, and General Purpose2. Design Considerations for Real time OS5. Reference:1. Operating System Concepts: Silberschatz, Galvin2. Operating Systems: Three Easy Pieces: Andrea CChapter 5: Computer Networks and Distributed Systems So far, we discussed the computer systems in isolation. There is a need for computers to talk to each other to enable communication and create distributed systems. In this chapter we will discuss how computers can talk to each other.1. History/Evolution of Networks/Internet2. Protocol-Stateful and Stateless Protocol3. Internet protocol (IP), TCP and UDP1. Host, IP Address, MAC, Port, Socket2. DNS, DHCP3. Proxy, Firewall, Router, Firewall4. Distributed Systems: Prominent Architectures1. Client-Server2. Peer-to-Peer3. N-Tier5. Distributed System Example:1. World Wide Web- How it Works?2. FTP- How it Works6. Case Study: Developing Web Application1. System Architecture2. Frontend- Technologies3. Backend - Technologies7. Reference and further reading:1. Computer Networking: A Top-Down Approach: Kurose RossChapter 6: Computer SecurityNow, that we discussed about the computer systems and how they can and do work together in computer networks. It becomes of pertinent importance to ensure the security of the system. In this chapter we’ll talk about the same.1. Security- What and Why?2. Security of Standalone System:1. Physical Security2. Access Control- Authentication· Authentication: Purpose· Active Directory/Kerberos· Integrated Windows Authentication· Biometric3. Malware(viruses) and Antiviruses- How they Work?3. Communication Security1. Cryptography· Symmetric, Asymmetric: Public and Private· Various Algorithms:(AES-512, DES, …)2. Hashing, Signing, Salting4. Putting it in Practice1. Algorithms to Exchange the Keys2. Certificate3. Digital signatures4. Chain and Root of Trust5. Certification Authorities, and Trust Chain6. Certificate Stores5. Applications of the Security Concepts/Mechanisms:1. Secure Boot2. Network Security: TLS, SSL, HTTPS, IPsec, VPNChapter 7: Cloud Computing Traditionally, the businesses have managed their backend servers on their own at their premise. However, there is a trend to consolidate these resources and services somewhere (cloud) on network. And, these services can be used by businesses as needed. The resources can thus be shared and optimized. The services are provided and managed by “cloud service providers.” In this chapter we’ll discuss about the cloud offerings, implications/trade-off and deployment/adoption configurations.1. Cloud and its Offerings (Types)1. IaaS2. SaaS3. PaaS2. Benefits of Cloud Computing3. Cloud Deployment/Adoption Configurations1. Private,2. Public3. Hybrid,4. Cloud Resource Types: VM/Compute, Database, File Share, Lambda etc.5. Cloud Interface/Mechanism6. Developing and Deploying on Cloud1. Cloud Orchestration and Deployment7. Top Cloud Providers: AWS, Azure, Google Cloud, Oracle etc.8. Considerations for Developing Portable and Interoperable SolutionsChapter 8: Machine LearningSo far, we, the human beings, have been developing algorithms and programs which computers just carry out. The algorithms and logic are developed and coded by human beings. The evolution in processing power and data storage has allowed computers to be able to learn and develop logic/intelligence form the data inputs- aka machine learning. In this chapter we discuss the fundamentals of machine learning.What it is? Algorithmic Programming vs. Machine Learning1. Fundamental Concepts in Machine Learning:· Model· Training· Inference2. Four Different Categories of Machine Learning:· Supervised· Unsupervised· Semi-supervised· Reinforcement3. Real and Practical Applications of Machine Learning· Ex: Web Search, E-Comm/Social Media Suggestions etc.2. Evolution of Machine Learning:1. Data Science to AI and ML3. Practical Machine Learning:1. Top leading machine learning frameworks· TensorFlow, PyTorch, ONNX, CAFFE, Keras, Firebase ML kit etc.4. Machine Learning and Cloud- Relationship and Dependency?Appendix: A: SDLCPlanning, Analysis, Design, Implementation, Test, Deploy and MaintenanceAppendix B: Software Engineering Practices:1. Planning and Management Practices: Agile2. Documentation3. Testing:1. Phases and Categories of Testing and Goals· Algorithm Testing, Unit Testing, Integration etc.2. Test Driven Development4. Developing for Debug5. Continuous Integration and Continuous Deployment1. Purpose and Mechanism?2. Tools: Jenkins, TeamCity etc.6. Build Optimization and Tools:1. Purpose and Mechanism2. Tools: Make, Maven, Gradle7. SCM1. Goal and Mechanism2. Tools: P4, SVN, GitAppendix: C: ACPI System States Appendix: C: Complete Flow of Boot to OS1. Computer BIOS and Boot process2. Co-ordination b/w Firmware and OS3. ACPI and Power Management?
