Muutke küpsiste eelistusi

Big Breaches: Cybersecurity Lessons for Everyone 1st ed. [Pehme köide]

4.31/5 (46 hinnangut Goodreads-ist)
,
  • Formaat: Paperback / softback, 427 pages, kõrgus x laius: 235x155 mm, kaal: 724 g, 41 Illustrations, black and white; XLVII, 427 p. 41 illus., 1 Paperback / softback
  • Ilmumisaeg: 25-Feb-2021
  • Kirjastus: APress
  • ISBN-10: 1484266544
  • ISBN-13: 9781484266540
Teised raamatud teemal:
  • Pehme köide
  • Hind: 32,95 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 38,76 €
  • Säästad 15%
  • Raamatu kohalejõudmiseks kirjastusest kulub orienteeruvalt 2-4 nädalat
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Big Breaches: Cybersecurity Lessons for Everyone 1st ed.Suurem pilt
  • Formaat: Paperback / softback, 427 pages, kõrgus x laius: 235x155 mm, kaal: 724 g, 41 Illustrations, black and white; XLVII, 427 p. 41 illus., 1 Paperback / softback
  • Ilmumisaeg: 25-Feb-2021
  • Kirjastus: APress
  • ISBN-10: 1484266544
  • ISBN-13: 9781484266540
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9781484266540.html
Märksõnad:
The cybersecurity industry has seen an investment of over $45 billion in the past 15 years. Hundreds of thousands of jobs in the field remain unfilled amid breach after breach, and the problem has come to a head. It is time for everyonenot just techiesto become informed and empowered on the subject of cybersecurity.

In engaging and exciting fashion, Big Breaches covers some of the largest security breaches and the technical topics behind them such as phishing, malware, third-party compromise, software vulnerabilities, unencrypted data, and more. Cybersecurity affects daily life for all of us, and the area has never been more accessible than with this book.

You will obtain a confident grasp on industry insider knowledge such as effective prevention and detection countermeasures, the meta-level causes of breaches, the seven crucial habits for optimal security in your organization, and much more. These valuable lessons are applied to real-world cases, helping you deduce just how high-profile mega-breaches at Target, JPMorgan Chase, Equifax, Marriott, and more were able to occur.

Whether you are seeking to implement a stronger foundation of cybersecurity within your organization or you are an individual who wants to learn the basics, Big Breaches ensures that everybody comes away with essential knowledge to move forward successfully. Arm yourself with this books expert insights and be prepared for the future of cybersecurity.















Who This Book Is For





Those interested in understanding what cybersecurity is all about, the failures have taken place in the field to date, and how they could have been avoided. For existing leadership and management in enterprises and government organizations, existing professionals in the field, and for those who are considering entering the field, this book covers everything from how to create a culture of security to the technologies and processes you can employ to achieve security based on lessons that can be learned from past breaches.

Arvustused

There is a detailed table of contents and good index, and chapters conclude with succinct summaries. In essence, Daswani and Elbayadi have brought Fowlers 2016 work [ 2] up to date. This is an excellent reference for anyone working in the area of ICT cybersecurity. Management in particular will find it useful, as the authors have tried to keep technical jargon to a minimum that can be taken to protect and minimize the impact of cyberattacks on organizations. (David B. Henderson, Computing Reviews, March 31, 2023)

