Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization's unique requirements. You'll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management's quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith's extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You'll learn how to: - Replace nonstop crisis response with a systematic approach to security improvement - Understand the differences between "good" and "bad" metrics - Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk - Quantify the effectiveness of security acquisition, implementation, and other program activities - Organize, aggregate, and analyze your data to bring out key insights - Use visualization to understand and communicate security issues more clearly - Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources - Implement balanced scorecards that present compact, holistic views of organizational security effectiveness Whether you're an engineer or consultant responsible for security and reporting to management-or an executive who needs better information for decision-making-Security Metrics is the resource you have been searching for. Andrew Jaquith, program manager for Yankee Group's Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist. Foreword Preface Acknowledgments About the Author Chapter 1 Introduction: Escaping the Hamster Wheel of Pain Chapter 2 Defining Security Metrics Chapter 3 Diagnosing Problems and Measuring Technical Security Chapter 4 Measuring Program Effectiveness Chapter 5 Analysis Techniques Chapter 6 Visualization Chapter 7 Automating Metrics Calculations Chapter 8 Designing Security Scorecards Index

    The book details the major subsystems and features of the Linux kernel, including its design, implementation, and interfaces. It covers the Linux kernel with both a practical and theoretical eye, which should appeal to readers with a variety of interests and needs. The author, a core kernel developer, shares valuable knowledge and experience on the 2.6 Linux kernel. Specific topics covered include process management, scheduling, time management and timers, the system call interface, memory addressing, memory management, the page cache, the VFS, kernel synchronization, portability concerns, and debugging techniques. This book covers the most interesting features of the Linux 2.6 kernel, including the CFS scheduler, preemptive kernel, block I/O layer, and I/O schedulers. The third edition of Linux Kernel Development includes new and updated material throughout the book:An all-new chapter on kernel data structuresDetails on interrupt handlers and bottom halvesExtended coverage of virtual memory and memory allocationTips on debugging the Linux kernelIn-depth coverage of kernel synchronization and lockingUseful insight into submitting kernel patches and working with the Linux kernel community

    Adopting an approach that favors full disclosure, The Rootkit Arsenal presents the most accessible, timely, and complete coverage of rootkit technology. This book covers more topics, in greater depth, than any other currently available. In doing so the author forges through the murky back alleys of the Internet, shedding light on material that has traditionally been poorly documented, partially documented, or intentionally undocumented.The spectrum of topics covered includes how to:* Hook kernel structures on multi-processor systems* Use a kernel debugger to reverse system internals* Inject call gates to create a back door into Ring-0* Use detour patches to sidestep group policy* Modify privilege levels on Vista by altering kernel objects* Utilize bootkit technology* Defeat live incident response and post-mortem forensics* Implement code armoring to protect your deliverables* Establish covert channels using the WSK and NDIS 6.0

    The book is a complete revision of the commands section of Sobell's Practical Guide to Linux - a proven best-seller. The book is Linux distribution and release agnostic. It will appeal to users of ALL Linux distributions. Superior examples make this book the the best option on the market! System administrators, software developers, quality assurance engineers and others working on a Linux system need to work from the command line in order to be effective. Linux is famous for its huge number of command line utility programs, and the programs themselves are famous for their large numbers of options, switches, and configuration files. But the truth is that users will only use a limited (but still significant) number of these utilities on a recurring basis, and then only with a subset of the most important and useful options, switches and configuration files. This book cuts through all the noise and shows them which utilities are most useful, and which options most important. And it contains examples, lot's and lot's of examples. programmability. Utilities are designed, by default, to work wtih other utilities within shell programs as a way of automating system tasks. This book contains a superb introduction to Linux shell programming. And since shell programmers need to write their programs in text editors, this book covers the two most popular ones: vi and emacs.

    This guide also illustrates how to handle input and output, make programs perform repetitive tasks, manipulate data, hide information, use functions and build flexible, easily modifiable programs.