Bewegung!
Das Wichtigste an Präsentationen ist ihr Inhalt - ganz klar! Aber es kommt auch darauf an, diesen Inhalt so zu präsentieren, dass die Zuschauer ihn optimal aufnehmen können und jederzeit gedanklich bei dem Punkt sind, den der Präsentator gerade erläutert. Deshalb sollten Inhalte Stück für Stück auf Mausklick eingeblendet werden - so wird niemand abgelenkt. Was sich bewegt, wirkt immer anregender und interessanter als statische Inhalte. Es kommt nur darauf an, diese Bewegung sinnvoll und passend zum Kontext zu gestalten: Ein Diagramm kann schrittweise aufgebaut werden, eine Tabelle nach und nach aufgedeckt, ein Prozess mit einem Video leicht erläutert werden. Excel-Tabellen können innerhalb der Präsentation lesbar präsentiert werden. Alle Inhalte richten sich an Anwender im beruflichen Umfeld. Die gezeigten Möglichkeiten eignen sich natürlich auch für die Arbeit mit Kindern und alle anderen Anwendungen von PowerPoint!Ina Koys ist langjährige Trainerin für MS-Office-Produkte. Viele Fragen werden in den Kursen immer wieder gestellt, aber selten in Fachbüchern behandelt. Einige davon beantwortet sie jetzt in der Reihe "kurz & knackig".
Visual Analysis of Multilayer Networks
THIS IS AN OVERVIEW AND STRUCTURED ANALYSIS OF CONTEMPORARY MULTILAYER NETWORK VISUALIZATION. IT SURVEYS TECHNIQUES AS WELL AS TOOLS, TASKS, AND ANALYTICS FROM WITHIN APPLICATION DOMAINS. It also identifies research opportunities and examines outstanding challenges along with potential solutions and future research directions for addressing them.Visual Analysis of Multilayer Networks is not only for visualization researchers, but for those who need to visualize multilayer networks in the domain of complex systems, as well as anyone solving problems within application domains.The emergence of multilayer networks as a concept from the field of complex systems provides many new opportunities for the visualization of network complexity, and has also raised many new exciting challenges. The multilayer network model recognizes that the complexity of relationships between entities in real-world systems is better embraced as several interdependent subsystems (or layers) rather than a simple graph approach. Despite only recently being formalized and defined, this model can be applied to problems in the domains of life sciences, sociology, digital humanities, and more. Within the domain of network visualization there already are many existing systems, which visualize data sets having many characteristics of multilayer networks, and many techniques, which are applicable to their visualization.* Preface* Figure Credits* Introduction and Overview* Multilayer Networks Across Domains* The Layer as an Entity* Task Taxonomy for Multilayer Networks* Visualization of Nodes and Relationships Across Layers* Interacting with and Analyzing Multilayer Networks* Attribute Visualization and Multilayer Networks* Evaluation of Multilayer Network Visualization Systems and Techniques* Conclusions* Bibliography* Authors' Biographies* List of Figures
Interface for an App
This book is an account of how I addressed the need for a smartphone app that would allow someone with Type 1 diabetes to self-manage their condition.Its presentation highlights the major features of the app’s interface design. They include the selection of metaphors appropriate to a user’s need to form a mental model of the app; the importance of visible context; the benefits of consistency; and considerations of a user’s cognitive and perceptual abilities. The latter is a key feature of the book.But the book is also about the design process, and especially about the valuable contributions made by the many focus group meetings in which design ideas were first presented to people with Type 1 diabetes. Their critique, and sometimes their rejection, of interface ideas were crucial to the development of the app.I hope this book will prove useful for teaching and design guidance.* Terminology * Affordance * Mental Models and Metaphors * Dialogue * Exploration * Chapter Summaries * Introduction * The Requirements * Structure and Layout * Interface Metaphors * Dialogue * Data Entry * Explore * Favourites * Photographs * Exercise * Health * Advice * A Dialogue Check * Conclusions * Reflections on Affordance and Design * Colleagues * Appendix 1: Interaction Consistency Appendix 2: A Novel Usability Tool * References * Author Biography
Beginning Microsoft 365 Collaboration Apps