About the Authors xvii
About the Technical Reviewer xix
Acknowledgments xxi
Foreword xxvii
Preface xxxi
Introduction xliii
Part I Big Breaches
1(192)
Chapter 1 The Root Causes of Data Breaches
3(32)
Pragmatic Root Causes
3(1)
"Meta-Level" Root Causes: Prioritization, Investment, and Execution
4(8)
Technical Root Causes
12(21)
Unencrypted Data
15(1)
Phishing
16(3)
Malware
19(3)
Third-Party Compromise or Abuse
22(3)
Software Security
25(3)
Inadvertent Employee Mistakes
28(5)
Summary
33(2)
Chapter 2 The Capital One Breach
35(20)
Erratic
36(3)
Capital One and the "Cloud"
39(3)
Cloud Basics
42(3)
The Attack
45(7)
System Layout
45(1)
Buckets Private to WAF Role
46(1)
EC2 Instance Vulnerable to Server-Side Request Forgery (SSRF)
47(2)
Confused Deputy: Metadata Service
49(1)
Stolen Credentials
49(1)
Bucket Breach
50(1)
Incident Timeline and Aftermath
51(1)
Summary
52(3)
Chapter 3 The Marriott Breach
55(20)
The Acquisition
56(5)
Malware
60(1)
Poor Security at Starwood
61(7)
Mega-Breach Detection
64(1)
Even More Malware
65(3)
The Aftermath and Lessons Learned
68(6)
Summary
74(1)
Chapter 4 The Equifax Breach
75(22)
The Attack Explained
78(9)
Apache Struts and CVE-2017-5638
78(4)
How CVE-2017-5638 Worked
82(5)
Mega-Breach Detection
87(3)
Breach Response
90(4)
Summary
94(3)
Chapter 5 Facebook Security Issues and the 2016 US Presidential Election
97(34)
Early Privacy Incidents and FTC Action
101(6)
Watering Hole Attack
107(1)
Download More Than Just Your Information
108(1)
From Breaking Things to Fixing Things
109(1)
Russian Disinformation
110(8)
Cambridge Analytica Abuse of Facebook
118(8)
Passwords in the Clear
126(1)
More Mass Profile Exposure
127(1)
FTC Fines Facebook Five Billion Dollars
127(1)
Profiles for Sale on the Dark Web
128(1)
Summary
129(2)
Chapter 6 The OPM Breaches of 2014 and 2015
131(24)
State-Sponsored Chinese Attackers
133(1)
The Breaches: An Overview and Timeline
134(1)
The US Government Warns OPM
135(2)
X1: OPM Is Under Attack
137(1)
X1: Malware and Keylogging
138(1)
Kicking Out X1: The Big Bang
139(1)
X2: A Devastating Blow to US Intelligence
140(2)
OPM Finds Captain America and Iron Man
142(2)
Cylance Attempts to Help OPM
144(3)
Lessons Learned
147(4)
Summary
151(4)
Chapter 7 The Yahoo Breaches of 2013 and 2014
155(16)
Russian Attackers
157(2)
Attack Deep Dive
159(1)
The User Database (UDB)
160(2)
Yahoo Cookie Compromise
162(4)
Account Management Tool Compromise
165(1)
32 Million Cookies Minted
165(1)
The Aftermath
166(2)
Summary
168(3)
Chapter 8 The Target and JPMorgan Chase Breaches of 2013 and 2014
171(22)
Why Target? Why the HVAC Supplier?
172(2)
The Attack: A Black Friday Nightmare
174(3)
Target's Real-Time Attack Response
177(1)
Early Warnings
177(2)
A Timeline and the Stolen Data
179(1)
Fazio Paid for Not Paying for Anti-virus
179(1)
The Verizon Auditors
180(3)
The Aftermath
183(3)
The Hackers
186(1)
JPMorgan Chase: One of the Largest US Bank Breaches
186(1)
The Annual Race
187(1)
Hold Security Identifies Stolen Credentials
187(1)
JPMC Is Breached
188(1)
The Aftermath
189(1)
The Attackers
189(1)
Summary
190(3)
Part II Cybersecurity Lessons for Everyone
193(224)
Chapter 9 The Seven Habits of Highly Effective Security
195(38)
Habit 1 Be Proactive, Prepared, and Paranoid
197(11)
Be Proactive: Act or Be Acted Upon
198(5)
Be Prepared
203(3)
Be Paranoid
206(2)
Habit 2 Be Mission-Centric
208(5)
Organizational Focus
208(1)
Mission-Centric Activities
209(1)
Mitigating Risks
209(2)
Pulling It Together
211(1)
Security Is Risk Mitigation
212(1)
Habit 3 Build Security and Privacy In
