Security
Codebasierte Post-Quanten-Kryptografie
Entdecken Sie die Zukunft der Kryptographie mit „Codebasierte Post-Quanten-Kryptografie - Goppa Codes und das McEliece Kryptosystem“. Dieses Buch bietet eine grundlegende und detaillierte Einführung in eines der sichersten Kryptosysteme unserer Zeit – das McEliece-Kryptosystem. Ursprünglich 1978 entwickelt, widersteht es den modernsten Bedrohungen durch Quantencomputer und setzt neue Maßstäbe in der Post-Quanten-Kryptografie. Mit einer umfassenden Analyse der Goppa Codes und einer verständlichen Darstellung sowohl der Theorie als auch der praktischen Implementierung, ist dieses Werk ein unverzichtbarer Begleiter für jeden, der sich für die nächste Generation der Datensicherheit interessiert. Neben tiefgehenden technischen Einblick erhält man mit dem Buch Zugriff auf eine Implementierung, die es Lesern ermöglicht, die Konzepte interaktiv zu erkunden. Ein Muss für Fachleute der IT-Sicherheit, Akademiker und jeden, der ein tiefes Verständnis für die Mechanismen quantensicherer Verschlüsselung entwickeln möchte. Einleitung. Quantencomputer und moderne Kryptografie. Goppa Codes. Das McEliece-Kryptosystem und seine Varianten. Zusammenfassung und Ausblick. FELIX PETER PAUL ist Informatiker und Mathematiker mit Abschlüssen in Pädagogik und Naturwissenschaften. Er studiert an der Johannes Gutenberg-Universität Mainz und hat sich auf Kryptographie spezialisiert. Seine aktuelle Arbeit konzentriert sich auf vollständig homomorphe Verschlüsselung und Post-Quantum-Kryptographie in Zusammenarbeit mit einem großen Technologieunternehmen, um sichere und zukunftsfähige Verschlüsselungstechnologien zu entwickeln.
CompTIA Security+
* FUNDIERTES UND UMFASSENDES WISSEN ZUM THEMA IT-SICHERHEIT* INKLUSIVE ALLER NEUERUNGEN ZUR RECHTSLAGE BZGL. DATENSCHUTZ UND DATENSICHERHEITT* MIT VORBEREITUNGSFRAGEN ZU JEDEM FACHGEBIETBedrohungen durch mangelhafte Sicherheitskonzepte, unsichere Anwendungen und Angriffe nehmen laufend zu. Eine sichere IT-Umgebung zu gestalten, ist daher ein zentrales Thema in jedem Unternehmen. Die Zertifizierung CompTIA Security+ ist ein wertvoller Nachweis für praxisnahe und umfassende Kenntnisse im Bereich der Informationssicherheit, denn die Prüfung deckt zahlreiche wichtige Themengebiete ab.In der aktuellen Fassung der Prüfung (SYO-701) sind das:* Generelle Sicherheitskonzept* Bedrohungen, Schwachstellen und Abwehrmaßnahmen* Sicherheitsarchitektur* Sicherer Betrieb* Verwaltung und Überwachung von SicherheitsprogrammenDie Autoren behandeln umfassend die genannten Themenbereiche und vermitteln Ihnen mit diesem Buch das für die Zertifizierung notwendige Fachwissen. Im Zentrum steht dabei der Aufbau eines eigenen Verständnisses für die IT-Sicherheit. So erhalten Sie die notwendigen Grundlagen, um die Prüfung CompTIA Security+ erfolgreich zu bestehen.AUS DEM INHALT:* Sicherheitsmanagement und Richtlinien* Unterschiedliche Zugriffsverfahren* Authentifizierungsmethoden* Aktuelle Rechtslage im Datenschutz* Biometrische Erkennungssysteme* Sicherheit durch Redundanz* IT-Infrastruktur resilient gestalten* Grundlagen der Systemhärtung* Gezielte und neuartige Angriffsformen* Mailverkehr sichern* Cloud Computing sicher gestalten* Denial of Service, Pufferüberlauf, Race-Condition* Sichere Verbindungen durch VPN und Remote Access* Sicherheitsimplikationen bei eingebetteten Systemen und IoT* WLAN sicher konfigurieren* System- und Netzwerküberwachung* Analyseprogramme Wireshark, RRDTools, Nagios* Unterschiedliche Firewallkonzepte* Methoden der Datensicherung* Disaster Recovery-Planung* Pentesting und Forensics* Metasploit Framework* Sicherheitsüberprüfungen und Security AuditsMARKUS KAMMERMANN, ausgebildeter ICT-Projektleiter und Erwachsenenausbilder für CompTIA Security+, ist seit mehr als fünfundzwanzig Jahren in der System- und Netzwerktechnik tätig. Er ist Dozent in der höheren beruflichen Bildung und Autor zahlreicher Fachbücher. Sein Standardwerk CompTIA Network+ liegt bereits in der neunten Auflage vor.
CompTIA Security+ (5. Auflg.)
IT-Sicherheit verständlich erklärt: Die umfassende Prüfungsvorbereitung zur CompTIA-Prüfung SY0-701 in 5. Auflage aus Januar 2025.Bedrohungen von Unternehmen durch Angriffe und Sicherheitslücken in den Systemen nehmen laufend zu. Informationssicherheit ist daher ein zentrales Thema in jeder IT-Umgebung. Unternehmen müssen sich gründlich mit der Thematik auseinandersetzen und sich kontinuierlich weiterbilden. Die Zertifizierung CompTIA Security+ ist ein wertvoller Nachweis für praxisnahe und umfassende Kenntnisse zu Themen der Unternehmenssicherheit und die Prüfung deckt die wichtigen Fragestellungen ab. In der aktuellen Fassung der Prüfung (SYO-701) sind das: Generelle Sicherheitskonzept Bedrohungen, Schwachstellen und Abwehrmaßnahmen Sicherheitsarchitektur Sicherer Betrieb Verwaltung und Überwachung von Sicherheitsprogrammen Die Autoren behandeln umfassend die genannten Themenbereiche und vermitteln Ihnen mit diesem Buch das für die Zertifizierung notwendige Fachwissen. Im Zentrum steht dabei der Aufbau eines eigenen Verständnisses für die IT-Sicherheit. So erhalten Sie die notwendigen Grundlagen, um die Prüfung CompTIA Security+ erfolgreich zu bestehen. Aus dem Inhalt: Sicherheitsmanagement und Richtlinien Grundlagen der Kryptografie Unterschiedliche Zugriffsverfahren Authentifizierungsmethoden Aktuelle Rechtslage im Datenschutz Biometrische Erkennungssysteme Sicherheit durch Redundanz IT-Infrastruktur resilient gestalten Grundlagen der Systemhärtung Gefahren durch Malware Gezielte und neuartige Angriffsformen Social Engineering Phishing, Pharming und andere Bösartigkeiten Mailverkehr sichern Sicherheit für Protokolle Cloud Computing sicher gestalten Denial of Service, Pufferüberlauf, Race-Condition Cross-Site-Scripting, SQL-Injection, LDAP-Injection Spoofing, Man-in-the-Middle, Session-Hijacking Sichere Verbindungen durch VPN und Remote Access Sicherheitsimplikationen bei eingebetteten Systemen und IoT WLAN sicher konfigurieren System- und Netzwerküberwachung Analyseprogramme Wireshark, RRDTools, Nagios Unterschiedliche Firewallkonzepte Methoden der Datensicherung Disaster Recovery-Planung Pentesting und Forensics Metasploit Framework Sicherheitsüberprüfungen und Security Audits Über den Autor: Mathias Gut ist Informations- und Cyber-Security-Experte. Er ist in verschiedenen Bereichen von Sicherheitsfragen ausgebildet und zertifiziert – unter anderem als CompTIA Advanced Security Practitioner, CompTIA Security+ – und hat zusätzlich ein abgeschlossenes CAS Information Security & Risk Management der Fachhochschule Nordwestschweiz. Als Dozent unterrichtet er im Bereich der Informationstechnik mit Schwerpunkt IT-Sicherheit in der höheren beruflichen Bildung. Markus Kammermann, ausgebildeter ICT-Projektleiter und Erwachsenenausbilder für CompTIA Security+, ist seit mehr als zwanzig Jahren in der System- und Netzwerktechnik tätig. Er ist Dozent in der höheren beruflichen Bildung und Autor zahlreicher Fachbücher.
Cloud-Infrastrukturen (2. Auflage)
Cloud-Infrastrukturen. Das Handbuch für DevOps-Teams und Administratoren (2., aktualisierte Auflage, 2025)Infrastructure as a Service: Moderne IT-Infrastrukturen werden in die Cloud integriert und nutzen die Rechenzentren von Amazon, Microsoft und Co. Das ermöglicht ganz neue Arbeitsweisen und verspricht mühelose Skalierbarkeit und eine einfache Administration – aber der Teufel steckt im Detail!Wo AWS, Azure und andere Anbieter echte Vorteile ausspielen können, welche Probleme sich dort verstecken und wie Sie die Dienste richtig nutzen, zeigen Ihnen Kevin Welter und Daniel Stender anhand vieler Praxisbeispiele und Anleitungen in diesem Handbuch.Welcome to the Cloud!1. Public Cloud ComputingDie Vorteile von IaaS kennen Sie: Kostenersparnis, flexible Skalierbarkeit, Ressourcen nach Bedarf. Wie Sie mit den richtigen Konzepten das Maximum aus der Cloud herausholen, erfahren Sie hier.2. Der Werkzeugkasten für Cloud EngineersIn der modernen Systemadministration führt kein Weg mehr an zeitgemäßen Tools vorbei. Setzen Sie Python, Google Go und Ansible ein, um Ihre Cloud-Infrastruktur effizient zu verwalten. Und benutzen Sie Docker und Kubernetes als Plattform für Ihre Applikationen in der Cloud.3. Infrastructure-as-CodeFür das Cloud Computing brauchen Sie die richtigen Werkzeuge und Ideen. So scripten Sie Ihre Infrastruktur und sorgen für komfortable Automation und sichere Reproduzierbarkeit.Aus dem InhaltPublic Cloud Computing: IaaS und PaaSWerkzeuge und Skills für Cloud EngineersIaaS-Anbieter verwendenAmazon Web Services, Azure, Google Compute Engine, Hetzner und andere: Welcher Anbieter ist der Richtige für mich?Hybrid- und Multicloud-ComputingCloud-Infrastrukturen automatisch ausrollenCloud-Infrastrukturen mit Ansible konfigurierenCloud-Server testenCloud-Monitoring mit PrometheusCloud-Ressourcen programmierenLeseprobe (PDF-Link)Über die AutorenKevin Welter ist Mitgründer und Geschäftsführer der HumanITy GmbH. Mit seinem Unternehmen unterstützt er Großkonzerne wie Deutsche Bahn, EnBW und Deutsche Telekom bei der Weiterentwicklung ihrer Software sowie der dazugehörigen Prozesse.Daniel Stender hat als freier Cloud-, DevOps- und Linux-Engineer für Banken und Finanzdienstleister gearbeitet.