Start making the most of the latest collaboration tools in Microsoft 365—including Teams, SharePoint, Power Apps, Power BI, Power Automate, Microsoft Groups, Office ProPlus, Yammer, Planner, Stream, Forms, and OneDrive. Integrate these collaboration tools into your team’s projects to boost productivity, engagement, innovation, and enjoyment at work. This book walks you through all the latest features, teaching you how to choose the right tools and get the most out of them for your situation.While technologies for collaboration are more advanced than ever before, there also are more of them, making it all the more confusing. BEGINNING MICROSOFT 365 COLLABORATION APPS will help you make sense of what is available and provide prescriptive guidance to you and your team on how to be more productive.This fully updated and expanded new edition contains lots of new content, screenshots and samples, and all new chapters on Power BI and Power Apps.WHAT YOU WILL LEARN* Know the collaboration applications and features available across Microsoft 365, and how to choose the ones that are right for you and your colleagues in any given situation* Understand the software-as-a-service (SaaS) model and how it enables users to be more effective and productive in remote situations* Discover how multi-device usability and real-time cloud synchronization can help your team collaborate anytime, anywhere, across the apps* Find out how Planner can help you manage projects and tasks, even without a project manager* Explore Microsoft Power Automate and Power Apps to connect applications and services and create codeless applications and workflowsWHO THIS BOOK IS FORMicrosoft 365 business users with a limited technical background. You should be familiar with the Microsoft Office suite of products such as Word and Outlook, and work in a team environment. An active Microsoft 365 would be useful as well.RALPH MERCURIO is a Microsoft Certified Professional with 18 years of experience. He works for the City of Durham in North Carolina and focuses his efforts on providing collaborative solutions to its many departments. He has held various roles in the technology field, including as a SharePoint infrastructure architect consulting for various companies in the New York City metro area.Ralph also has experience architecting and deploying solutions that leverage the best features of SharePoint/Microsoft 365 and provide real business value while solving user experience issues. He has seen many technology changes throughout the years and he discovered a passion for helping users find ways to leverage what they need to know to learn a new technology. With Microsoft 365, he has made it his goal to help users realize the potential of this powerful platform in order to get the most out of these ever-changing applications.BRIAN MERRILL is a Microsoft Certified Educator (MCE) and a Microsoft Certified trainer (MCT). He is currently the Educational Technology Analyst for one of the largest school districts in Pennsylvania. In that role he serves as the global administrator of the district’s Microsoft 365 environment, managing Microsoft Teams and SharePoint, and training faculty and staff on new technologies and systems. Brian is also adjunct faculty at the University of Harrisburg of Science and Technology, where he teaches courses in the Learning Technology and Media Studies program. Teaching courses on Learning Technologies and Solutions as well as Microsoft tools. Brian is a Microsoft Innovative Educator Expert and a member of the Minecraft for Education Advisory Board.PART 1: GETTING STARTED* Chapter 1: Welcome to Microsoft 365PART 2: THE APPLICATIONS* Chapter 2: SharePoint Online* Chapter 3: OneDrive* Chapter 4: Microsoft 365 Groups* Chapter 5: Teams* Chapter 6: Yammer* Chapter 7: Office* Chapter 8: Planner* Chapter 9: Stream* Chapter 10: Forms* Chapter 11: Power Automate* Chapter 12: Power BI* Chapter 13: PowerApps* Chapter 14: Making sense of it all
Azure Data Factory by Example