    Get an insider's tour of databases and client-server systems so you can understand the local customs. Then work your way up to sophisticated commands and statements, and check out the coverage of SQL-related products, such as Microsoft SQL server. You'll be able to communicate with your database like a native speaker in no time! Inside, find helpful advice on how to Get a complete overview of SQL components, such as Data Definition Language, Data Manipulation Language, and Data Control Language Use SQL to transfer and retrieve information on the Internet and intranets Uncover fundamental SQL commands and data types Extract data from many different data sources by using ODBC Master the basics of creating tables, views, schemas, and indexes for easy data access Manage databases by using SQL server Access a database over the Internet Get tips for making advanced queries

    It is also the most powerful and flexible. Unlike all other text editors, GNU Emacs is a complete working environment--you can stay within Emacs all day without leaving. Learning GNU Emacs, 3rd Edition tells readers how to get started with the GNU Emacs editor. It is a thorough guide that will also "grow" with you: as you become more proficient, this book will help you learn how to use Emacs more effectively. It takes you from basic Emacs usage (simple text editing) to moderately complicated customization and programming.The third edition of Learning GNU Emacs describes Emacs 21.3 from the ground up, including new user interface features such as an icon-based toolbar and an interactive interface to Emacs customization. A new chapter details how to install and run Emacs on Mac OS X, Windows, and Linux, including tips for using Emacs effectively on those platforms.Learning GNU Emacs, third edition, covers:How to edit files with EmacsUsing the operating system shell through EmacsHow to use multiple buffers, windows, and framesCustomizing Emacs interactively and through startup filesWriting macros to circumvent repetitious tasksEmacs as a programming environment for Java, C++, and Perl, among othersUsing Emacs as an integrated development environment (IDE)Integrating Emacs with CVS, Subversion and other change control systems for projects with multiple developersWriting HTML, XHTML, and XML with EmacsThe basics of Emacs LispThe book is aimed at new Emacs users, whether or not they are programmers. Also useful for readers switching from other Emacs implementations to GNU Emacs.

    Not only will you learn about the enterprise class features in the 9.2 release, you’ll also discover that PostgeSQL is more than just a database system—it’s also an impressive application platform.With numerous examples throughout this book, you’ll learn how to achieve tasks that are difficult or impossible in other databases. If you’re an existing PostgreSQL user, you’ll pick up gems you may have missed along the way.Learn basic administration tasks, such as role management, database creation, backup, and restoreApply the psql command-line utility and the pgAdmin graphical administration toolExplore PostgreSQL tables, constraints, and indexesLearn powerful SQL constructs not generally found in other databasesUse several different languages to write database functionsTune your queries to run as fast as your hardware will allowQuery external and variegated data sources with Foreign Data WrappersLearn how to replicate data, using built-in replication features

    Everybody wants to learn them. You're not a programmer though. How is a non technical user going to learn how to program? You do want to use macros to make your work easier but are you really going to sit down with a huge programming textbook and work your way through every. single. boring. page? Like most people, you'll start with great enthusiasm and vigor but after a few chapters, the novelty wears off. It gets boring. I'm going to try and change that and make learning macro programming entertaining and accessible to non-techies. First of all, programming Excel macros is a huge topic. Let's eat the elephant one bite at a time. Instead of sitting down with a dry, heavy text, you will read very focused, to the point topics. You can then immediately use what you learned in the real world. This is the first lesson in the series. You will learn what macros are, how to access them, a tiny bit of programming theory (just so you have a clue as to what's going on) and how to record macros. As with all my other lessons, this one has a follow along workbook that you can use to work through the exercises. The images in the lessons are based on Excel 2013 for Windows.