Umsatzsteuer in SAP S/4HANA
Dieses Buch ist der Schlüssel zur korrekten Umsatzsteuerabbildung in SAP! Die Autoren geben Ihnen eine kompakte Einführung in das aktuelle Umsatzsteuerrecht und zeigen Ihnen, wie Sie die Geschäftsprozesse Ihres Unternehmens steuerlich richtig in SAP S/4HANA abbilden (Komponenten MM, SD und FI). Auch Meldewesen und Auswertungen kommen nicht zu kurz. Lernen Sie außerdem neue Lösungen wie SAP Document and Reporting Compliance kennen. Die vierte Auflage bietet Ihnen zudem einen Überblick über ausgewählte am Markt verfügbare Drittanbieterlösungen rund um die Umsatzsteuer. Aus dem Inhalt: Umsatzsteuer im Einkauf und VertriebReihengeschäfteInnergemeinschaftliches VerbringenBesondere ZahlungsverfahrenUmsatzsteuer-VoranmeldungZusammenfassende MeldungSAP Document and Reporting ComplianceIntrastat-MeldungGelangensbestätigungZusatzliste zur Umsatzsteuer-VoranmeldungNeue UmsatzsteuerverprobungSAP Tax AuditDrittanbieterlösungen rund um die Umsatzsteuer Einleitung ... 13 1. Einführung in das Umsatzsteuerrecht ... 17 1.1 ... Einordnung der Umsatzsteuer ... 17 1.2 ... Rechtsgrundlagen der Umsatzsteuer ... 20 1.3 ... Lieferungen und sonstige Leistungen ... 24 1.4 ... Leistungsort ... 28 1.5 ... Steuerfreiheit und Steuersatz ... 34 1.6 ... Steuerschuldnerschaft ... 36 1.7 ... Umsatzsteuerliche Organschaft ... 38 1.8 ... Grenzüberschreitende Lieferungen und sonstige Leistungen ... 39 1.9 ... Reihengeschäfte ... 46 1.10 ... Umsatzsteuerliche und statistische Meldungen ... 51 1.11 ... Wichtige Neuerungen und aktuelle Entwicklungen ... 54 2. Grundlagen in SAP S/4HANA ... 57 2.1 ... Die verschiedenen Versionen von SAP S/4HANA ... 58 2.2 ... Wichtige Konzepte von SAP S/4HANA ... 60 2.3 ... Grundeinstellungen im Finanzwesen ... 77 2.4 ... Grundeinstellungen in Materialwirtschaft und Vertrieb ... 100 2.5 ... Zusammenwirken der Anwendungen in der Steuerfindung ... 150 2.6 ... Veränderung der Datenstrukturen in SAP S/4HANA ... 162 2.7 ... Werke im Ausland ... 165 3. Umsatzsteuerfindung in den Grundprozessen ... 171 3.1 ... Einkauf ... 171 3.2 ... Vertrieb ... 201 4. Umsatzsteuerfindung in den Sonderprozessen ... 243 4.1 ... Reihengeschäfte ... 243 4.2 ... Innergemeinschaftliches Verbringen ... 277 4.3 ... Besondere Zahlungsverfahren ... 290 5. Meldewesen ... 307 5.1 ... Umsatzsteuer-Voranmeldung ... 307 5.2 ... Zusammenfassende Meldung ... 336 5.3 ... SAP Document and Reporting Compliance ... 345 5.4 ... Intrastat-Meldung ... 354 6. Umsatzsteuerliche Auswertungen ... 369 6.1 ... Umsatzsteuer- und Vorsteuerverprobung ... 370 6.2 ... SAP Tax Audit ... 380 7. Einordnung verschiedener Lösungsansätze für umsatzsteuerliche Aufgabenbereiche ... 395 7.1 ... Steuerfindung ... 397 7.2 ... Überwachung ... 425 7.3 ... Meldewesen ... 431 7.4 ... Fazit ... 447 Anhang ... 449 A ... Umsatzsteuer-Voranmeldung 2024 ... 449 B ... SAP-Transaktionscodes ... 453 C ... Die Autoren ... 457 Index ... 459
Produktionsplanung und -steuerung mit SAP S/4HANA - Customizing
Dieses Buch ist Ihr unverzichtbarer Begleiter für die erfolgreiche Implementierung und Konfiguration der Produktionsplanung und -steuerung mit SAP S/4HANA. Erfahren Sie, wie Sie die Stammdaten optimal pflegen, Bedarfs- und Kapazitätsplanung effizient steuern sowie Fertigungsaufträge und Kanban-Boards anlegen. Das Autorenteam zeigt Ihnen anhand vieler Screenshots und Praxisbeispiele, worauf es im Customizing ankommt. Aus dem Inhalt: StammdatenGrunddatenProduktionsplanungKapazitätsplanungBedarfsplanungFertigungssteuerung Kanban Diskrete FertigungSerienfertigungProzessfertigungPlanung von ProduktionslosenIntegration mit MES Einleitung ... 17 1. Einführung in die Produktionsplanung und -steuerung mit SAP S/4HANA ... 23 1.1 ... Fertigungsarten ... 23 1.2 ... Production Planning and Detailed Scheduling (PP/DS) ... 26 1.3 ... SAP Integrated Business Planning (IBP) ... 28 1.4 ... Zusammenfassung ... 30 2. Stammdaten für die Produktion ... 33 2.1 ... Materialstamm ... 34 2.2 ... Arbeitsplan ... 38 2.3 ... Zusammenfassung ... 49 3. Grunddaten ... 51 3.1 ... Stückliste ... 51 3.2 ... Arbeitsplatz ... 69 3.3 ... Arbeitsplan ... 105 3.4 ... Zusammenfassung ... 125 4. Programm- und Leitteileplanung ... 127 4.1 ... Programmplanung ... 128 4.2 ... Leitteilplanung ... 143 4.3 ... Zusammenfassung ... 146 5. Kapazitätsplanung ... 147 5.1 ... Vorgänge ... 147 5.2 ... Auswertung ... 165 5.3 ... Kapazitätsabgleich und erweiterte Auswertung ... 176 5.4 ... Berechtigungen festlegen ... 201 5.5 ... Zusammenfassung ... 201 6. Bedarfsplanung ... 203 6.1 ... Werksparameter ... 204 6.2 ... Dispositionsgruppen ... 213 6.3 ... Nummernkreise ... 238 6.4 ... Stammdaten ... 241 6.5 ... Planung ... 267 6.6 ... Beschaffungsvorschläge ... 280 6.7 ... Auswertung ... 281 6.8 ... Zusammenfassung ... 294 7. Fertigungssteuerung ... 297 7.1 ... Stammdaten ... 298 7.2 ... Vorgänge ... 334 7.3 ... Integration ... 389 7.4 ... Bildsteuerung ... 392 7.5 ... Informationssystem ... 396 7.6 ... Workflows ... 412 7.7 ... Systemanpassungen ... 419 7.8 ... Zusammenfassung ... 422 8. Kanban ... 423 8.1 ... Nummernkreise ... 424 8.2 ... Verantwortlichen für Produktionsversorgungsbereich festlegen ... 426 8.3 ... Zusatzfunktionen für Regelkreise aktivieren ... 427 8.4 ... Nachschubstrategie ... 427 8.5 ... Status ... 437 8.6 ... Kanbantafel ... 442 8.7 ... Automatische Kanbanberechnung und Terminierung ... 446 8.8 ... Mengenabruf ... 453 8.9 ... Umlagerung für Kanban (mit Lagerverwaltungssystem WM) ... 464 8.10 ... Löschung ereignisgesteuerter Kanbans einstellen ... 467 8.11 ... Business Add-Ins (BAdIs) ... 468 8.12 ... Zusammenfassung ... 468 9. Serienfertigung ... 471 9.1 ... Serienfertigung in SAP S/4HANA -- Kompatibilitätsumfang ... 472 9.2 ... Überblick über die Produktions- und Feinplanung (PP/DS) in SAP S/4HANA ... 473 9.3 ... Überblick über die Serienfertigung in SAP ERP ... 474 9.4 ... Steuerung für die Serienfertigung ... 475 9.5 ... Planung für die Serienfertigung ... 484 9.6 ... Kostenträgerrechnung in der Serienfertigung ... 495 9.7 ... Zusammenfassung ... 497 10. Planung von Produktionslosen ... 499 10.1 ... Grundlegende Einstellungen für die Produktionslosverarbeitung in SAP S/4HANA ... 500 10.2 ... Produktionslostypen ... 507 10.3 ... Stammdatenkonfiguration ... 508 10.4 ... Durchführung der Produktionslosplanung ... 508 10.5 ... Reduzierung der Planprimärbedarfe ... 511 10.6 ... Einträge aus Mandant 000 kopieren ... 511 10.7 ... Zusammenfassung ... 515 11. Integration mit einem Manufacturing-Execution-System ... 517 11.1 ... Voraussetzungen zur Integration von SAP S/4HANA und einem MES ... 518 11.2 ... Fertigungsaufträge mit einem MES integrieren ... 520 11.3 ... Bestandsführung mit einem MES integriert ... 526 11.4 ... IDocs für die Integration mit einem MES erweitern ... 527 11.5 ... Systemanpassungen ... 528 11.6 ... Zusammenfassung ... 530 12. Fertigungstechnik und Fertigungsprozesse ... 531 12.1 ... Allgemeine Einstellungen ... 532 12.2 ... Fertigungstechnik ... 535 12.3 ... Modularisiertes Produkt ... 544 12.4 ... Business Add-Ins für die Fertigungstechnik und Fertigungsvorgänge ... 545 12.5 ... Zusammenfassung ... 547 Das Autorenteam ... 549 Index ... 551
Cloud-Infrastrukturen
Infrastructure as a Service: Moderne IT-Infrastrukturen werden in die Cloud integriert und nutzen die Rechenzentren von Amazon, Microsoft und Co. Das ermöglicht ganz neue Arbeitsweisen und verspricht mühelose Skalierbarkeit und eine einfache Administration – aber der Teufel steckt im Detail! Wo AWS, Azure und andere Anbieter echte Vorteile ausspielen können, welche Probleme sich dort verstecken und wie Sie die Dienste richtig nutzen, zeigen Ihnen Kevin Welter und Daniel Stender anhand vieler Praxisbeispiele und Anleitungen in diesem Handbuch. Aus dem Inhalt: Public Cloud Computing: IaaS und PaaSWerkzeuge und Skills für Cloud EngineersIaaS-Anbieter verwendenAmazon Web Services, Azure, Google Compute Engine und andere: Welcher Anbieter ist der Richtige für mich?Hybrid- und Multicloud-ComputingCloud-Infrastrukturen automatisch ausrollenCloud-Infrastrukturen mit Ansible konfigurierenServer testenMonitoring mit PrometheusRessourcen programmieren Inhalt ... 1. Cloud Computing ... 19 1.1 ... Welcome to the Cloud ... 20 1.2 ... Public Cloud Computing ... 30 1.3 ... DevOps ... 43 1.4 ... Container ... 55 2. Grundlegende Fertigkeiten und Werkzeuge für Cloud-Engineers ... 65 2.1 ... Python ... 66 2.2 ... Google Go ... 98 2.3 ... Docker ... 132 2.4 ... Kubernetes ... 162 3. IaaS-Anbieter verwenden ... 191 3.1 ... Amazon Elastic Compute Cloud ... 192 3.2 ... Microsoft Azure ... 246 3.3 ... Google Compute Engine ... 288 3.4 ... DigitalOcean ... 298 3.5 ... Hetzner Cloud ... 308 3.6 ... Multi-Cloud- und Hybrid-Cloud-Computing ... 316 4. Cloud-Infrastruktur automatisiert ausrollen ... 321 4.1 ... AWS CloudFormation ... 322 4.2 ... AWS CDK ... 352 4.3 ... Azure Resource Manager ... 365 4.4 ... Terraform ... 377 5. Cloud-Instanzen konfektionieren ... 395 5.1 ... Hashicorp Packer ... 396 5.2 ... Cloud-Init ... 413 6. Cloud-Instanzen mit Ansible konfigurieren ... 425 6.1 ... Ansible installieren ... 429 6.2 ... ansible ... 431 6.3 ... Konfiguration ... 436 6.4 ... Statisches Inventar ... 438 6.5 ... Module ... 442 6.6 ... Playbook ... 457 6.7 ... Rollen ... 473 6.8 ... Dynamisches Inventar ... 484 6.9 ... Cloud-Module ... 495 6.10 ... Kubernetes-Cluster deployen ... 502 7. Cloud-Instanzen testen ... 513 7.1 ... Testinfra ... 515 7.2 ... Terratest ... 527 8. Cloud-Monitoring mit Prometheus ... 537 8.1 ... Prometheus-Server ... 540 8.2 ... node_exporter ... 546 8.3 ... Service Discovery ... 553 8.4 ... PromQL ... 558 8.5 ... Alarme ... 565 9. Cloud-Ressourcen mit Boto3 programmieren ... 571 9.1 ... Boto3 ... 572 9.2 ... Zugriff auf die Hetzner-Cloud mit hcloud-python ... 583 9.3 ... Azure-SDK für Python ... 589 9.4 ... Abschluss ... 595 Index ... 597
