Muutke küpsiste eelistusi

Cybersecurity and the Art of Cyberwar [Pehme köide]

, ,
  • Formaat: Paperback / softback, 256 pages, kõrgus x laius: 234x156 mm, 1 Line drawings, black and white; 7 Halftones, black and white; 8 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 23-Jun-2026
  • Kirjastus: CRC Press
  • ISBN-10: 1032993081
  • ISBN-13: 9781032993089
Teised raamatud teemal:
  • Pehme köide
  • Hind: 47,80 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Tavahind: 63,74 €
  • Säästad 25%
  • See raamat ei ole veel ilmunud. Raamatu kohalejõudmiseks kulub orienteeruvalt 3-4 nädalat peale raamatu väljaandmist.
  • Kogus:
  • Lisa ostukorvi
  • Tasuta tarne
  • Tellimisaeg 2-4 nädalat
  • Lisa soovinimekirja
Cybersecurity and the Art of CyberwarSuurem pilt
  • Formaat: Paperback / softback, 256 pages, kõrgus x laius: 234x156 mm, 1 Line drawings, black and white; 7 Halftones, black and white; 8 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 23-Jun-2026
  • Kirjastus: CRC Press
  • ISBN-10: 1032993081
  • ISBN-13: 9781032993089
Teised raamatud teemal:
Teised raamatud sellest sooduspakkumisest: Kevadine sooduspakkumine - kuni 31. maini üle miljoni raamatu kuni 25% soodsamalt
Püsilink: https://www.kriso.ee/db/9781032993089.html
The relevant statistic for this book is that only twenty-nine percent of the annual, overall loss to cyber exploits is attributable to purely electronic attacks. The remaining human and physical exploits account for seventy-one percent. Hence, it is self-evident that effective cyber-protection requires an appropriately tailored and synergistic electronic, human, and physical security control system.The problem is that the industry doesn't view it that way. Over the past thirty years, cyber protection has been viewed as a purely electronic computer-based problem. That thinking might even have made sense before the advent of sophisticated social engineering and other kinds of non-electronic attacks. But now that significant losses from exploits such as insider theft or phishing can occur, any cyber defence that relies solely on an electronic solution is, almost by definition, doomed to failure. That is because the modern adversary is smart.That is why reconnaissance is the hacker's first principle. Before any attack begins, the aim is to identify the places in the defence that are insufficiently secured or lack appropriate controls. Hence, in practical terms, investing in intricate electronic solutions is a waste of time. That's because they only encourage your adversary to try something else. Saltzer and Schroeder called this phenomenon the "work factor."In practical terms, the work factor principle means that the hacker will follow the path of least resistance. So, it is irrelevant whether the attack is elegant or brute force—if it succeeds in breaching the protection. Consequently, if there are robust electronic elements protecting your system, the intruder will simply go to exploits like social engineering, subverting an insider, accessing an unattended endpoint, or simply stealing the device.A proper defence requires all the fort's walls to be present and properly designed and implemented. So, robust human and physical controls must also be integrated into the solution. That requirement—e.g., no apparent gaps in the defence—is the justification for this book.The book will present the basic principles of holistic security. Holistic security is based on developing a complete architecture of synergistic controls tailored to specifically address the actual concerns of a given protection target. It is a strategic reconnaissance design and implementation process, not a head-down focus on deploying electronic controls.

“The art of war is of vital importance to the state. It is a matter of life or death. Hence, it is a subject which can on no account be neglected.” Sun Tzu

Why are we calling this war? It’s because the conflict in cyberspace is a matter of national concern, and we are, most assuredly, losing the current struggle.