    Open Source has grabbed the computer industry's attention. Netscape has opened the source code to Mozilla; IBM supports Apache; major database vendors haved ported their products to Linux. As enterprises realize the power of the open-source development model, Open Source is becoming a viable mainstream alternative to commercial software.Now in Open Sources, leaders of Open Source come together for the first time to discuss the new vision of the software industry they have created. The essays in this volume offer insight into how the Open Source movement works, why it succeeds, and where it is going.For programmers who have labored on open-source projects, Open Sources is the new gospel: a powerful vision from the movement's spiritual leaders. For businesses integrating open-source software into their enterprise, Open Sources reveals the mysteries of how open development builds better software, and how businesses can leverage freely available software for a competitive business advantage.The contributors here have been the leaders in the open-source arena:Brian Behlendorf (Apache) Kirk McKusick (Berkeley Unix) Tim O'Reilly (Publisher, O'Reilly & Associates) Bruce Perens (Debian Project, Open Source Initiative) Tom Paquin and Jim Hamerly (mozilla.org, Netscape) Eric Raymond (Open Source Initiative) Richard Stallman (GNU, Free Software Foundation, Emacs) Michael Tiemann (Cygnus Solutions) Linus Torvalds (Linux) Paul Vixie (Bind) Larry Wall (Perl) This book explains why the majority of the Internet's servers use open- source technologies for everything from the operating system to Web serving and email. Key technology products developed with open-source software have overtaken and surpassed the commercial efforts of billion dollar companies like Microsoft and IBM to dominate software markets. Learn the inside story of what led Netscape to decide to release its source code using the open-source mode. Learn how Cygnus Solutions builds the world's best compilers by sharing the source code. Learn why venture capitalists are eagerly watching Red Hat Software, a company that gives its key product -- Linux -- away.For the first time in print, this book presents the story of the open- source phenomenon told by the people who created this movement.Open Sources will bring you into the world of free software and show you the revolution.

    It gives an overview of every learning objective for the TOGAF 9 Foundation Syllabus and in-depth coverage on preparing and taking the TOGAF 9 Part 1 Examination. It is specifically designed to help individuals prepare for certification.This Study Guide is excellent material for:a) Individuals who require a basic understanding of TOGAF 9b) Professionals who are working in roles associated with an architecture project such as those responsible for planning, execution, development, delivery, and operationc) Architects who are looking for a first introduction to TOGAF 9d) Architects who want to achieve Level 2 certification in a stepwise manner and have not previously qualified as TOGAF 8 CertifiedA prior knowledge of enterprise architecture is advantageous but not required. While reading this Study Guide, the reader should also refer to the TOGAF Version 9.1 documentation available online at www.opengroup.org and also available as hard copy from www.vanharen.net and online booksellers

    Windows Presentation Foundation (WPF) is a key component of the .NET Framework 3.0, giving you the power to create richer and more compelling applications than you dreamed possible. Whether you want to develop traditional user interfaces or integrate 3D graphics, audio/video, animation, dynamic skinning, rich document support, speech recognition, or more, WPF enables you to do so in a seamless, resolution-independent manner. Windows Presentation Foundation Unleashed is the authoritative book that covers it all, in a practical and approachable fashion, authored by .NET guru and Microsoft developer Adam Nathan. - Covers everything you need to know about Extensible Application Markup Language (XAML) - Examines the WPF feature areas in incredible depth: controls, layout, resources, data binding, styling, graphics, animation, and more - Features a chapter on 3D graphics by Daniel Lehenbauer, lead developer responsible for WPF 3D - Delves into non-mainstream topics: speech, audio/video, documents, bitmap effects, and more - Shows how to create popular UI elements, such as features introduced in the 2007 Microsoft Office System: Galleries, ScreenTips, custom control layouts, and more - Demonstrates how to create sophisticated UI mechanisms, such as Visual Studio-like collapsible/dockable panes - Explains how to develop and deploy all types of applications, including navigation-based applications, applications hosted in a Web browser, and applications with great-looking non-rectangular windows - Explains how to create first-class custom controls for WPF - Demonstrates how to create hybrid WPF software that leverages Windows Forms, ActiveX, or other non-WPF technologies - Explains how to exploit new Windows Vista features in WPF applications