Anlagenbuchhaltung mit SAP S/4HANA
In diesem Buch lernen Sie, worauf es beider Einführung der neuen Anlagenbuchhaltung in SAP S/4HANA ankommt. Ob neues Hauptbuch, Belegaufteilung oder Jahresabschluss: Lena Lampe macht Sie in diesem Leitfaden schrittweise mit den wichtigsten Abläufen vertraut und zeigt Ihnen, was es beim Customizing zu beachten gilt. Aus dem Inhalt: In-Memory-TechnologieSAP-Fiori-AppsUniversal JournalOrganisationsstrukturenStammdatenaufbauAnlagenklassenGeschäftsprozesseReportingTests durchführenUmstieg auf SAP S/4HANA (Greenfield und Brownfield)Transaktionen und Customizing-PfadePraktische Checklisten Einleitung ... 13 1. Die neue Anlagenbuchhaltung in SAP S/4HANA ... 19 1.1 ... Einführung in SAP HANA und SAP S/4HANA ... 20 1.2 ... Veränderungen im Rechnungswesen durch SAP S/4HANA ... 25 1.3 ... Integration von SAP Fiori in SAP S/4HANA ... 32 1.4 ... Universelle parallele Rechnungslegung ... 37 1.5 ... Zusammenfassung ... 39 2. Organisationsstrukturen in der Anlagenbuchhaltung ... 41 2.1 ... Gliederung des Anlagevermögens ... 42 2.2 ... Bewertungsplan und -bereiche definieren ... 46 2.3 ... Ländereinstellungen auf Vollständigkeit prüfen ... 59 2.4 ... Zuordnung von Buchungskreis und Bewertungsplan festlegen ... 62 2.5 ... Anlagenklassen ausprägen ... 64 2.6 ... Zusammenfassung ... 75 3. Grundfunktionen für die Stammdatenpflege ... 77 3.1 ... Steuerung des Bildaufbaus ... 77 3.2 ... Benutzerfelder ... 88 3.3 ... Validierung oder Substitution eingegebener Werte ... 97 3.4 ... Zusammenfassung ... 101 4. Customizing der Anlagenbuchhaltung ... 103 4.1 ... Integration der Anlagenbuchhaltung mit anderen SAP-Komponenten ... 104 4.2 ... Integration mit dem Hauptbuch ... 105 4.3 ... Allgemeine Bewertungsangaben ... 131 4.4 ... Einstellungen für Abschreibungen vornehmen ... 154 4.5 ... Spezielle Bewertungen ... 186 4.6 ... Zusammenfassung ... 191 5. Vorgänge ausprägen ... 193 5.1 ... Bewegungsarten ... 194 5.2 ... Anlagenzugänge ... 196 5.3 ... Anlagenabgänge ... 216 5.4 ... Anlagenumbuchungen ... 226 5.5 ... Anlagentransfer ... 232 5.6 ... Aktivierung von Anlagen im Bau ... 237 5.7 ... Sonstige Vorgänge im Lebenslauf einer Anlage ... 247 5.8 ... Zusammenfassung ... 262 6. Berichtserstellung in der Anlagenbuchhaltung ... 263 6.1 ... Überblick über die Reporting-Optionen ... 263 6.2 ... Standardreports im On-Premise-System ... 264 6.3 ... Berichterstellung mit SAP-Fiori-Apps ... 290 6.4 ... Zusammenfassung ... 300 7. Testen der Anlagenbuchhaltungsprozesse ... 301 7.1 ... Werkzeuge zum Testen ... 302 7.2 ... Anlage anlegen ... 303 7.3 ... Zugang einer Anlage buchen ... 312 7.4 ... Anlagen im Bau aktivieren ... 339 7.5 ... Abgang einer Anlage buchen ... 354 7.6 ... Inventur durchführen ... 367 7.7 ... Massenvorgänge ... 372 7.8 ... Zeitnaher Wertansatz zur Anlagenbewertung ... 377 7.9 ... Abschlussaktivitäten ... 385 7.10 ... Testdokumentation und Testabnahme ... 398 7.11 ... Zusammenfassung ... 400 8. Datenübernahme für die Anlagenbuchhaltung ... 403 8.1 ... Parameter für die Datenübernahme ... 403 8.2 ... Zeitpunkt der Übernahme ... 407 8.3 ... Übernahmemethoden ... 409 8.4 ... Datenmigration mit dem Migrationscockpit ... 421 8.5 ... Anlagenobjekte archivieren ... 429 8.6 ... Zusammenfassung ... 434 9. Produktionsvorbereitung ... 435 9.1 ... Konsistenz prüfen ... 435 9.2 ... Einstellungen prüfen ... 443 9.3 ... Produktivstart ... 445 9.4 ... Datenmigration von der klassischen zur neuen Anlagenbuchhaltung ... 448 9.5 ... Zusammenfassung ... 450 Anhang ... 451 A ... Übersichten ... 451 Die Autorin ... 465 Index ... 467
A Beginner's Guide To Web Application Penetration Testing
A HANDS-ON, BEGINNER-FRIENDLY INTRO TO WEB APPLICATION PENTESTINGIn A Beginner's Guide to Web Application Penetration Testing, seasoned cybersecurity veteran Ali Abdollahi delivers a startlingly insightful and up-to-date exploration of web app pentesting. In the book, Ali takes a dual approach—emphasizing both theory and practical skills—equipping you to jumpstart a new career in web application security. You'll learn about common vulnerabilities and how to perform a variety of effective attacks on web applications. Consistent with the approach publicized by the Open Web Application Security Project (OWASP), the book explains how to find, exploit and combat the ten most common security vulnerability categories, including broken access controls, cryptographic failures, code injection, security misconfigurations, and more. A Beginner's Guide to Web Application Penetration Testing walks you through the five main stages of a comprehensive penetration test: scoping and reconnaissance, scanning, gaining and maintaining access, analysis, and reporting. You'll also discover how to use several popular security tools and techniques—like as well as:* Demonstrations of the performance of various penetration testing techniques, including subdomain enumeration with Sublist3r and Subfinder, and port scanning with Nmap* Strategies for analyzing and improving the security of web applications against common attacks, including* Explanations of the increasing importance of web application security, and how to use techniques like input validation, disabling external entities to maintain securityPerfect for software engineers new to cybersecurity, security analysts, web developers, and other IT professionals, A Beginner's Guide to Web Application Penetration Testing will also earn a prominent place in the libraries of cybersecurity students and anyone else with an interest in web application security. ALI ABDOLLAHI is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events. Foreword xviiIntroduction xixCHAPTER 1 INTRODUCTION TO WEB APPLICATION PENETRATION TESTING 1The Importance of Web Application Security 3Overview of Web Application Penetration Testing 6The Penetration Testing Process 8Methodologies 12Tools and Techniques 14Reporting 16Types of Web Application Vulnerabilities 17Key Takeaways 25CHAPTER 2 SETTING UP YOUR PENETRATION TESTING ENVIRONMENT 27Setting Up Virtual Machines 28Container Option 29Kali Linux Installation 30PentestBox 34Installing DVWA 35OWASP Juice Shop 40Burp Suite 41OWASP ZED Attack Proxy 46WILEY Preconfigured Environment 49Key Takeaways 49CHAPTER 3 RECONNAISSANCE AND INFORMATION GATHERING 51Passive Information Gathering 52Automating Subdomain Enumeration 61Active Information Gathering 64Open-Source Intelligence Gathering 77Key Takeaways 88CHAPTER 4 CROSS-SITE SCRIPTING 89XSS Categories 90Reflected XSS 91Stored XSS 93Automatic User Session Hijacking 94Website Defacement Using XSS 96DOM-Based XSS 97Self-XSS 98Browser Exploitation Framework 100XSS Payloads and Bypasses 102XSS Mitigation Techniques 105Reflected XSS Bypass Techniques 107Stored XSS Bypass Technique 110Key Takeaways 112CHAPTER 5 SQL INJECTION 113What Is SQL Injection? 113Types of SQL Injection 114Error-Based SQL Injection 117Union-Based SQL Injection 117Blind SQL Injection 123SQLMap 126SQL Injection Payloads with ChatGPT 140SQL Injection Prevention 142Key Takeaways 145CHAPTER 6 CROSS-SITE REQUEST FORGERY 147Hunting CSRF Vulnerability 149CSRF Exploitation 149XSS and CSRF 151Clickjacking 152Generating an Effective Proof of Concept Using ChatGPT 154Tips for Developers 157Key Takeaways 158CHAPTER 7 SERVER-SIDE ATTACKS AND OPEN REDIRECTS 159Server-Side Request Forgery 159SSRF in Action 160SSRF Vulnerability 162Blind SSRF 164Local File Inclusion 166Remote File Inclusion 170Open Redirect 173Server-Side Attacks Differences 177Security Mitigations 178Key Takeaways 181CHAPTER 8 XML-BASED ATTACKS 183XML Fundamentals 183XXE Exploitation 185Hunting XML Entry Points 187SSRF Using XXE 192DoS Using XXE 193XXE Payload and Exploitation with ChatGPT 195XML-Based Attacks Countermeasures 196Key Takeaways 198CHAPTER 9 AUTHENTICATION AND AUTHORIZATION 201Password Cracking and Brute-Force Attacks 205Credential Stuffing Attack 211Password Spraying 213Password Spraying Using Burp Suite Intruder 214Other Automated Tools for Password Attacks 215JSON Web Token 223Key Takeaways 225CHAPTER 10 API ATTACKS 227OWASP API Top 10 228API Enumeration and Discovery 230API Discovery Using ChatGPT 231API Broken Object-Level Authorization Exploitation 235Rate Limiting 240API Penetration Testing Tools 242API Security Tips 244Key Takeaways 245APPENDIX A BEST PRACTICES AND STANDARDS 247Information Gathering 248Configuration and Deployment Management Testing 251Identity Management Testing 254Authentication Testing 256Authorization Testing 261Session Management Testing 265Input Validation Testing 273Testing for Error Handling 285Testing for Weak Cryptography 286Business Logic Testing 290Client-Side Testing 297APPENDIX B CWE AND CVSS SCORE 307Base Score 308Temporal Score 308Environmental Score 309APPENDIX C WRITING EFFECTIVE AND COMPREHENSIVE PENETRATION TESTING REPORTS 311Table of Contents (ToC) 311Project History and Timeline 311Scope 312Testing Approach 312Executive Summary 312Industry Standard 312Findings Table 312Findings Details 313Key Takeaways 315Index 317
A Beginner's Guide To Web Application Penetration Testing
