xvii
PREFACE
WHAT’S NEW IN THE SECOND EDITION
In the four and a half years since the first edition of this book was published, the field has
seen continued innovations and improvements. In this new edition, we try to capture these
changes while maintaining a broad and comprehensive coverage of the entire field. To begin
the process of revision, the first edition of this book was extensively reviewed by a number
of professors who teach the subject and by professionals working in the field. The result is
that in many places the narrative has been clarified and tightened, and illustrations have
been improved.
One obvious change to the book is a revision in the organization, which makes for a
clearer presentation of related topics. There is a new chapter on operating system security
and a new chapter on wireless security. The material in Part Three has been reallocated to
chapters in a way that presents it more systematically.
Beyond these refinements to improve pedagogy and user-friendliness, there have been
major substantive changes throughout the book. Highlights include:
• Operating system security: This chapter reflects the focus in NIST SP800-123. The
chapter also covers the important topic of virtual machine security.
• Cloud security: A new section covers the security issues relating to the exciting new
area of cloud computing.
• Application-based denial-of-service attacks: A new section deals with this prevalent
form of DoS attack.
• Malicious software: This chapter provides a different focus than that of the first edition.
Increasingly, we see backdoor/rootkit type malware installed by social engineering
attacks, rather than more classic virus/worm direct infection. And phishing is even
more prominent than ever. These trends are reflected in the coverage.
• Internet security protocol and standards: This chapter has been expanded to include
two additional important protocols and services: HTTPS and DKIM.
• Wireless security: A new chapter on wireless security has been added.
• Computer security incident response: The section on CSIR has been updated and
expanded.
• Student study aid: Each chapter now begins with a list of learning objectives.
• Sample syllabus: The text contains more material than can be conveniently covered
in one semester. Accordingly, instructors are provided with several sample syllabi
that guide the use of the text within limited time (e.g., 16 weeks or 12 weeks). These
samples are based on real-world experience by professors with the first edition.
• Practice problem set: A set of homework problems, plus solutions, is provided for
student use.
• Test bank: A set of review questions, including yes/no, multiple choice, and fill in the
blank, is provided for each chapter.