Chapter One - Introduction: Holistic Security
A. The Ongoing Disaster in Cyberspace this documents the general challenge
of securing virtual space
B. Electronic Solutions are not a Solution this explains why a solely
electronic approach is by definition inadequate by itemizing the other
legitimate categories of attack and providing a taxonomy of the various
legitimate methods of attack.
C. Why We Need a Holistic Approach this outlines the necessity for a
context-based, total solution, and as well as the process for building
cybersecurity systems
D. The Cybersecurity Process this presents a unique three-domain,
meta-process for holistic solutions and explains/justifies the logic behind
why that process has to be followed
Chapter Two Three Legitimate Attack Surfaces and their Different Challenges

A. Electronic Attack Surface Elements and Controls characteristics,
strengths and weaknesses of the electronic elements of the system and their
common mitigations.
B. Human Attack Surface Elements and Controls characteristics, strengths
and weaknesses of the human behavioral elements of the system and their
common mitigations.
C. Physical Attack Surface Elements and Controls - characteristics, strengths
and weaknesses of the physical elements of the system and their common
mitigations.
D. Architecture: Ensuring Synergy Between Attack Surfaces this describes
the process for integrating control solutions for each interface into a
single holistic response
Chapter Three Common Best Practice Standards for Holistic Security
A. What is Best Practice and Why is it Important description of how best
practice for the profession of cybersecurity evolves over time and the
resulting standard frameworks
B. Commonly Accepted Best Practice Frameworks discussion of the standard
models for implementing holistic cybersecurity and how they specifically
apply in real world practice.
a) ISO 27000 international specification of the cybersecurity process
elements
b) FIPS 200/NIST 800-53 specification of the U.S. requirements for
cybersecurity
c) COBIT the most commonly adopted commercial standard l for cybersecurity

d) ISO 12207 international specification of the software process elements
Chapter Four - Practical Defence in Depth: Integration of Best Practice into
a Holistic Response
A. Explanation of the Strategic Concept of Defence in Depth What is the
purpose of defence in depth? What are the roles of coherent perimeters in
defining it
B. Use of a Standard Model to Implement Specific Protection Needs the
universal process for selection and deployment of best practice control sets

C. Why Top Down Development is Essential? how an iterative process of top
down refinement can be used to adapt abstract principles to a specific
practical solution
D. Integrating Control Sets into a Holistic System how common control
categories can be utilized to validate the correctness of a real world
holistic solution
Chapter Five Creating the Solution: Architectural Concerns and Tailoring
A. Building Real Architecture Out of Tailored Control Sets how to create a
substantive individualized protection system for real world organizational
application
B. What is Tailoring and Why is It Necessary the generally accepted method
for adapting a standards general best practice recommendations to a given
specific instance
C. Ensuring Synergistic Responses methods for building proper
interdependence and interactive synergy into the composition of a tailored
architecture.
D. The Tailoring Process: Examples this provides detailed specific examples
of the tailoring process for two common standards (ISO 27000 and FIPS
200/NIST 800-53)
Chapter Six Maintaining a Holistic Solution: Evaluation and Evolution
A. Practical Control Baselines: How are they Created and Maintained - a
practical methodology for building substantive control baselines for a given
instance
B. Ensuring Effective Control Performance examples of common methodologies
for validating and verifying control baseline effectiveness.
C. Assessing Control Performance in the Operational Setting method for
ensuring that the status of the control baseline is always known and
validated as correct
D. Control Architecture Change Management and Evolution method for
effective operational management of changes to organizational control
architectures
Chapter Seven Practical Considerations for the Board Room: Changing the
Culture
A. We Dont do it That Way: The Problem of Organizational Culture large
scale strategies for overcoming corporate inertia and resistance to change
B. The Role and Accountability of Leadership in Obtaining Practical Results
five large scale governance factors that must be recognized and enforced by
corporate leadership
C. The Capable Organization and How You Get There a staged approach to
development of a capable organizational security response
D. Education and Training a method for implementing education and training
programs to ensure the continuing security behaviour of individuals in the
corporate environment.
Dan Shoemaker has 15 prior books with McGraw Hill, Cengage and T&F Distinguished Visitor of the IEEE and Member of the Editorial Board of Computers and Security. National Chair of Workforce Training and Education for the Software Assurance Initiative at the Department of Homeland Security (DHS).Professor and Director of the National Security Agency Center of Academic Excellence in Cyber Defence Education (CAE/CDE) Graduate Program at The University of Detroit Mercy. 50 years of experience in the profession.