A HANDS-ON, BEGINNER-FRIENDLY INTRO TO WEB APPLICATION PENTESTINGIn A Beginner's Guide to Web Application Penetration Testing, seasoned cybersecurity veteran Ali Abdollahi delivers a startlingly insightful and up-to-date exploration of web app pentesting. In the book, Ali takes a dual approach—emphasizing both theory and practical skills—equipping you to jumpstart a new career in web application security. You'll learn about common vulnerabilities and how to perform a variety of effective attacks on web applications. Consistent with the approach publicized by the Open Web Application Security Project (OWASP), the book explains how to find, exploit and combat the ten most common security vulnerability categories, including broken access controls, cryptographic failures, code injection, security misconfigurations, and more. A Beginner's Guide to Web Application Penetration Testing walks you through the five main stages of a comprehensive penetration test: scoping and reconnaissance, scanning, gaining and maintaining access, analysis, and reporting. You'll also discover how to use several popular security tools and techniques—like as well as:* Demonstrations of the performance of various penetration testing techniques, including subdomain enumeration with Sublist3r and Subfinder, and port scanning with Nmap* Strategies for analyzing and improving the security of web applications against common attacks, including* Explanations of the increasing importance of web application security, and how to use techniques like input validation, disabling external entities to maintain securityPerfect for software engineers new to cybersecurity, security analysts, web developers, and other IT professionals, A Beginner's Guide to Web Application Penetration Testing will also earn a prominent place in the libraries of cybersecurity students and anyone else with an interest in web application security. ALI ABDOLLAHI is a cybersecurity researcher with over 12 years of experience. Currently, he is the application and offensive security manager at Canon EMEA. He studied computer engineering, published articles, and holds several professional certificates. Ali is a Microsoft MVP and regular speaker or trainer at industry conferences and events. Foreword xviiIntroduction xixCHAPTER 1 INTRODUCTION TO WEB APPLICATION PENETRATION TESTING 1The Importance of Web Application Security 3Overview of Web Application Penetration Testing 6The Penetration Testing Process 8Methodologies 12Tools and Techniques 14Reporting 16Types of Web Application Vulnerabilities 17Key Takeaways 25CHAPTER 2 SETTING UP YOUR PENETRATION TESTING ENVIRONMENT 27Setting Up Virtual Machines 28Container Option 29Kali Linux Installation 30PentestBox 34Installing DVWA 35OWASP Juice Shop 40Burp Suite 41OWASP ZED Attack Proxy 46WILEY Preconfigured Environment 49Key Takeaways 49CHAPTER 3 RECONNAISSANCE AND INFORMATION GATHERING 51Passive Information Gathering 52Automating Subdomain Enumeration 61Active Information Gathering 64Open-Source Intelligence Gathering 77Key Takeaways 88CHAPTER 4 CROSS-SITE SCRIPTING 89XSS Categories 90Reflected XSS 91Stored XSS 93Automatic User Session Hijacking 94Website Defacement Using XSS 96DOM-Based XSS 97Self-XSS 98Browser Exploitation Framework 100XSS Payloads and Bypasses 102XSS Mitigation Techniques 105Reflected XSS Bypass Techniques 107Stored XSS Bypass Technique 110Key Takeaways 112CHAPTER 5 SQL INJECTION 113What Is SQL Injection? 113Types of SQL Injection 114Error-Based SQL Injection 117Union-Based SQL Injection 117Blind SQL Injection 123SQLMap 126SQL Injection Payloads with ChatGPT 140SQL Injection Prevention 142Key Takeaways 145CHAPTER 6 CROSS-SITE REQUEST FORGERY 147Hunting CSRF Vulnerability 149CSRF Exploitation 149XSS and CSRF 151Clickjacking 152Generating an Effective Proof of Concept Using ChatGPT 154Tips for Developers 157Key Takeaways 158CHAPTER 7 SERVER-SIDE ATTACKS AND OPEN REDIRECTS 159Server-Side Request Forgery 159SSRF in Action 160SSRF Vulnerability 162Blind SSRF 164Local File Inclusion 166Remote File Inclusion 170Open Redirect 173Server-Side Attacks Differences 177Security Mitigations 178Key Takeaways 181CHAPTER 8 XML-BASED ATTACKS 183XML Fundamentals 183XXE Exploitation 185Hunting XML Entry Points 187SSRF Using XXE 192DoS Using XXE 193XXE Payload and Exploitation with ChatGPT 195XML-Based Attacks Countermeasures 196Key Takeaways 198CHAPTER 9 AUTHENTICATION AND AUTHORIZATION 201Password Cracking and Brute-Force Attacks 205Credential Stuffing Attack 211Password Spraying 213Password Spraying Using Burp Suite Intruder 214Other Automated Tools for Password Attacks 215JSON Web Token 223Key Takeaways 225CHAPTER 10 API ATTACKS 227OWASP API Top 10 228API Enumeration and Discovery 230API Discovery Using ChatGPT 231API Broken Object-Level Authorization Exploitation 235Rate Limiting 240API Penetration Testing Tools 242API Security Tips 244Key Takeaways 245APPENDIX A BEST PRACTICES AND STANDARDS 247Information Gathering 248Configuration and Deployment Management Testing 251Identity Management Testing 254Authentication Testing 256Authorization Testing 261Session Management Testing 265Input Validation Testing 273Testing for Error Handling 285Testing for Weak Cryptography 286Business Logic Testing 290Client-Side Testing 297APPENDIX B CWE AND CVSS SCORE 307Base Score 308Temporal Score 308Environmental Score 309APPENDIX C WRITING EFFECTIVE AND COMPREHENSIVE PENETRATION TESTING REPORTS 311Table of Contents (ToC) 311Project History and Timeline 311Scope 312Testing Approach 312Executive Summary 312Industry Standard 312Findings Table 312Findings Details 313Key Takeaways 315Index 317
Das Öffentliche und das Private
Technologische Entwicklungen beeinflussen öffentliches Leben in Politik und Wirtschaft, aber auch unser eigenes, privates Dasein. Gewollt oder ungewollt kommen wir täglich – und sogar des Nachts, wenn wir schlafen – mit Technologien in Berührung, die wir selbst nur bedingt kontrollieren können oder wollen. Es gibt keine Lebenslage, in denen eine Berührung mit elektronischen Systemen nicht gegeben ist. Insofern hat die Menschheit ihre informatorische Unschuld für immer verloren, bis hin zum Missbrauch persönlichen Identitäten in sozialen Netzen, in denen ein Leben in Scheinidentitäten stattzufinden scheint. Information und Kommunikation sind Wirtschaftsfaktoren geworden, die am Ende des Industriezeitalters und am Beginn des Wissenszeitalters zu stehen scheinen. Das technisch Hergestellte wird dem Organischen immer ähnlicher. Natur und Maschinen verschmelzen und entziehen sich unserer Kontrolle. Man tut, was dem System nutzt. Das Leben wird zu einer Risiko- und Wahrscheinlichkeitsrechnung, und das Ich nur noch zu einem Interface. Einführung. Technologischer Überblick und Mitspieler (betroffene Lebensbereiche, kommerzielle und öffentliche IT-Anwendungen, private Nutzung). e-commerce (CRM, Wahrheit als Ware). Smart Energy. Soziale Netze. Telematik (Verkehrslenkung, connected car, PAYD, PHYD, Telemedizin, UBI, Telebanking, Wearables etc.). Wissensökonomie / Informationsökonomie. Big Data (FutureIC, Pre-Crime Analytics, Nacktscanner). Das Ende der Kontrolle (Kevin Kelly, Frank Schirrmachers No.2). Sicherheitsaspekte. Die tägliche Begegnung mit dem Roboter. WOLFGANG OSTERHAGE ist Diplom-Ingenieur mit Promotionen in Physik und Informationstechnologie und war lange Jahre als Berater in internationalen Organisationen, der freien Wirtschaft und als Dozent an verschiedenen Institutionen tätig. Er hat eine Vielzahl von Büchern zu physikalischen und IT-Themen veröffentlich. Lebt und arbeitet als freier Autor im Rheinland
Snowflake Recipes
Explore Snowflake’s core concepts and unique features that differentiates it from industry competitors, such as, Azure Synapse and Google BigQuery. This book provides recipes for architecting and developing modern data pipelines on the Snowflake data platform by employing progressive techniques, agile practices, and repeatable strategies.You’ll walk through step-by-step instructions on ready-to-use recipes covering a wide range of the latest development topics. Then build scalable development pipelines and solve specific scenarios common to all modern data platforms, such as, data masking, object tagging, data monetization, and security best practices. Throughout the book you’ll work with code samples for Amazon Web Services, Microsoft Azure, and Google Cloud Platform. There’s also a chapter devoted to solving machine learning problems with Snowflake.Authors Dillon Dayton and John Eipe are both Snowflake SnowPro Core certified, specializing in data and digital services, and understand the challenges of finding the right solution to complex problems. The recipes in this book are based on real world use cases and examples designed to help you provide quality, performant, and secured data to solve business initiatives.WHAT YOU’LL LEARN* Handle structured and un- structured data in Snowflake.* Apply best practices and different options for data transformation.* Understand data application development. * Implement data sharing, data governance and security.WHO THIS BOOK IS FORData engineers, scientists and analysts moving into Snowflake, looking to build data apps. This book expects basic knowledge in Cloud (AWS or Azure or GCP), SQL and PythonDillon Dayton is a senior consultant for CDW. Over the last 10 years he has performed in a data engineering and architect role with numerous companies across a slew of industries including healthcare, retail, and finance. Dillon is Snowflake SnowPro Core certified and participates in the Snowflake SME program. In his spare time, he enjoys applying his data and engineering background to hobbies like motorsports, gardening, and fishing.John Eipe is a Senior Solutions Specialist for CDW and has over 10 years of experience in various roles from enterprise application development to data engineering. He worked primarily with customers from the ecommerce and insurance domain. John is Snowflake SnowPro Core certified and has been working extensively on Snowflake in the recent years. Apart from work, he enjoys cooking and time with his kids.Chapter 1: Introduction to Snowflake.- Chapter 2: Bringing Your Data into Snowflake.- Chapter 3: Handling Atypical Data.- Chapter 4: Data Security and Privacy.- Chapter 5: Handling Near and Real Time Data.- Chapter 6: Programmable Data Pipelines.- Chapter 7: Data Reusability and Monetization.- Chapter 8: Data Recovery and Protection.- Chapter 9: Applications Integration.- Chapter 10: Machine Learning.