Data engineers who need to hit the ground running will use this book to build skills in Azure Data Factory v2 (ADF). The tutorial-first approach to ADF taken in this book gets you working from the first chapter, explaining key ideas naturally as you encounter them. From creating your first data factory to building complex, metadata-driven nested pipelines, the book guides you through essential concepts in Microsoft’s cloud-based ETL/ELT platform. It introduces components indispensable for the movement and transformation of data in the cloud. Then it demonstrates the tools necessary to orchestrate, monitor, and manage those components.The hands-on introduction to ADF found in this book is equally well-suited to data engineers embracing their first ETL/ELT toolset as it is to seasoned veterans of Microsoft’s SQL Server Integration Services (SSIS). The example-driven approach leads you through ADF pipeline construction from the ground up, introducing important ideas and making learning natural and engaging. SSIS users will find concepts with familiar parallels, while ADF-first readers will quickly master those concepts through the book’s steady building up of knowledge in successive chapters. Summaries of key concepts at the end of each chapter provide a ready reference that you can return to again and again.WHAT YOU WILL LEARN* Create pipelines, activities, datasets, and linked services* Build reusable components using variables, parameters, and expressions* Move data into and around Azure services automatically* Transform data natively using ADF data flows and Power Query data wrangling* Master flow-of-control and triggers for tightly orchestrated pipeline execution* Publish and monitor pipelines easily and with confidenceWHO THIS BOOK IS FORData engineers and ETL developers taking their first steps in Azure Data Factory, SQL Server Integration Services users making the transition toward doing ETL in Microsoft’s Azure cloud, and SQL Server database administrators involved in data warehousing and ETL operationsRICHARD SWINBANK is a data engineer and Microsoft Data Platform MVP. He specializes in building and automating analytics platforms using Microsoft technologies from the SQL Server stack to the Azure cloud. He is a fervent advocate of DataOps, with a technical focus on bringing automation to both analytics development and operations. An active member of the data community and keen knowledge-sharer, Richard is a volunteer, organizer, speaker, blogger, open source contributor, and author. He holds a PhD in computer science from the University of Birmingham (UK).1. Creating an Azure Data Factory Instance2. Your First Pipeline3. The Copy Data Activity4. Expressions5. Parameters6. Controlling Flow7. Data Flows8. Integration Runtimes9. Power Query in ADF10. Publishing to ADF11. Triggers12. Monitoring
Pro Windows Subsystem for Linux (WSL)
This book covers everything a developer needs to know to hit the ground running and get the most out of Windows Subsystem for Linux (WSL).Since its release, Windows Subsystem for Linux (WSL) has been growing in popularity, moving from curious early adopters to wide-scale interest, including enterprise development teams using WSL in production. This authoritative guide to WSL covers the gamut, introducing developers to WSL architecture, installation and configuration, the WSL command line, all the way to advanced use cases and performance tunings. Practical examples are sprinkled throughout to reinforce understanding. This book is designed to efficiently and effectively get developers comfortable using this highly useful platform for open-source development on Windows. WSL is uniquely suited to cloud and cross-platform development, and system administrator workflows on Windows.Windows developers will begin with the basics of installation and then be introduced to the vast library of open source tools that they can integrate into their own workflows, using their existing development tools, such as Code, Visual Studio, and JetBrains IDEs. Readers will learn, hands on, about using WSL to develop cross-platform and cloud-native applications, work with containers, and deploy a local Kubernetes cluster on WSL.“Much of what WSL is, is what developers make of it” is expert Barnes’ guiding mantra, a theme that is reinforced throughout this valuable cross-platform learning journey. Developers will get excited about the many new opportunities at their fingertips and be astounded at what they can do and achieve with WSL.WHAT YOU WILL LEARN* Install and configure WSL, a unique and novel configuration process* Receive an unbiased overview of WSL, its architecture, installation, the command line, practical use cases, and advanced configuration* Create a development workstation using WSL* Compare and contrast the differences between WSL 1 and WSL 2* Explore, in depth, some of the more popular workflows in WSL, including Docker containers* Consider and plan key factors for a large scale enterprise deployment of WSLWHO THIS BOOK IS FORDevelopers who need to know WSL and