The New State of the Art in Information Security From Cloud to Crypto AI Driven Security to Post Quantum Computing Now extensively updated throughout Security in Computing Sixth Edition is today s one stop primary text for everyone teaching learning and practicing information cybersecurity It defines core principles associated with modern security policies processes and protection illustrates them with up to date sidebars and examples and shows how to apply them in practice Modular and flexibly organized it supports a wide array of courses strengthens professionals knowledge of foundational principles and imparts a more expansive understanding of modern security This edition adds or expands coverage of artificial intelligence and machine learning tools app and browser security security by design securing cloud IoT and embedded systems privacy enhancing technologies protecting vulnerable individuals and groups strengthening security culture cryptocurrencies and blockchain offensive cyberwarfare post quantum computing and more It contains many new diagrams exercises sidebars and examples and is mapped to two leading frameworks the US NIST National Initiative for Cybersecurity Education NICE and the UK Cyber Body of Knowledge CyBOK Because programmers make mistakes of many kinds we can never be sure all programs are without flaws We know of many practices that can be used during software development to lead to high assurance of correctness This chapter surveys programs and programming errors programmers make and vulnerabilities attackers exploit These failings can have serious consequences as reported almost daily in the news However there are techniques to mitigate these shortcomings In this section we presented several characteristics of good secure software Of course a programmer can write secure code that has none of these characteristics and faulty software can exhibit all of them These qualities are not magic they cannot turn bad code into good Rather they are properties that many examples of good code reflect and practices that good code developers use the properties are not a cause of good code but are paradigms that tend to go along with it Following these principles affects the mindset of a designer or developer encouraging a focus on quality and security this attention is ultimately good for the resulting product and for its users Cryptography is a specialized topic that depends on several areas of mathematics and theoretical computer science including number theory finite field algebra computational complexity and logic After reading this overview you would need to develop a significant background to study cryptography in depth And we caution you strongly against studying a little cryptography and concluding that you can design your own secure cryptosystem The field of cryptography is littered with failed approaches designed even by experts so nonexperts are well advised to leave the driving to the professionals Remember from Chapter 2 that cryptanalysis is the act of studying a cryptographic algorithm its implementation plaintext ciphertext and any other available information to try to break the protection of encryption A cryptanalyst s chore is to break an encryption That is the cryptanalyst attempts to deduce the original meaning of a ciphertext message Better yet the cryptanalyst hopes to determine which decrypting algorithm and ideally which key match the encrypting algorithm to be able to break other messages encoded in the same way Core security concepts Assets threats vulnerabilities controls confidentiality integrity availability attackers and attack typesThe security practitioner s toolbox Identification authentication access control and encryptionAreas of practice Securing programs userinternet interaction operating systems networks data databases and cloud computingCross cutting disciplines Privacy management law and ethicsUsing cryptography Solve real problems and explore its formal and mathematical underpinningsEmerging topics and risks AI and adaptive cybersecurity blockchains and cryptocurrencies computer assisted offensive warfare and quantum computing