IAPP CIPP / US Certified Information Privacy Professional Study Guide
PREPARE FOR SUCCESS ON THE IAPP CIPP/US EXAM AND FURTHER YOUR CAREER IN PRIVACY WITH THIS EFFECTIVE STUDY GUIDE - NOW INCLUDES A DOWNLOADABLE SUPPLEMENT TO GET YOU UP TO DATE ON THE CURRENT CIPP EXAM FOR 2024-2025!Information privacy has become a critical and central concern for small and large businesses across the United States. At the same time, the demand for talented professionals able to navigate the increasingly complex web of legislation and regulation regarding privacy continues to increase. Written from the ground up to prepare you for the United States version of the Certified Information Privacy Professional (CIPP) exam, Sybex's IAPP CIPP/US Certified Information Privacy Professional Study Guide also readies you for success in the rapidly growing privacy field. You'll efficiently and effectively prepare for the exam with online practice tests and flashcards as well as a digital glossary. The concise and easy-to-follow instruction contained in the IAPP/CIPP Study Guide covers every aspect of the CIPP/US exam, including the legal environment, regulatory enforcement, information management, private sector data collection, law enforcement and national security, workplace privacy and state privacy law, and international privacy regulation.* Provides the information you need to gain a unique and sought-after certification that allows you to fully understand the privacy framework in the US* Fully updated to prepare you to advise organizations on the current legal limits of public and private sector data collection and use* Includes 1 year free access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questionsPerfect for anyone considering a career in privacy or preparing to tackle the challenging IAPP CIPP exam as the next step to advance an existing privacy role, the IAPP CIPP/US Certified Information Privacy Professional Study Guide offers you an invaluable head start for success on the exam and in your career as an in-demand privacy professional. ABOUT THE AUTHORSMIKE CHAPPLE, PHD, CIPP/US, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is the bestselling author of over 25 technical books. He is also the Academic Director of the University’s Master of Science in Business Analytics program. JOE SHELLEY, CIPP/US, is the Vice President for Libraries and Information Technology at Hamilton College in New York. He oversees the information security and privacy programs, IT risk management, business intelligence and analytics, and data governance. ContentsIntroduction xixAssessment Test xxixChapter 1 Privacy in the Modern Era 1Introduction to Privacy 2What Is Privacy? 3What Is Personal Information? 4What Isn’t Personal Information? 5Why Should We Care About Privacy? 7Generally Accepted Privacy Principles 8Management 9Notice 9Choice and Consent 10Collection 10Use, Retention, and Disposal 11Access 11Disclosure to Third Parties 12Security for Privacy 12Quality 14Monitoring and Enforcement 14Developing a Privacy Program 15Crafting Strategy, Goals, and Objectives 15Appointing a Privacy Official 16Privacy Roles 17Building Inventories 18Conducting a Privacy Assessment 18Implementing Privacy Controls 20Ongoing Operation and Monitoring 20Online Privacy 20Privacy Notices 21Privacy and Cybersecurity 21Cybersecurity Goals 22Relationship Between Privacy and Cybersecurity 23Privacy by Design 24Summary 25Exam Essentials 25Review Questions 27Chapter 2 Legal Environment 31Branches of Government 32Legislative Branch 32Executive Branch 33Judicial Branch 34Understanding Laws 36Sources of Law 36Analyzing a Law 41Legal Concepts 43Legal Liability 44Torts and Negligence 45Summary 46Exam Essentials 46Review Questions 48Chapter 3 Regulatory Enforcement 53Federal Regulatory Authorities 54Federal Trade Commission 54Federal Communications Commission 60Department of Commerce 61Department of Health and Human Services 61Banking Regulators 62Department of Education 63State Regulatory Authorities 63Self-Regulatory Programs 64Payment Card Industry 65Advertising 65Trust Marks 66Safe Harbors 66Summary 67Exam Essentials 68Review Questions 69Chapter 4 Information Management 73Data Governance 74Building a Data Inventory 74Data Classification 75Data Flow Mapping 77Data Lifecycle Management 78Workforce Training 79Cybersecurity Threats 80Threat Actors 81Incident Response 86Phases of Incident Response 86Preparation 87Detection and Analysis 88Containment, Eradication, and Recovery 88Post-incident Activity 88Building an Incident Response Plan 90Data Breach Notification 92Vendor Management 93Summary 94Exam Essentials 95Review Questions 97Chapter 5 Private Sector Data Collection 101FTC Privacy Protection 103General FTC Privacy Protection 103The Children’s Online Privacy Protection Act (COPPA) 104Future of Federal Enforcement 107Medical Privacy 110The Health Insurance Portability and AccountabilityAct (HIPAA) 111The Health Information Technology for Economic andClinical Health Act 119The 21st Century Cures Act 120Confidentiality of Substance Use Disorder PatientRecords Rule 121Financial Privacy 122Privacy in Credit Reporting 122Gramm–Leach–Bliley Act (GLBA) 125Red Flags Rule 129Consumer Financial Protection Bureau 130Educational Privacy 131Family Educational Rights and Privacy Act (FERPA) 131Telecommunications and Marketing Privacy 132Telephone Consumer Protection Act (TCPA) andTelemarketing Sales Rule (TSR) 133The Junk Fax Prevention Act (JFPA) 136Controlling the Assault of Non-solicited Pornographyand Marketing (CAN-SPAM) Act 136Telecommunications Act and Customer ProprietaryNetwork Information 138Cable Communications Policy Act 139Video Privacy Protection Act (VPPA) of 1988 140Driver’s Privacy Protection Act (DPPA) 141Digital Advertising and Data Ethics 142Web Scraping 143Summary 143Exam Essentials 144Review Questions 146Chapter 6 Government and Court Access to Private SectorInformation 151Law Enforcement and Privacy 152Access to Financial Data 153Access to Communications 157National Security and Privacy 162Foreign Intelligence Surveillance Act (FISA) of 1978 162FISA Amendments Act Section 702 164USA-PATRIOT Act 165The USA Freedom Act of 2015 167The Cybersecurity Information Sharing Act of 2015 168Civil Litigation and Privacy 169Compelled Disclosure of Media Information 170Electronic Discovery 171Summary 173Exam Essentials 173Review Questions 175Chapter 7 Workplace Privacy 179Introduction to Workplace Privacy 180Workplace Privacy Concepts 180U.S. Agencies Regulating Workplace Privacy Issues 181U.S. Antidiscrimination Laws 182Privacy Before, During, and After Employment 185Automated Employment Decision Tools 186Employee Background Screening 186Employee Monitoring 190Investigation of Employee Misconduct 194Termination of the Employment Relationship 196Summary 197Exam Essentials 198Review Questions 200Chapter 8 State Privacy Laws 205Federal vs. State Authority 206Elements of State Privacy Laws 207Applicability 207Data Subject Rights 208Privacy Notice Requirements 209Data Protection 209Enforcement 211Data Breach Notification 212Elements of State Data Breach Notification Laws 212Key Differences Among States 214Significant Developments 215Other Recent Updates to State Breach Notification Laws 218Comprehensive State Privacy Laws 220California Consumer Privacy Act (2018) andCalifornia Privacy Rights Act (2020) 220Virginia Consumer Data Protection Act 223Colorado Privacy Act 226Connecticut Data Privacy Act 229Utah 231Florida 232Oregon 234Texas 237Montana 239Subject-Specific State Privacy Laws 241Health and Genetic Information 241Online Privacy 243Biometric Information Privacy Regulations 247AI and Automated Decision-Making 249Data Brokers 250Financial Privacy 251California Financial Information Privacy Act 252Recent Developments 253Marketing Laws 254Summary 255Exam Essentials 256Review Questions 258Chapter 9 International Privacy Regulation 263International Data Transfers 264European Union General Data Protection Regulation 265Adequacy Decisions 268Binding Corporate Rules 272Standard Contractual Clauses 273Other Approved Transfer Mechanisms 273APEC Privacy Framework 274Cross-Border Enforcement Issues 276Global Privacy Enforcement Network 276Resolving Multinational Compliance Conflicts 276Summary 277Exam Essentials 277Review Questions 279Appendix Answers to Review Questions 283Chapter 1: Privacy in the Modern Era 284Chapter 2: Legal Environment 285Chapter 3: Regulatory Enforcement 287Chapter 4: Information Management 289Chapter 5: Private Sector Data Collection 291Chapter 6: Government and Court Access to Private SectorInformation 293Chapter 7: Workplace Privacy 294Chapter 8: State Privacy Laws 296Chapter 9: International Privacy Regulation 298Index 301
SQL Schnelleinstieg
Datenbanken abfragen und verwalten in 14 TagenMit diesem Buch gelingt Ihnen der einfache Einstieg in das Datenbankmanagement mit der Abfragesprache SQL. Alle Grundlagen werden in 14 Kapiteln leicht verständlich anhand von Beispielen erläutert.Der Autor führt Sie Schritt für Schritt in den Einsatz von SQL und die Grundlagen relationaler Datenbanken ein: von der fundamentalen Syntax und den ersten Datenbankabfragen über das Verknüpfen von Tabellen bis hin zur Datenbankerstellung und der Zugriffskontrolle.Alle Beispiele beziehen sich auf eine Beispieldatenbank, die auf der Webseite des Verlags zum Download bereitsteht, und lassen sich leicht auf eigene Anwendungsfälle übertragen. Die Besonderheiten bei der Verwendung von PostgreSQL und MySQL werden bei jedem Beispiel beschrieben.So sind Sie perfekt auf den Einsatz von SQL im professionellen Umfeld vorbereitet.Aus dem Inhalt:Alle Grundlagen einfach erläutertSQL-Syntax und Datenbank-AbfragenFiltern mit BedingungenGruppierung von Daten und AggregatfunktionenVerknüpfen von Tabellen und ErgebnissenSkalarfunktionen und UnterabfragenDatenbanken erstellen und anpassenRechteverwaltung und ZugriffskontrolleKomplexe SQL-Konzepte – Trigger, Indizes und ViewsLeseprobe (PDF-Link)Über den Autor:Erik Schönwälder arbeitet als wissenschaftlicher Mitarbeiter (Doktorand) an der Technischen Universität Dresden am Lehrstuhl für Datenbanken. Als Dozent lehrt er hauptsächlich Themen wie Datenbank-Engineering, Information Retrieval, SQL und NoSQL. Auch außerhalb der Universität unterrichtet er seine Fachgebiete online, beispielsweise bei der Heise Academy oder auf Udemy.
Helidon Revealed
This book is your comprehensive introduction to Project Helidon, Oracle’s Java-based microservices framework for building cloud-native applications. The book introduces the two flavors of Helidon—Helidon SE and Helidon MP—and shows how to quickly build applications with each one.The book begins by placing the Helidon framework in context and explaining the MicroProfile and Jakarta EE specifications that underlie the building of microservices-based applications. From there, you will learn about the individual components of Helidon SE and Helidon MP, and you will see examples of building applications for both flavors, and for MicroProfile and Jakarta EE. Finally, the book shows how to convert Helidon applications from Java bytecode into native binaries for instant application startup and peak performance.WHAT YOU WILL LEARN* Choose correctly between Helidon SE and Helidon MP* Create starter applications using the Helidon SE and Helidon MP quick starts* Create server and client applications with Helidon SE components* Create a microservices-based application with the MicroProfile specifications* Create a database application with the Jakarta NoSQL specificationWHO THIS BOOK IS FORJava developers who create microservices applications; those interested in building such applications using the Helidon framework; and developers of microservices applications who want functionality such as native-image support through GraalVM, compatibility with MicroProfile, easy connectivity to database engines, and support for reactive development patternsMICHAEL REDLICH has been an active member within the Java community for the past 25 years. He founded the Garden State Java User Group in 2001 that remains in continuous operation. Since May 2016, Mike has served as a Java community news editor for InfoQ where his contributions include news items, technical articles and technical reviews for external authors. He has been the lead Java Queue Editor since July 2021. Mike was named a Java Champion in April 2023.Mike has presented at venues such as Oracle Code One, JCON, Emerging Technologies for the Enterprise, Trenton Computer Festival (TCF), TCF IT Professional Conference, and numerous Java User Groups. Mike serves as a committer on the Jakarta NoSQL and Jakarta Data specifications, and participates on the leadership council of the Jakarta EE AmbassadorsMike recently retired from ExxonMobil Technology & Engineering in Clinton, New Jersey with 33½ years of service. His experience included developing custom scientific laboratory applications, web applications, chemometrics, polymer physics, infrared spectroscopy and automotive testing. He also has experience as a Technical Support Engineer at Ai-Logix, Inc. (now AudioCodes) where he provided technical support and developed telephony applications for customers.Mike makes his home in Flemington, New Jersey with his lovely wife, Rowena, where they spend quality time cycling and traveling to New Orleans, Louisiana and Newport, Rhode Island throughout the year.PART I. GETTING STARTED.- 1. Introduction to Project Helidon.- 2. The MicroProfile Specification.- 3. The Jakarta EE Specifications.- PART II. HELIDON SE.- 4. Generating a Project with Helidon SE.- 5. Helidon Web Server.- 6. Helidon Web Client.- 7. Helidon Config.- 8. Helidon DB Client.- 9. Helidon Security.- PART III. HELIDON MP.- 10. Generating a Project with Helidon MP.- 11. Helidon Metrics.- 12. Helidon Fault Tolerance.- 13. Helidon Health Checks.- Appendix A. MicroProfile Release History.- Appendix B. The Jakarta EE Specifications.- Appendix C. Helidon Reactive Web Server.
