This book constitutes the refereed proceedings of the 20th International Conference on Information Security, ISC 2017, held in Ho Chi Minh City, Vietnam, in November 2017. The 25 revised full papers presented were carefully reviewed and selected from 97 submissions. The papers are organized in topical sections on symmetric cryptography, post-quantum cryptography, public-key cryptography, authentication, attacks, privacy, mobile security, software security, and network and system security.
Software developers need to worry about security as never before. They need clear guidance on safe coding practices, and that´s exactly what this book delivers. The book does not delve deep into theory, or rant about the politics of security. Instead, it clearly and simply lays out the most common threats that programmers need to defend against. It then shows programmers how to make their defense. The book takes a broad focus, ranging over SQL injection, worms and buffer overflows, password security, and more. It sets programmers on the path towards successfully defending against the entire gamut of security threats that they might face.
Profitieren Sie von den Erfahrungen der Autoren! Mit diesem Buch erhalten Sie das aktuelle und zuverlässige Praxiswissen zum IT-Sicherheitsmanagement in Unternehmen und Behörden - Aufbau und Inhalt des Werkes haben sich in der Aus- und Fortbildung von IT-Sicherheitsbeauftragten bewährt. Die Inventarisierung aller Informationswerte (Assets), die Formulierung von Sicherheitszielen und die Erstellung von Leitlinien und Sicherheitskonzepten werden klar und verständlich dargestellt. Anhand vieler praktischer Beispiele erfahren Sie alles über Risikoanalysen und -bewertungen sowie über wichtige Sicherheitsmaßnahmen aus den Bereichen Organisation, Recht, Personal, Infrastruktur und Technik. In der vierten Auflage wurde neben vielen Aktualisierungen und Erweiterungen (z.B. im Hinblick auf den Einsatz mobiler IT-Systeme) das Kapitel über die Inventarisierung komplett überarbeitet; als neues Kapitel wurde die Verhinderung von Datenlecks (Data Loss / Leakage Prevention) in sensiblen Organisationen aufgenommen.
Security Risk Management is the definitive guide for building or running an information security risk management program. This book teaches practical techniques that will be used on a daily basis, while also explaining the fundamentals so students understand the rationale behind these practices. It explains how to perform risk assessments for new IT projects, how to efficiently manage daily risk activities, and how to qualify the current risk level for presentation to executive level management. While other books focus entirely on risk analysis methods, this is the first comprehensive text for managing security risks. This book will help you to break free from the so-called best practices argument by articulating risk exposures in business terms. It includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment. It explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk. It also presents a roadmap for designing and implementing a security risk management program. This book will be a valuable resource for CISOs, security managers, IT managers, security consultants, IT auditors, security analysts, and students enrolled in information security/assurance college programs. Named a 2011 Best Governance and ISMS Book by InfoSec Reviews Includes case studies to provide hands-on experience using risk assessment tools to calculate the costs and benefits of any security investment Explores each phase of the risk management lifecycle, focusing on policies and assessment processes that should be used to properly assess and mitigate risk Presents a roadmap for designing and implementing a security risk management program
This book constitutes the refereed proceedings of the 10th International Conference on Information Theoretic Security, ICITS 2017, held in Hong Kong, China, in November/December 2017. The 12 full papers were carefully reviewed and selected from 42 submissions. They are organized around the following topics: quantum cryptography; quantum information theory; post-quantum cryptography (e.g. lattices and cryptography); physical layer security; wiretap channels; adversarial channel models; cryptography from noisy channels; bounded storage models; network coding security; biometric security; randomness extraction; key and message rates; secret sharing; authentication codes; multiparty computations; information theoretic reductions; and implementation challenges.
This book constitutes the refereed proceedings of the 11th Chinese Conference on Trusted Computing and Information Security, CTCIS 2017, held in Changsha, China, in September 2017. The 28 revised full papers presented were carefully reviewed and selected from 96 submissions. The papers focus on topics such as theory of trusted computing, trustworthy software; infrastructure of trusted computing, application and evaluation of trusted computing; network security and communication security; theory and technology of cryptographic techniques; information content security; system security for mobile network and IoT systems, industrial control and embedded systems; security for Cloud computing, virtualization systems and big data.
This book constitutes the post-conference proceedings of the 11th International Conference on Critical Information Infrastructures Security, CRITIS 2016, held in Paris, France, in October 2016. The 22 full papers and 8 short papers presented were carefully reviewed and selected from 58 submissions. They present the most recent innovations, trends, results, experiences and concerns in selected perspectives of critical information infrastructure protection covering the range from small-scale cyber-physical systems security via information infrastructures and their interaction with national and international infrastructures.
This book constitutes the refereed proceedings of five workshops co-located with SAFECOMP 2017, the 36th International Conference on Computer Safety, Reliability, and Security, held in Trento, Italy, in September 2017. The 38 revised full papers presented together with 5 introductory papers to each workshop, and three invited papers, were carefully reviewed and selected from 49 submissions. This year´s workshops are: ASSURE 2017 - Assurance Cases for Software-Intensive Systems; DECSoS 2017 - ERCIM/EWICS/ARTEMIS Dependable Embedded and Cyber-Physical Systems and Systems-of-Systems; SASSUR 2017 - Next Generation of System Assurance Approaches for Safety-Critical Systems; TIPS 2017 - Timing Performance in Safety Engineering; TELERISE 2017 Technical and legal Aspects of Data Privacy and Security.
This book constitutes the refereed proceedings of the 5th International Symposium on Security in Computing and Communications, SSCC 2017, held in Manipal, India, in September 2017. The 21 revised full papers presented together with 13 short papers were carefully reviewed and selected from 84 submissions. The papers focus on topics such as cryptosystems, algorithms, primitives; security and privacy in networked systems; system and network security; steganography, visual cryptography, image forensics; applications security.