213(8)
Keep It Simple ("Economy of Mechanism," "Least Common Mechanism")
215(1)
Fail-Safe Defaults ("Secure by Default")
216(1)
Create a Security "Choke Point" ("Complete Mediation")
217(1)
Principle of Least Privilege
217(1)
Open Design/No Security by Obscurity
218(1)
Ease of Use/Psychological Acceptability
218(1)
Avoid Security Design Flaws
219(2)
Habit 4 Focus on Security First; Achieve Compliance as a Side Effect
221(2)
Defend Your Turf Like a Security Rebel!
222(1)
Habit 5 Measure Security
223(5)
Measuring Phishing Susceptibility
224(2)
Measuring Malware Detection
226(1)
Measuring Software Vulnerabilities
227(1)
Habit 6 Automate Everything
228(2)
Habit 7 Embrace Continuous Improvement
230(1)
Summary
231(2)
Chapter 10 Advice for Boards of Directors
233(18)
Digital Transformation
234(1)
Board-Level Backdrop: Permanent Whitewater
235(2)
Speed of Digital Transformation and User Adoption
236(1)
Threats and Data Breaches
237(1)
Sizing and Prioritizing Risk
238(1)
Managing Incidents and Public Disclosures
239(2)
Before and After the Board Meeting
241(2)
Setting the Tone at the Top
241(2)
Effective Boards Lead with CARE and Asking the Right Questions
243(7)
Consistent
245(1)
Adequate
246(1)
Reasonable
247(1)
Effective
248(2)
Summary
250(1)
Chapter 11 Advice for Technology and Security Leaders
251(18)
The Invitation to the Board Meeting
252(1)
Tell a Story!
253(3)
Create Context: What Are We Protecting?
256(1)
Lead with Your Approach to Fighting Attackers, and Then Follow Up with Metrics!
257(6)
Connecting the Dots: Business Strategy and Security
263(2)
Report on Security Events Calmly
265(1)
Summary
266(3)
Chapter 12 Technology Defenses to Fight the Root Causes of Breach: Part One
269(34)
The Challenge
270(2)
Phishing Defenses
272(23)
Two-Factor Authentication (2FA)
273(1)
Security Keys
274(5)
Dedicated OTP Tokens
279(5)
Multi-factor Authentication (MFA)
284(2)
Phishing-Proof Your Domain(s) with SPF, DKIM, and DMARC
286(2)
Look-Alike Domains
288(2)
Credential Stuffing and Account Takeover
290(1)
Password Managers
291(1)
Additional Phishing Defenses
292(3)
Malware Defenses
295(7)
Anti-malware
296(2)
Endpoint Detection and Response (EDR)
298(1)
Network Detection and Response (NDR)
299(1)
Remote Browser Isolation (RBI)
300(1)
Virtual Desktop Interface (VDI)
301(1)
Summary
302(1)
Chapter 13 Technology Defenses to Fight the Root Causes of Breach: Part Two
303(28)
Mitigating Third-Party Risk
303(8)
Supplier Security
304(4)
Acquisitions
308(2)
Developers, Partners, and Customers
310(1)
Identifying Software Vulnerabilities
311(11)
First-Party Vulnerabilities
312(5)
Third-Party Vulnerabilities
317(5)
Unencrypted Data
322(4)
Data at Rest
323(1)
Data in Motion
324(1)
Data in Use
325(1)
Inadvertent Employee Mistakes
326(1)
Tactical Approach and Tool Selection
327(2)
Summary
329(2)
Chapter 14 Advice to Cybersecurity Investors
331(30)
Data Sources
331(1)
Security Startup Revolution
332(2)
Investment Factors
334(22)
Market Size/Need
335(2)
Investments to Date
337(8)
Underfunded Areas
345(11)
Root Causes
356(2)
Summary
358(3)
Chapter 15 Advice to Consumers
361(24)
Our Role as Consumers
362(2)
Seatbelts for Our Digital Lives
362(1)
The Danger Is Real
363(1)
Consumer Defense Checklist Overview
364(1)
Defense Checklist
364(3)
Protect Your Identity
367(7)
Enable Two-Factor Authentication
369(1)
Use a Password Manager
370(2)
Credit and Identity Protection
372(2)
Protect the Gateway to "Close the Front Door"
374(2)
Protect the Endpoint
376(4)
Run Anti-malware
376(1)
Encrypt Your Data
377(1)