CISA Certified Information Systems Auditor Study Guide
PREPARE FOR SUCCESS ON THE 2024 CISA EXAM AND FURTHER YOUR CAREER IN SECURITY AND AUDIT WITH THIS EFFECTIVE STUDY GUIDEThe CISA Certified Information Systems Auditor Study Guide: Covers 2024-2029 Exam Objectives provides comprehensive and accessible test preparation material for the updated CISA exam, which now consists of 150 questions testing knowledge and ability on real-life job practices leveraged by expert professionals.You'll efficiently and effectively prepare for the exam with online practice tests and flashcards as well as a digital glossary. The concise and easy-to-follow instruction contained in the 2024-2029 CISA Study Guide covers every aspect of the exam. This study guide helps readers prepare for questions across the five domains on the test: Information System Auditing Process; Governance and Management of IT; Information Systems Acquisition, Development, and Implementation; Information Systems Operation and Business Resilience; and Protection of Information Assets.This study guide shows readers how to:* Understand principles, best practices, and pitfalls of cybersecurity, which is now prevalent in virtually every information systems role* Protect and control information systems and offer conclusions on the state of an organization's IS/IT security, risk, and control solutions* Identify critical issues and recommend enterprise-specific practices to support and safeguard the governance of information and related technologies* Prove not only competency in IT controls, but also an understanding of how IT relates to business* Includes 1 year free access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questionsThe CISA Certified Systems Auditor Study Guide: Covers 2024-2029 Exam Objectives is an essential learning resource for all students and professionals preparing for the 2024 version of the CISA exam from ISACA.ABOUT THE AUTHORSPETER H. GREGORY, CISA, CISSP, is a career technologist and cybersecurity leader. He is the Senior Director of GRC at GCI Communications, where he leads security policy, control frameworks, business continuity, third-party risk management, privacy, information and AI governance, and law enforcement wiretaps. MIKE CHAPPLE, PHD, CISA, CISSP, is a teaching professor of IT, analytics, and operations at the University of Notre Dame. He is a cybersecurity professional and educator with over 25 years experience including as chief information officer of Brand Institute and an information security researcher with the National Security Agency and the U.S. Air Force. Mike is the author of more than 200 books and video courses and provides cybersecurity certification resources at CertMike.com. Introduction xxiiiAssessment Test xxxvCHAPTER 1 IT GOVERNANCE AND MANAGEMENT 1IT Governance Practices for Executives and Boards of Directors 3IT Strategic Planning 10Policies, Processes, Procedures, and Standards 12Risk Management 23IT Management Practices 39Organization Structure and Responsibilities 62Maintaining an Existing Program 72Auditing IT Governance 75Summary 80Exam Essentials 81Review Questions 83CHAPTER 2 THE AUDIT PROCESS 87Audit Management 89ISACA Auditing Standards 99Risk Analysis 108Controls 115Performing an Audit 121Control Self-Assessment 144Implementation of Audit Recommendations 147Audit Quality Assurance 148Summary 148Exam Essentials 150Review Questions 152CHAPTER 3 IT LIFE CYCLE MANAGEMENT 157Benefits Realization 159Project Management 165Systems Development Methodologies 191Infrastructure Development and Deployment 230Maintaining Information Systems 234Business Processes 237Managing Third Parties 244Application Controls 247Auditing the Systems Development Life Cycle 253Auditing Business Controls 258Auditing Application Controls 258Auditing Third-Party Risk Management 261Summary 262Exam Essentials 264Review Questions 266CHAPTER 4 IT SERVICE MANAGEMENT 271Information Systems Operations 273Systems Performance Management 274Problem and Incident Management 277Change, Configuration, Release, and Patch Management 279Operational Log Management 286IT Service Level Management 288Database Management Systems 290Data Management and Governance 294Other IT Service Management Topics 295Auditing IT Service Management and Operations 297Summary 301Exam Essentials 302Review Questions 304CHAPTER 5 IT INFRASTRUCTURE 309Information Systems Hardware 310Information Systems Architecture and Software 324Network Infrastructure 330Asset Inventory and Classification 386Job Scheduling and Production Process Automation 390System Interfaces 391End-User Computing 392Auditing IT Infrastructure 393Summary 398Exam Essentials 399Review Questions 401CHAPTER 6 BUSINESS CONTINUITY AND DISASTER RECOVERY 405Business Resilience 406Incident Response Communications 473Auditing Business Continuity Planning 475Auditing Disaster Recovery Planning 479Summary 484Exam Essentials 485Review Questions 487CHAPTER 7 INFORMATION SECURITY MANAGEMENT 491Information Security 493Role of the Information Security Manager 494Information Security Risks 497Building an Information Security Strategy 501Implementing Security Controls 505Endpoint Security 507Network Security Controls 511Cloud Computing Security 519Cryptography 528Exploring Cybersecurity Threats 539Privacy 545Security Awareness and Training 548Security Incident Response 550Auditing Information Security Controls 554Summary 559Exam Essentials 560Review Questions 563CHAPTER 8 IDENTITY AND ACCESS MANAGEMENT 567Logical Access Controls 568Third-party Access Management 587Environmental Controls 592Physical Security Controls 599Human Resources Security 602Auditing Access Controls 606Summary 616Exam Essentials 617Review Questions 619CHAPTER 9 CONDUCTING A PROFESSIONAL AUDIT 623Understanding the Audit Cycle 624How the IS Audit Cycle Is Discussed 625Overview of the IS Audit Cycle 627Summary 699APPENDIX A POPULAR METHODOLOGIES, FRAMEWORKS, AND GUIDANCE 701Common Terms and Concepts 702Frameworks, Methodologies, and Guidance 710Notes 738References 738APPENDIX B ANSWERS TO REVIEW QUESTIONS 741Chapter 1: IT Governance and Management 742Chapter 2: The Audit Process 744Chapter 3: IT Life Cycle Management 746Chapter 4: IT Service Management 748Chapter 5: IT Infrastructure 749Chapter 6: Business Continuity and Disaster Recovery 750Chapter 7: Information Security Management 752Chapter 8: Identity and Access Management 754Index 759
Mastering VMware Cloud Disaster Recovery and Ransomware Resilience
Examine the complexities of detecting ransomware and the potential rocky road to recover after it has infected a system environment. This book addresses the topic of Disaster and Ransomware Recovery in the VMware Cloud.You’ll start by examining the challenge of implementing a robust disaster recovery solution, and how to address it through a Disaster Recovery-as-a-service (DRaaS) approach. The book then introduces the basics of the VMware Live Cyber Recovery solution and how it is fully integrated with VMware Cloud on AWS to offer an easy-to-use SaaS-based solution with a pay-as-you-go model for a faster recovery at a very low TCO. It also provides a technical deep dive into VMware Live Cyber Recovery architecture by detailing the features and capabilities of the solution including the concepts of Protected Sites, Protection Groups, Disaster Recovery Plans, and Failover testing.In subsequent chapters, you’ll review in depth the Ransomware recovery case where you will learn more on the impact of Ransomware on IT organizations and how to address ransomware recovery. Finally, you’ll take a deep dive into the technical architecture and features of the VMware Live Cyber Recovery Ransomware recovery capabilities, and how it can address ransomware threats with a very flexible, on-demand and easy-to-use SaaS delivery model with cloud economics. _Mastering VMware Cloud Disaster Recovery and Ransomware Resilience_ provides you with the best practices on how to recover from ransomware.WHAT YOU’LL LEARN* Review the different concepts of VMware Live Cyber Recovery* Understand the complexity of ransomware attacks and how it can impact your business.* Recover data after a ransomware attack* Implement a ransomware recovery solution.WHO THIS BOOK IS FORIT managers, IT architects, Cloud architects, network engineers, security officers, backup administrators, and infrastructure managersCHRISTOPHE LOMBARD is an IT Architect with 26 years of experience in designing and delivering complex solutions in both consultative and technical leadership with a specific focus on Cloud and IT Transformation. He has worked within large organizations like NEC, CSC, EMC, DELL, and more recently in a startup called Cloudreach. He has helped dozens of IT professionals and organizations achieve their business objectives through business and consultative engagements. During his career, he has served as a Network engineer, project manager, consultant and cloud architect.He started developing his knowledge in VMware in 2005 and his cloud expertise in 2015. He is passionate about the development of innovation in companies using new technologies: cloud, IaaS, infrastructure as code, microservices, and big data. His two areas of expertise opened a door for him at VMware in 2020 during the pandemic.As a Lead Cloud Solution Architect, Christophe helpsdrive VMware Cloud on AWS and VMware Cloud Disaster Recovery products adoption with key customers. He loves to learn, to enable and to educate people including customers, partners, and colleagues on all the cloud technologies he is focused on.Christophe holds an AWS Certified Solution Architect - Associate certification and has following VMware certifications: VMware Cloud (VCP-VMC) 2022, VCP & VCAP DCV, VCP & VCAP - Design NV 2021, and is vExpert 2021/2022/2023. Christophe also promotes and shares his knowledge on VMware technology and cloud solutions on his blog: vminded.com.In his spare time, he enjoys working on his creative pursuits such as photography. Find Christophe at linkedin.com/in/lombardchristopheChapter 1: Introduction-Disaster Recovery Context.- Chapter 2: Understanding VMware Live Cyber Recovery.- Chapter 3: Ransomware Threat and Recovery Strategies.