how to build a development stack, integrating it with their preferred code editor or IDE if they so choose; existing Windows and Linux system administrators who want to learn how to install, deploy, and manage WSL; power users who are comfortable in a command line, but may be new to Linux or WSLHAYDEN BARNES is Engineering Manager for Ubuntu on Windows Subsystem for Linux (WSL) at Canonical, and a recognized Microsoft MVP. Hayden regularly presents on the topic of WSL at conferences such as Microsoft Build and is the founder of WSLConf. He has consulted for enterprises, academic institutions, and government agencies to help them deploy WSL. Before joining Canonical, Hayden founded Pengwin, the first company to create a custom Linux distribution built specifically for Windows. He is passionate about WSL because it opens up a myriad of opportunities for cross-platform development, open source development, and collaboration between Linux and other communities.Chapter 1: WSL ArchitectureChapter 2: Enabling WSLChapter 3: Managing WSL DistrosChapter 4: Linux Distro MaintenanceChapter 5: Configuring WSL DistrosChapter 6: Configuring WSL 2Chapter 7: Rolling Your Own Init SystemChapter 8: Going Further with WSL 2Chapter 9: Maximizing Windows InteroperabilityChapter 10: Using WSL for Enterprise DevelopmentChapter 11: Troubleshooting WSLChapter 12: Deploying WSL at Scale
Visual Studio Code Distilled
Use Visual Studio Code to write and debug code quickly and efficiently on any platform, for any device, using any programming language, and on the operating system of your choice.Visual Studio Code is an open source and cross-platform development tool that focuses on code editing across a variety of development scenarios, including web, mobile, and cloud development. This second edition of VISUAL STUDIO CODE DISTILLED has been updated and expanded with two new chapters on writing apps with Python and building apps for the cloud and deployment to Azure.The book teaches you how to be immediately productive with Visual Studio Code, from the basics to some of the more complex topics. You will learn how to work on individual code files, complete projects, and come away with an understanding of advanced code-editing features that will help you focus on productivity, and source code collaboration with Git.WHAT YOU WILL LEARN* Get started with practical guidance on Visual Studio Code, including expansive guidance on writing apps with C# and Python* Comprehend Visual Studio Code in a way that is not just theory or a list of features, but an approach driven by developer tasks and needs* Understand integrated support for team collaboration with Git for executing and debugging code, and the many ways you can extend and customize Visual Studio Code* Debug code on multiple platforms through real-world guidance, such as working under corporate networks* Expand your coding intelligence from web to mobile to the cloud* Acquire valuable tips, tricks, and suggestions from hard-earned, real-world experience to be more productiveWHO THIS BOOK IS FORAll developers (including JavaScript, Java, NodeJS), not just those with a Microsoft background, who will benefit from learning and using VS code as a cross-platform and cross-language toolALESSANDRO DEL SOLE is Senior Software Engineer for a healthcare company, building mobile apps for doctors and dialysis patients. He has been in the software industry for more than 20 years, focusing on Microsoft technologies such as .NET, C#, Visual Studio, and Xamarin. He has been a trainer, consultant, and a Microsoft MVP since 2008 and is the author of many technical books. He is a Xamarin Certified Mobile Developer, Microsoft Certified Professional, and a Microsoft Programming Specialist in C#.Chapter 1: Introducing Visual Studio CodeChapter 2: Getting to Know the EnvironmentChapter 3: Language Support and Code Editing FeaturesChapter 4: Working with Files and FoldersChapter 5: Customizing Visual Studio CodeChapter 6: Installing and Managing ExtensionsChapter 7: Source Control with GitChapter 8:Automating TasksChapter 9: Building and Debugging Applications: .NET 5 and Other PlatformsChapter 10: Building Applications with PythonChapter 11: Deploying Applications to Azure
Choose Your InfoSec Path
