Henrique M. D. Santos - Cybersecurity (Chapman & Hall/CRC Textbooks in Computing)

Textbooks in Computing

Series Editors

John Impagliazzo

Andrew McGettrick

Pascal Hitzler, Markus Krtzsch, and Sebastian Rudolph, Foundations of Semantic Web Technologies

Henrik Brbak Christensen, Flexible, Reliable Software: Using Patterns and Agile Development

John S. Conery, Explorations in Computing: An Introduction to Computer Science

Lisa C. Kaczmarczyk, Computers and Society: Computing for Good

Mark Johnson, A Concise Introduction to Programming in Python

Paul Anderson, Web 2.0 and Beyond: Principles and Technologies

Henry Walker, The Tao of Computing, Second Edition

Ted Herman, A Functional Start to Computing with Python

Mark Johnson, A Concise Introduction to Data Structures Using Java

David D. Riley and Kenny A. Hunt, Computational Thinking for the Modern Problem Solver

Bill Manaris and Andrew R. Brown, Making Music with Computers: Creative Programming in Python

John S. Conery, Explorations in Computing: An Introduction to Computer Science and Python Programming

Jessen Havill, Discovering Computer Science: Interdisciplinary Problems, Principles, and Python Programming

Efrem G. Mallach, Information Systems: What Every Business Student Needs to Know

Iztok Fajfar, Start Programming Using HTML, CSS, and JavaScript

Mark C. Lewis and Lisa L. Lacher, Introduction to Programming and Problem-Solving Using Scala, Sec- ond Edition

Aharon Yadin, Computer Systems Architecture

Mark C. Lewis and Lisa L. Lacher, Object-Orientation, Abstraction, and Data Structures Using Scala, Second Edition

Henry M. Walker, Teaching Computing: A Practitioner's Perspective

Efrem G. Mallach, Information Systems:What Every Business Student Needs to Know, Second Edition

Jessen Havill, Discovering Computer Science: Interdisciplinary Problems, Principles, and Python Pro- gramming, Second Edition

Henrique M. D. Santos, Cybersecurity: A Practical Engineering Approach

For more information about this series please visit:

https://www.routledge.com/Chapman--HallCRC-Textbooks-in-Computing/book-series/CANDHTEXCOMSER

First edition published 2022

by CRC Press

6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742

and by CRC Press

4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN

CRC Press is an imprint of Taylor & Francis Group, LLC

2022 Henrique M. D. Santos

Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowl- edged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including pho- tocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, access

Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe.

Library of Congress Cataloging-in-Publication Data

Names: Santos, Henrique, 1960- author.

Title: Cybersecurity : a practical engineering approach / Henrique M. D. Santos.

Description: First edition. | Boca Raton : CRC Press, 2022. | Series: Chapman & Hall/CRC textbooks in computing | Includes bibliographical references and index.

Identifiers: LCCN 2021049495 | ISBN 9780367252427 (hbk) | ISBN 9781032211305 (pbk) | ISBN 9780429286742 (ebk)

Subjects: LCSH: Computer networksSecurity measures. | Computer security.

Classification: LCC TK5105.59 .S2595 2022 | DDC 005.8dc23/eng/20220103

LC record available at https://lccn.loc.gov/2021049495

ISBN: 978-0-367-25242-7 (hbk)

ISBN: 978-1-032-21130-5 (pbk)

ISBN: 978-0-429-28674-2 (ebk)

DOI: 10.1201/9780429286742

Typeset in Computer Modern

by KnowledgeWorks Global Ltd.

Publisher's note: This book has been prepared from camera-ready copy provided by the authors.

Access the Support Material: https://hsantos.dsi.uminho.pt/cybersecengbook-crc

To my wife

and my sons (extending to the daughters they have chosen and the grandsons that delight me).

To my parents

In today's world, we experience many challenges involving computer security. Criminals compromise millions of accounts from major companies, siphon billions of Euros each year from businesses and personal accounts, and coerce thousands of people and companies through spyware, ransomware, and phishing schemes. In addition, consumers witness almost daily news broadcasts of the malicious abuse of computer usage and the lack of integrity in cybersecurity protection in the routine use of digital expressions. This change in life has caused concern at finance, research, government, and educational institutions.

Security and cybersecurity education degree programs have emerged to combat these threats to humans and society over the past two decades. As a result, students, teachers, and researchers have developed a greater interest in secure computing in recent years. Professor Henrique Santos has written this textbook, adequately titled Cybersecurity: A Practical Engineering Approach. In brief, Professor Santos has hit the mark in transforming intellectual and practical thought to this vital subject. Henrique and I first met in Santos (yes, Santos), Brazil, in 2017. Since then, he and I have developed a close human bond in our mutual promotion of quality computing education. We both believe that cybersecurity should be part of every student's university education. He is a known scholar in European computing circles and has produced several doctoral graduates in cybersecurity. I encouraged him to develop this work, and I am delighted he decided to do so. His efforts have created a helpful book in a pedagogical style where chapters include summaries, problem statements, and thought-provoking exercises. The writing style is clear, concise, and to the point.

The book's content promotes thought and diligence. Students should appreciate this direct approach as they dwell among the elements surrounding the cybersecurity field. The content style of the work is refreshing. The author uses methods and data founded by the International Standards Organization (ISO), the North Atlantic Treaty Organization (NATO), the National Institute of Standards and Technology (NIST) in North America, and other agencies responsible for publishing cybersecurity guidelines. The information, standards, and data used are non-confidential and form a fundamental basis to present ideas and processes for students to consider. While not explicitly stated, this work addresses the eight elements stated in the ACM/IEEE Curriculum Guidelines for Post-Secondary Degree Programs in Cybersecurity (CSEC2017). These guidelines promote eight knowledge areas: data security, software security, component security, connection security, system security, human security, organizational security, and societal security. Hence, Professor Santos has addressed these security areas and has done so convincingly and pragmatically. All students should benefit from the experience derived from this work, which is practical, meaningful, and readable.