Meshtastic
Eigene Funknetze aufbauen mit LoRa, im heise shop als E-Book erhältlich.Mit der Funktechnologie LoRa als Basis können Sie drahtlose Maker-Projekte realisieren. So weit, so gut: Aber was ist, wenn Sie ein ganzes Netzwerk für den stabilen, dezentralen Austausch von Daten brauchen? Mit Meshtastic bauen Sie sowohl öffentliche als auch lokale Netze auf und sind unabhängig vom Handynetz und Kabelverbindungen. Im Batteriebetrieb oder mit Solarzellen funken Sie off-the-grid und erreichen echt Autarkie, wenn Sie Daten zuverlässig teilen müssen. Wie das geht, zeigt Ihnen Claus Kühnel in dieser Einführung. Aus dem Inhalt: Lokale IoT-Netze aufbauenMikrocontroller für MeshtasticFirmware aufspielen und Geräte konfigurierenEin Meshtastic-Netzwerk aufbauenVerbindungen ins InternetAnwendungstestsSpannungsversorgung mit Batterien und SolarOptimierung der FunkverbindungenBauliche GegebenheitenNetiquette und Traffic Observer
IAPP CIPP / US Certified Information Privacy Professional Study Guide
PREPARE FOR SUCCESS ON THE IAPP CIPP/US EXAM AND FURTHER YOUR CAREER IN PRIVACY WITH THIS EFFECTIVE STUDY GUIDE - NOW INCLUDES A DOWNLOADABLE SUPPLEMENT TO GET YOU UP TO DATE ON THE CURRENT CIPP EXAM FOR 2024-2025!Information privacy has become a critical and central concern for small and large businesses across the United States. At the same time, the demand for talented professionals able to navigate the increasingly complex web of legislation and regulation regarding privacy continues to increase. Written from the ground up to prepare you for the United States version of the Certified Information Privacy Professional (CIPP) exam, Sybex's IAPP CIPP/US Certified Information Privacy Professional Study Guide also readies you for success in the rapidly growing privacy field. You'll efficiently and effectively prepare for the exam with online practice tests and flashcards as well as a digital glossary. The concise and easy-to-follow instruction contained in the IAPP/CIPP Study Guide covers every aspect of the CIPP/US exam, including the legal environment, regulatory enforcement, information management, private sector data collection, law enforcement and national security, workplace privacy and state privacy law, and international privacy regulation.* Provides the information you need to gain a unique and sought-after certification that allows you to fully understand the privacy framework in the US* Fully updated to prepare you to advise organizations on the current legal limits of public and private sector data collection and use* Includes 1 year free access to the Sybex online learning center, with chapter review questions, full-length practice exams, hundreds of electronic flashcards, and a glossary of key terms, all supported by Wiley's support agents who are available 24x7 via email or live chat to assist with access and login questionsPerfect for anyone considering a career in privacy or preparing to tackle the challenging IAPP CIPP exam as the next step to advance an existing privacy role, the IAPP CIPP/US Certified Information Privacy Professional Study Guide offers you an invaluable head start for success on the exam and in your career as an in-demand privacy professional. ABOUT THE AUTHORSMIKE CHAPPLE, PHD, CIPP/US, is Teaching Professor of Information Technology, Analytics, and Operations at Notre Dame’s Mendoza College of Business. He is the bestselling author of over 25 technical books. He is also the Academic Director of the University’s Master of Science in Business Analytics program. JOE SHELLEY, CIPP/US, is the Vice President for Libraries and Information Technology at Hamilton College in New York. He oversees the information security and privacy programs, IT risk management, business intelligence and analytics, and data governance. ContentsIntroduction xixAssessment Test xxixChapter 1 Privacy in the Modern Era 1Introduction to Privacy 2What Is Privacy? 3What Is Personal Information? 4What Isn’t Personal Information? 5Why Should We Care About Privacy? 7Generally Accepted Privacy Principles 8Management 9Notice 9Choice and Consent 10Collection 10Use, Retention, and Disposal 11Access 11Disclosure to Third Parties 12Security for Privacy 12Quality 14Monitoring and Enforcement 14Developing a Privacy Program 15Crafting Strategy, Goals, and Objectives 15Appointing a Privacy Official 16Privacy Roles 17Building Inventories 18Conducting a Privacy Assessment 18Implementing Privacy Controls 20Ongoing Operation and Monitoring 20Online Privacy 20Privacy Notices 21Privacy and Cybersecurity 21Cybersecurity Goals 22Relationship Between Privacy and Cybersecurity 23Privacy by Design 24Summary 25Exam Essentials 25Review Questions 27Chapter 2 Legal Environment 31Branches of Government 32Legislative Branch 32Executive Branch 33Judicial Branch 34Understanding Laws 36Sources of Law 36Analyzing a Law 41Legal Concepts 43Legal Liability 44Torts and Negligence 45Summary 46Exam Essentials 46Review Questions 48Chapter 3 Regulatory Enforcement 53Federal Regulatory Authorities 54Federal Trade Commission 54Federal Communications Commission 60Department of Commerce 61Department of Health and Human Services 61Banking Regulators 62Department of Education 63State Regulatory Authorities 63Self-Regulatory Programs 64Payment Card Industry 65Advertising 65Trust Marks 66Safe Harbors 66Summary 67Exam Essentials 68Review Questions 69Chapter 4 Information Management 73Data Governance 74Building a Data Inventory 74Data Classification 75Data Flow Mapping 77Data Lifecycle Management 78Workforce Training 79Cybersecurity Threats 80Threat Actors 81Incident Response 86Phases of Incident Response 86Preparation 87Detection and Analysis 88Containment, Eradication, and Recovery 88Post-incident Activity 88Building an Incident Response Plan 90Data Breach Notification 92Vendor Management 93Summary 94Exam Essentials 95Review Questions 97Chapter 5 Private Sector Data Collection 101FTC Privacy Protection 103General FTC Privacy Protection 103The Children’s Online Privacy Protection Act (COPPA) 104Future of Federal Enforcement 107Medical Privacy 110The Health Insurance Portability and AccountabilityAct (HIPAA) 111The Health Information Technology for Economic andClinical Health Act 119The 21st Century Cures Act 120Confidentiality of Substance Use Disorder PatientRecords Rule 121Financial Privacy 122Privacy in Credit Reporting 122Gramm–Leach–Bliley Act (GLBA) 125Red Flags Rule 129Consumer Financial Protection Bureau 130Educational Privacy 131Family Educational Rights and Privacy Act (FERPA) 131Telecommunications and Marketing Privacy 132Telephone Consumer Protection Act (TCPA) andTelemarketing Sales Rule (TSR) 133The Junk Fax Prevention Act (JFPA) 136Controlling the Assault of Non-solicited Pornographyand Marketing (CAN-SPAM) Act 136Telecommunications Act and Customer ProprietaryNetwork Information 138Cable Communications Policy Act 139Video Privacy Protection Act (VPPA) of 1988 140Driver’s Privacy Protection Act (DPPA) 141Digital Advertising and Data Ethics 142Web Scraping 143Summary 143Exam Essentials 144Review Questions 146Chapter 6 Government and Court Access to Private SectorInformation 151Law Enforcement and Privacy 152Access to Financial Data 153Access to Communications 157National Security and Privacy 162Foreign Intelligence Surveillance Act (FISA) of 1978 162FISA Amendments Act Section 702 164USA-PATRIOT Act 165The USA Freedom Act of 2015 167The Cybersecurity Information Sharing Act of 2015 168Civil Litigation and Privacy 169Compelled Disclosure of Media Information 170Electronic Discovery 171Summary 173Exam Essentials 173Review Questions 175Chapter 7 Workplace Privacy 179Introduction to Workplace Privacy 180Workplace Privacy Concepts 180U.S. Agencies Regulating Workplace Privacy Issues 181U.S. Antidiscrimination Laws 182Privacy Before, During, and After Employment 185Automated Employment Decision Tools 186Employee Background Screening 186Employee Monitoring 190Investigation of Employee Misconduct 194Termination of the Employment Relationship 196Summary 197Exam Essentials 198Review Questions 200Chapter 8 State Privacy Laws 205Federal vs. State Authority 206Elements of State Privacy Laws 207Applicability 207Data Subject Rights 208Privacy Notice Requirements 209Data Protection 209Enforcement 211Data Breach Notification 212Elements of State Data Breach Notification Laws 212Key Differences Among States 214Significant Developments 215Other Recent Updates to State Breach Notification Laws 218Comprehensive State Privacy Laws 220California Consumer Privacy Act (2018) andCalifornia Privacy Rights Act (2020) 220Virginia Consumer Data Protection Act 223Colorado Privacy Act 226Connecticut Data Privacy Act 229Utah 231Florida 232Oregon 234Texas 237Montana 239Subject-Specific State Privacy Laws 241Health and Genetic Information 241Online Privacy 243Biometric Information Privacy Regulations 247AI and Automated Decision-Making 249Data Brokers 250Financial Privacy 251California Financial Information Privacy Act 252Recent Developments 253Marketing Laws 254Summary 255Exam Essentials 256Review Questions 258Chapter 9 International Privacy Regulation 263International Data Transfers 264European Union General Data Protection Regulation 265Adequacy Decisions 268Binding Corporate Rules 272Standard Contractual Clauses 273Other Approved Transfer Mechanisms 273APEC Privacy Framework 274Cross-Border Enforcement Issues 276Global Privacy Enforcement Network 276Resolving Multinational Compliance Conflicts 276Summary 277Exam Essentials 277Review Questions 279Appendix Answers to Review Questions 283Chapter 1: Privacy in the Modern Era 284Chapter 2: Legal Environment 285Chapter 3: Regulatory Enforcement 287Chapter 4: Information Management 289Chapter 5: Private Sector Data Collection 291Chapter 6: Government and Court Access to Private SectorInformation 293Chapter 7: Workplace Privacy 294Chapter 8: State Privacy Laws 296Chapter 9: International Privacy Regulation 298Index 301
DevOps Simplified: Zero-Maintenance Strategies for AWS EKS
Gain the knowledge and practical skills needed to deploy a fully functional, secure, and scalable application in AWS EKS. This book is a hands-on guide designed to help you navigate and manage infrastructure in the AWS EKS environment.The book starts by reviewing the concept of DevOps flexibility, emphasizing adaptability to manage changes effectively. It covers foundational elements like IAM basics, user management, and the use of Terraform for infrastructure as code, highlighting the importance of version stability and unique CIDR blocks. Moving forward, you’ll explore Kubernetes, and its initial set-up steps, such as configuration management, access control, and storage. You’ll also see how to bridge Kubernetes with AWS resources, touching upon service accounts, identity federation, and policy assignment.In the final chapters, the book guides you through the complete setup of a fully working application using Terraform. The book culminates with a step-by-step walkthrough of deploying a complete application environment where you’ll generate and distribute access credentials, configure persistent storage, and manage RBAC for users, all using Terraform._Zero-Maintenance Strategies for AWS EKS_ will provide you with a solid foundation and a toolkit of proven strategies for managing cloud infrastructure.WHAT YOU WILL LEARN* Understand the concept of DevOps flexibility and its practical applications* Acquire foundational knowledge in IAM basics and user management.* Manage external access to your applications while consolidating load balancing through a single, entry point.* Securely configure DNS and SSL, ensuring your application is both accessible and protected.WHO THIS BOOK IS FORDevOps professionals, IT managers, and software developers who are looking to adopt or improve their DevOps practices, and students and educators in IT-related fields.Dmytro Kozhevin is an accomplished DevOps Engineer and Educator with over 18 years of experience, now channeling his expertise into building a DevOps practicing platform. His professional journey has been marked by a commitment to innovation and excellence in DevOps, particularly within cloud environments like AWS. He aims to demystify complex DevOps challenges and present accessible, scalable solutions. Dmytro is currently employed with Luxoft in Ukraine as a DevOps Trainer specializing in CI/CD, Kubernetes, and cloud infrastructure, focusing on AWS EKS.Chapter 1: Setting Our Sights.- Chapter 2: Starting from Scratch.- Chapter 3: Building the Infrastructure Base.- Chapter 4: Sculpting Kubernetes: The Initial Steps.- Chapter 5: Bridging Kubernetes and AWS Resources.- Chapter 6. The Structure of Application.- Chapter 7. Be a Good Kubernetes Citizen.- Chapter 8: The Intricacies of Helm.- Chapter 9: Choosing the Right CI/CD Platform.- Chapter 10: Wrapping Up.