Cybersecurity is a pressing issue across industries, as well as increasingly important in people’s personal lives. Learning the basic fundamentals is essential in order for companies and individuals to thrive. Although much of the literature around this hot-button topic can seem impenetrable and convoluted to a new learner, Choose Your InfoSec Path is an informative, fun, interactive cybersecurity adventure that has been written specifically with beginners in mind.Step into the shoes of a Chief Information Security Officer (CISO) and find out what could possibly go wrong during a breach. Author Alexander J. Roxon weaves together essential InfoSec concepts with an exciting and fast-paced storyline to make the lessons relatable and easy to understand. Determine what steps your character takes next and affect the outcome of your path. Will you emerge from the breach unscathed? With over 50 different endings, you can explore the what-ifs and experience a new path each time. A supporting glossary makes this book a resource you can return to long after your story is completed.Crucially, the integrity of the cybersecurity concepts is maintained and all events are genuinely plausible from a technical perspective. The book includes commentary to examine key concepts and reflect on decisions. This book is for those who are interested in understanding what cybersecurity is about but without a high technical barrier of entry. Learn some of the basics of incident response, how to dampen the effects of a breach, and get the jump on the bad guys. Your journey starts now.WHAT YOU’LL LEARN* Understand some of the basic concepts of incident response.* Experience how a real-life incident can go from zero to chaos very rapidly.* Find out how being proactive can significantly improve how information security breaches play out.* Discover how to dampen the effects of a breach.WHO THIS BOOK IS FORThis book is for those who are interested in understanding what cybersecurity is about but without a high technical barrier of entry. People who like to laugh as well as learn.Alexander J. Roxon likes to take complicated subjects and problems, then make them simpler and less intimidating. Alex works for the Cyber Defense team within Accenture, helping companies implement appropriate cyber security solutions and strategies. In his spare time, he likes to contribute to the industry with things like phishing awareness blogs full of fish puns, or a deck of playing cards designed to teach people about cyber security (The Infosec Deck). Inspired by the Give Yourself Goosebumps series, he decided to write his own interactive story in an effort to make information security more accessible. He is a Systems Security Certified Professional (SSCP) and Factor Analysis Information Risk (FAIR) accredited.
Integrating D3.js with React
Integrate D3.js into a React TypeScript project and create a chart component working in harmony with React. This book will show you how utilize D3 with React to bring life to your charts.Seasoned author Elad Elrom will show you how to create simple charts such as line, bar, donut, scatter, histogram and others, and advanced charts such as a world map and force charts. You'll also learn to share the data across your components and charts using React Recoil state management. Then integrate third-party chart libraries that are built on D3 such as Rechart, Visx, Nivo, React-vi, and Victory and in the end deploy your chart as a server or serverless app on popular platforms.React and D3 are two of the most popular frameworks in their respective areas – learn to bring them together and take your storytelling to the next level.WHAT YOU'LL LEARN* Set up your project with React, TypeScript and D3.js* Create simple and advanced D3.js charts* Work with complex charts such as world and force charts* Integrate D3 data with React state management * Improve the performance of your D3 components* Deploy as a server or serverless app and debug testWHO THIS BOOK IS FORReaders that already have basic knowledge of React, HTML, CSS and JavaScript.ELAD ELROM is a technical coach. As a writer, he authored and co-authored several technical books. Elad consulted for a variety of clients, from large corporations such as AT&T, HBO, Viacom, NBC Universal, and Weight Watchers, to smaller startups. Aside from coding, Elad is also a PADI diving instructor and a pilot.INTEGRATING D3.JS WITH REACT1. Setting Our Technology Stack2. Graphics and Interactions3. Basic Charts: Part 14. Basic Charts: Part 25. Integrating State Management6. World Chart: Part 17. World Chart: Part 28. Force Charts: Part 19. Force Charts: Part 210. Integrating Popular Chart Libraries Built on D311. Performance Knick-Knacks12. Publishing Your React d3 App