    What makes an operating system modern? According to author Andrew Tanenbaum, it is the awareness of high-demand computer applications--primarily in the areas of multimedia, parallel and distributed computing, and security. The development of faster and more advanced hardware has driven progress in software, including enhancements to the operating system. It is one thing to run an old operating system on current hardware, and another to effectively leverage current hardware to best serve modern software applications. If you don't believe it, install Windows 3.0 on a modern PC and try surfing the Internet or burning a CD. Readers familiar with Tanenbaum's previous text, Operating Systems, know the author is a great proponent of simple design and hands-on experimentation. His earlier book came bundled with the source code for an operating system called Minux, a simple variant of Unix and the platform used by Linus Torvalds to develop Linux. Although this book does not come with any source code, he illustrates many of his points with code fragments (C, usually with Unix system calls). The first half of Modern Operating Systems focuses on traditional operating systems concepts: processes, deadlocks, memory management, I/O, and file systems. There is nothing groundbreaking in these early chapters, but all topics are well covered, each including sections on current research and a set of student problems. It is enlightening to read Tanenbaum's explanations of the design decisions made by past operating systems gurus, including his view that additional research on the problem of deadlocks is impractical except for "keeping otherwise unemployed graph theorists off the streets." It is the second half of the book that differentiates itself from older operating systems texts. Here, each chapter describes an element of what constitutes a modern operating system--awareness of multimedia applications, multiple processors, computer networks, and a high level of security. The chapter on multimedia functionality focuses on such features as handling massive files and providing video-on-demand. Included in the discussion on multiprocessor platforms are clustered computers and distributed computing. Finally, the importance of security is discussed--a lively enumeration of the scores of ways operating systems can be vulnerable to attack, from password security to computer viruses and Internet worms. Included at the end of the book are case studies of two popular operating systems: Unix/Linux and Windows 2000. There is a bias toward the Unix/Linux approach, not surprising given the author's experience and academic bent, but this bias does not detract from Tanenbaum's analysis. Both operating systems are dissected, describing how each implements processes, file systems, memory management, and other operating system fundamentals. Tanenbaum's mantra is simple, accessible operating system design. Given that modern operating systems have extensive features, he is forced to reconcile physical size with simplicity. Toward this end, he makes frequent references to the Frederick Brooks classic The Mythical Man-Month for wisdom on managing large, complex software development projects. He finds both Windows 2000 and Unix/Linux guilty of being too complicated--with a particular skewering of Windows 2000 and its "mammoth Win32 API." A primary culprit is the attempt to make operating systems more "user-friendly," which Tanenbaum views as an excuse for bloated code. The solution is to have smart people, the smallest possible team, and well-defined interactions between various operating systems components. Future operating system design will benefit if the advice in this book is taken to heart. --Pete Ostenson

    The book covers all of the new CompTIA Security+ 2008 exam objectives and maps to the new Security+ 2008 exam. This updated edition features many all-new topics, including topics new to the CompTIA exams like cross site scripting, SQL injection, rootkits, and virtualization, as well as topics of increasing importance in the industry as a whole, like the latest breeds of attackers, Wi-Fi Protected Access 2, and Microsoft Windows Vista security.

    The kernel handles all interactions between the CPU and the external world, and determines which programs will share processor time, in what order. It manages limited memory so well that hundreds of processes can share the system efficiently, and expertly organizes data transfers so that the CPU isn't kept waiting any longer than necessary for the relatively slow disks.The third edition of Understanding the Linux Kernel takes you on a guided tour of the most significant data structures, algorithms, and programming tricks used in the kernel. Probing beyond superficial features, the authors offer valuable insights to people who want to know how things really work inside their machine. Important Intel-specific features are discussed. Relevant segments of code are dissected line by line. But the book covers more than just the functioning of the code; it explains the theoretical underpinnings of why Linux does things the way it does.This edition of the book covers Version 2.6, which has seen significant changes to nearly every kernel subsystem, particularly in the areas of memory management and block devices. The book focuses on the following topics:Memory management, including file buffering, process swapping, and Direct memory Access (DMA)The Virtual Filesystem layer and the Second and Third Extended FilesystemsProcess creation and schedulingSignals, interrupts, and the essential interfaces to device driversTimingSynchronization within the kernelInterprocess Communication (IPC)Program executionUnderstanding the Linux Kernel will acquaint you with all the inner workings of Linux, but it's more than just an academic exercise. You'll learn what conditions bring out Linux's best performance, and you'll see how it meets the challenge of providing good system response during process scheduling, file access, and memory management in a wide variety of environments. This book will help you make the most of your Linux system.