Redefining Cross-Border Financial Flows
Analyse how AI and other cutting-edge technologies affect the complex web of international financial transactions. The global remittance sector and artificial intelligence (AI) work together in a way that is testament to the revolutionary force of innovation in the always changing financial and technology landscape. As we stand at the threshold of a new age, this book aims to explore the layers of complexity underlying the confluence of AI and remittances.Your investigation will go beyond the current state of affairs and into the future, whereby predictive analytics and autonomous financial transactions will fundamentally alter the way that we send and receive money internationally. This process's incorporation of AI technology represents a revolution rather than a simple progression, one that might improve millions of people's lives by streamlining, securing, and lowering the cost of financial transactions. This book breaks down the complex workings of AI prediction models, reveals how blockchain integration may be used to facilitate safe and transparent transactions, and examines how biometric authentication can strengthen the security of financial transactions. It dives into the complexities of regulatory compliance, understanding the difficult balance between innovation and conformity to existing standards.When machines carry out transactions based on complex algorithms and current market circumstances, what does it entail for people and economies? What effect does this change have on how people make financial decisions? This book is an invitation to imagine a future in which financial systems are not just efficient but also naturally intelligent. It is a call to reflect on the moral ramifications, the effects on society, and the obligations that accompany the dawn of a new era of financial opportunity. Remittances are about to undergo a revolution, and you have a crucial role to play in determining how this will play out.WHAT YOU’LL LEARN* Understand the integration of AI and other technology in remittances to enhance efficiency, security, and cost-effectiveness of cross-border financial transactions.* Examine the impact of AI-driven cross border flows on global economic development, particularly in communities heavily reliant on remittances.* Investigate the social benefits and potential challenges posed by AI in maintaining or altering familial and community ties through remittance flows* Critically evaluate regulatory and ethical challenges while fostering innovation and adhering to existing financial laws and standards.* Explore future scenarios where AI governs autonomous financial transactions and the role of humans in an AI-driven financial ecosystem.* Debate how such changes might redefine personal and communal financial interactions.WHO THIS BOOK IS FORFinTech practitioners, Finance students, professionals in working in Payments and/or RemittancesHari Prasad Josyula is a FinTech product transformation expert with over 15 years’ experience in delivering innovative customer-centric solutions. He is currently product analyst at Dow Jones. He is a functional solution architect across banking, asset and wealth management, financial services, regulatory compliance and reporting, logistics and supply chains. He is also a certified scrum product owner, ITIL service manager, and scrum master with a strong background in data analytics, business analysis, and agile methodologies.His research interests including artificial intelligence (AI) in banking (anti-money laundering, fraud and risk management), generative AI for operational efficiency in financial services, open banking, blockchain and cryptocurrencies, central bank digital currencies. Embedded payments, programmable payments, financial risk management, product, program and portfolio management.Josyula has a MBA in Finance from Suffolk University, Boston, MA and a MS in Physical Sciences from Andhra University, India.www.linkedin.com/in/harijscholar.google.com/citations?user=n88bVlgAAAAJ&hl=enwww.researchgate.net/profile/Hari-Prasad-JosyulaChapter 1: Remittance Revolution.- Chapter 2: Understanding Remittance Challenges.- Chapter 3: The Role of AI in Financial Technology.- Chapter 4: Innovations in Remittance Platforms.- Chapter 5: Enhancing Security and Compliance.- Chapter 6: Impact on Financial Inclusion.- Chapter 7: AI and Cryptocurrencies in Remittances.- Chapter 8: Overcoming Ethical and Social Challenges.- Chapter 9: AI-Powered Market Insights and Global Remittance Trends.- Chapter 10: Future Trends and Predictions.- Chapter 11: Recommendations and Strategies.- Chapter 12: Conclusion.
Learning VMware Workstation Pro for Windows: Volume 2
VMware Workstation is a software solution that provides a type-2 hypervisor, or desktop hypervisor, that runs on x64 Windows and Linux-based operating systems. It enables users to create and run virtual machines, containers, and Kubernetes clusters simultaneously on their physical devices without having to reformat or dual-boot the underlying device. There are several use cases for VMware Workstation. For IT pros, it allows them to test applications and operating system builds, as well as enable remote control of vSphere datacenter infrastructure. Developers can run multiple different operating systems or different versions of operating systems on a single device giving them the platform flexibility to test, develop, and troubleshoot applications cost-effectively. Finally, for the greater workforce, VMware Workstation can enable BYOD device initiatives allowing employees to run a full corporate environment on their device without deleting or reformatting it. Learning VMware Workstation Pro for Windows – Part 2 provides the reader with a practical, step-by-step guide to creating and managing virtual machines using VMware Workstation, starting with an overview of hypervisors and desktop hypervisors. Next, it talks about each resource, such as CPU, memory, and networking, and how these are configured in a virtual environment. After that, it demonstrates the installation of VMware Workstation, configuration, and then building and managing different virtual machines running on different operating systems such as ChromeOS, and Linux, and building an ESXi lab environment. Towards the end, readers will learn how to use command line tools, such as the REST API, and vmrun, before going on to discuss upgrading and troubleshooting your VMware Workstation environment. By the end of this book, readers will have full knowledge of VMware Workstation Pro. This book is a continuation of " Learning VMware Workstation Pro for Windows – Part 1 " where readers learn how to build and manage different virtual machines running on different operating systems and build an ESXi lab environment with VMware Workstation. You Will: * Learn how to run containers on a VMware workstation * Understand how to use the command line to configure and control Workstation Pro and virtual machines * Practice the use of REST API for Workstation Pro VMware Workstation is a software solution that provides a type-2 hypervisor, or desktop hypervisor, that runs on x64 Windows and Linux-based operating systems. It enables users to create and run virtual machines, containers, and Kubernetes clusters simultaneously on their physical devices without having to reformat or dual-boot the underlying device. There are several use cases for VMware Workstation. For IT pros, it allows them to test applications and operating system builds, as well as enable remote control of vSphere datacenter infrastructure. Developers can run multiple different operating systems or different versions of operating systems on a single device giving them the platform flexibility to test, develop, and troubleshoot applications cost-effectively. Finally, for the greater workforce, VMware Workstation can enable BYOD device initiatives allowing employees to run a full corporate environment on their device without deleting or reformatting it. Learning VMware Workstation Pro for Windows – Part 2 provides the reader with a practical, step-by-step guide to creating and managing virtual machines using VMware Workstation, starting with an overview of hypervisors and desktop hypervisors. Next, it talks about each resource, such as CPU, memory, and networking, and how these are configured in a virtual environment. After that, it demonstrates the installation of VMware Workstation, configuration, and then building and managing different virtual machines running on different operating systems such as ChromeOS, and Linux, and building an ESXi lab environment. Towards the end, readers will learn how to use command line tools, such as the REST API, and vmrun, before going on to discuss upgrading and troubleshooting your VMware Workstation environment. By the end of this book, readers will have full knowledge of VMware Workstation Pro. This book is a continuation of " Learning VMware Workstation Pro for Windows – Part 1 " where readers learn how to build and manage different virtual machines running on different operating systems and build an ESXi lab environment with VMware Workstation. You Will: * Learn how to run containers on a VMware workstation * Understand how to use the command line to configure and control Workstation Pro and virtual machines * Practice the use of REST API for Workstation Pro This book is for: Developers, IT professionals, VMware certified professionals both remote and Bring your device (BYOD). Peter von Oven is an experienced technical consultant working closely with customers, partners, and vendors in designing technology solutions, to meet business needs and deliver outcomes. During his career, Peter has presented at key IT events such as VMworld, IP EXPO, and various VMUGs and CCUG events across the UK. He has also worked in senior presales roles and presales management roles for Fujitsu, HP, Citrix, and VMware, and has been awarded VMware vExpert for the last nine years in a row and vExpert EUC for the last three consecutive years. In 2021, Peter added the vExpert Desktop Hypervisor award to his portfolio of awards. In 2016, Peter founded his own company specializing in application delivery. Today he works with partners and vendors helping drive and deliver innovative technology solutions. He is also an avid author, having now written 19 books and made numerous videos about VMware end-user computing solutions. In his spare time, Peter volunteers as a STEM Ambassador, working with schools and colleges, helping the next generation develop the skills and confidence in building careers in technology. He is also a serving Royal Air Force Reservist currently working as an instructor with the Air Cadet organization. Chapter 1: Working with containers.- Chapter 2: Working with the command line.- Chapter 3: Using the vmrun Command to Control Virtual Machines.- Chapter 4: RESTAPI.- Chapter 5: Support and Troubleshooting.- Chapter 6: Workstation Player.- Chapter 7: Installing additional operating systems.- Chapter 8: Unattended installation.- Chapter 9: What's New?.
Kryptografie lernen und anwenden mit CrypTool und SageMath
Kryptografie: Die unsichtbare Macht hinter unserer digitalen WeltSeit Jahrhunderten schützen Könige, Feldherren und Geheimdienste ihre Nachrichten durch Kryptografie. Heute sichert sie den Alltag von uns allen – ob in Browsern, Smartphones, Herzschrittmachern, Bankautomaten, Autos oder der Cloud – unsichtbar, aber unverzichtbar.Dieses Buch bietet eine umfassende und aktuelle Einführung in Kryptografie und Kryptoanalyse. Es beleuchtet sowohl die wissenschaftlichen Grundlagen als auch praxisrelevante Anwendungen (Risikomanagement, Empfehlungen BSI und NIST).Kostenlose Open-Source Lern-Software wie CrypTool wird benutzt, um auch komplexe Themen greifbar und spielerisch-interaktiv erfahrbar zu machen. Viele Aussagen werden anhand von lauffähigen SageMath-Beispielen durchgerechnet. Diese einzigartige Kombination macht das Buch besonders wertvoll. Die Themen wurden gemeinsam mit Experten entwickelt und erscheinen erstmals in dieser Form auf Deutsch.Für historisch Interessierte, autodidaktisch Lernende, Studierende und Lehrende, aber auch Praktiker bietet dieses Werk einen besonderen Zugang zur Welt der Kryptografie.Leseprobe (Link zu lehmanns.de)»Das Gebiet der Kryptografie ist so umfangreich, es könnte ganze Bibliotheken füllen. Bernhard Esslinger bringt einen Rundumschlag zu den wichtigsten Aspekten in einem dicken Buch unter – und das praxisorientiert und lehrreich.Da selbst der Platz auf den nahezu 900 Seiten des Buches begrenzt ist, schneidet der Autor ein paar Themen lediglich kurz an. Manchmal wären zusätzliche Erklärungen wünschenswert gewesen, aber das ist Meckern auf hohem Niveau. Das Buch will Nachschlagewerk, Anleitung, Lektüre und Lehrmaterial in einem sein und Esslinger schafft einen hervorragenden Balanceakt, um alle Facetten der Kryptografie zu beleuchten.«Wilhelm Drehling, c't-Redaktion in c't 16/25Zum Autor:Bernhard Esslinger, Professor für IT-Sicherheit und Kryptografie an der Universität Siegen. Schwerpunkte sind angewandte Kryptografie, Awareness und Didaktik. Freut sich, wenn Studierende sich weiterentwickeln. Betreute über 200 Bachelor- und Masterarbeiten.
Networking All-in-One For Dummies
THE ESSENTIALS YOU NEED TO LEARN ABOUT NETWORKING—10 BOOKS IN ONE!With over 900 pages of clear and trustworthy information, Networking All-in-One For Dummies is the perfect beginner's guide AND the perfect professional reference book. Small networks, large networks, business networks, cloud networks—it's all covered. Learn how to set up a network and keep it functioning, using Windows Server, Linux, and related technologies. This book also covers best practices for security, managing mobile devices, and beyond. Maybe you're just getting started with networking, or maybe you know what you're doing and need a resource with all the knowledge in one place. Either way, you've found what you need with this Dummies All-in-One* Plan a network from scratch and learn how to set up all the hardware and software you'll need* Find explanations and examples of important networking protocols* Build remote and cloud-based networks of various sizes* Administer networks with Windows Server and other versions* Secure your network with penetration testing and planning for cybersecurity incident responsesEvery network administrator needs a copy of Networking All-in-One For Dummies, the comprehensive learning resource and reliable desk reference. DOUG LOWE is the information technology director for a civil engineering firm in Clovis, California. He has been managing networks at publishing companies and nonprofits for 40 years. His 50+ technology books include more than 30 in the For Dummies series. Doug has demystified everything from memory management to client/server computing.