Back Up Your Data
378(1)
System Updates
379(1)
Protect Your Interactions
380(2)
Summary
382(3)
Chapter 16 Applying Your Skills to Cybersecurity
385(24)
An Example Security Team
386(8)
Reporting Relationships
388(1)
Governance, Risk, and Compliance
389(2)
Security Engineering
391(1)
Security Operations
391(1)
Threat Intelligence
392(1)
Security Operations Center (SOC)
392(1)
Incident Response
392(2)
Getting a Job in Cybersecurity
394(13)
SOC Analyst
399(2)
Security Architect
401(2)
CISO
403(4)
Summary
407(2)
Chapter 17 Recap
409(8)
Index 417
Dr. Neil Daswani is Co-Director of the Stanford Advanced Security Certification program, and is President of Daswani Enterprises, his security consulting and training firm. He has served in a variety of research, development, teaching, and executive management roles at Symantec, LifeLock, Twitter, Dasient, Google, Stanford University, NTT DoCoMo USA Labs, Yodlee, and Telcordia Technologies (formerly Bellcore). At Symantec, he was Chief Information Security Officer (CISO) for the Consumer Business Unit, and at LifeLock he was the company-wide CISO. Neil has served as Executive-in-Residence at Trinity Ventures (funders of Auth0, New Relic, Aruba, Starbucks, and Bulletproof). He is an investor in and advisor to several cybersecurity startup companies and venture capital funds, including Benhamou Global Ventures, Firebolt, Gravity Ranch Ventures, Security Leadership Capital, and Swift VC. Neil is also co-author of Foundations of Security: What Every Programmer Needs to Know(Apress). Neil's DNA is deeply rooted in security research and development. He has dozens of technical articles published in top academic and industry conferences (ACM, IEEE, USENIX, RSA, BlackHat, and OWASP), and he has been granted over a dozen US patents. He frequently gives talks at industry and academic conferences, and has been quoted by publications such as The New York Times, USA Today, and CSO Magazine. He earned PhD and MS degrees in computer science at Stanford University, and he holds a BS in computer science with honors with distinction from Columbia University. Dr. Moudy Elbayadi has more than 20 years of experience and has worked with a number of high-growth companies and across a variety of industries, including mobile and SaaS consumer services, and security and financial services. Having held C-level positions for leading solution providers, Dr. Elbayadi has a unique 360-degree view of consumer and enterprise SaaS businesses. Hehas a consistent track record of defining technology and product strategies that accelerate growth. As CTO of Shutterfly, Dr. Elbayadi oversees all technology functions including product development, cybersecurity, DevOps, and machine learning/AI R&D functions. In this capacity he is leading the technology platform transformation. Prior to Shutterfly, Dr. Elbayadi held the position of SVP, Product & Technology for Brain Corp, a San Diego-based AI company creating transformative core technology for the robotics industry. As advisor, Dr. Elbayadi has been engaged by CEOs and senior executives of companies ranging from $10M to $2B in revenues. Representative engagements include public cloud strategy, platform integration and M&A strategy. He has advised numerous VC firms on technology and prospective investments.  Dr. Elbayadi earned a doctorate in leadership and change from Antioch University, a masters degree in organizational leadership from Chapman University, and a masters degree in business administration from the University of Redlands.