Muutke küpsiste eelistusi

Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity [Kõva köide]

3.25/5 (8 hinnangut Goodreads-ist)
, (Lawrence Technological University, USA),
  • Formaat: Hardback, 578 pages, kõrgus x laius: 234x156 mm, kaal: 2170 g, 151 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 20-Apr-2020
  • Kirjastus: CRC Press
  • ISBN-10: 0367900947
  • ISBN-13: 9780367900946
Teised raamatud teemal:
Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in CybersecuritySuurem pilt
  • Formaat: Hardback, 578 pages, kõrgus x laius: 234x156 mm, kaal: 2170 g, 151 Illustrations, black and white
  • Sari: Security, Audit and Leadership Series
  • Ilmumisaeg: 20-Apr-2020
  • Kirjastus: CRC Press
  • ISBN-10: 0367900947
  • ISBN-13: 9780367900946
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780367900946.html
Märksõnad:
"This book explains the content, purpose and use of the eight standard knowledge areas that constitute the emerging discipline of cybersecurity. It captures and explains that body of knowledge, to provide teachers and students with a complete picture of the field at a suitable depth of understanding"--

The Cybersecurity Body of Knowledge explains the content, purpose, and use of eight knowledge areas that define the boundaries of the discipline of cybersecurity. The discussion focuses on, and is driven by, the essential concepts of each knowledge area that collectively capture the cybersecurity body of knowledge to provide a complete picture of the field.

This book is based on a brand-new and up to this point unique, global initiative, known as CSEC2017, which was created and endorsed by ACM, IEEE-CS, AIS SIGSEC, and IFIP WG 11.8. This has practical relevance to every educator in the discipline of cybersecurity. Because the specifics of this body of knowledge cannot be imparted in a single text, the authors provide the necessary comprehensive overview. In essence, this is the entry-level survey of the comprehensive field of cybersecurity. It will serve as the roadmap for individuals to later drill down into a specific area of interest.

This presentation is also explicitly designed to aid faculty members, administrators, CISOs, policy makers, and stakeholders involved with cybersecurity workforce development initiatives. The book is oriented toward practical application of a computing-based foundation, crosscutting concepts, and essential knowledge and skills of the cybersecurity discipline to meet workforce demands.

Dan Shoemaker

, PhD, is full professor, senior research scientist, and program director at the University of Detroit Mercy’s Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.

Anne Kohnke

, PhD, is an associate professor of cybersecurity and the principle investigator of the Center for Academic Excellence in Cyber Defence at the University of Detroit Mercy. Anne’s research is focused in cybersecurity, risk management, threat modeling, and mitigating attack vectors.

Ken Sigler

, MS, is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. Ken’s research is in the areas of software management, software assurance, and cybersecurity.

Arvustused

Book Foreword:

I have great pleasure in writing this foreword. I have worked with Dan, Anne, and Ken over the past six years as this amazing team has written six books for my book collection initiative. Their newest effort, The Cybersecurity Body of Knowledge: The ACM/IEEE/AIS/IFIP Recommendations for a Complete Curriculum in Cybersecurity, brings together a comprehensive understanding of cybersecurity and should be on the book shelf of every professor, student, and practitioner.

Right now, the study of cybersecurity is pretty-much in the eye of the beholder because the number of interpretations about what ought to be taught is limited only by the number of personal agendas out there in the field.

Through discussion with the team, I've learned that every well-established discipline of scholarship and practice has gone through the process of research, extensive discussions, formation of communities of practice, and thought leadership to continually build the body of knowledge. Over time, diverse voices put forth ideas, concepts, theories, and empirical evidence to advance the thinking and in every discipline there comes a time when thought leaders establish generally accepted standards based on a comprehensive view of the body of knowledge.

I believe that time has come for the discipline of cybersecurity.

Beginning with a narrow focus on computer security, the discipline has advanced tremendously and has accurately become known as a fundamentally computing-based discipline that involves people, information, technology, and processes. Additionally, as the global cyber infrastructure increases the possible targets, the interdisciplinary nature of the field includes aspects of ethics, law, risk management, human factors, and policy. The growing need to protect not just corporate information and intellectual property, but to maintain national security has created a demand for specialists across a range of work roles, with the knowledge of the complexities of holistically assuring the security of systems. A vision of proficiency in cybersecurity, that aligns with industry needs and involves a broad global audience of stakeholders, was needed to provide stability and an understanding of the boundaries of the discipline.

The formation of the CSEC2017 Joint Task Force - involving four major international computing societies: the Association of Computing Machinery (ACM), the IEEE Computer Society (IEEE CS), the Association for Information Systems Special Interest Group on Information Security and Privacy (AIS SIGSEC), and the International Federation for Information Processing Technical Committee on Information Security Education (IFIP WG 11.8) - came together to publish the single commonly accepted guidelines for cybersecurity curriculum (the CSEC2017 Report). The CSEC2017 Report authors have produced a thought model and structure in which the comprehensive discipline of cybersecurity can be well understood. With this understanding, development within academic institutions and industry can prepare a wide range of programs grounded in fundamental principles.

This book explains the process by which the CSEC2017 Report was formulated and its pedigree. It discusses the knowledge units of each of the eight knowledge area categories of the field in detail. The reader will understand the required knowledge for cybersecurity and gain a basic understanding of the application and purpose of each of these myriad elements.

I have studied the various chapters and believe the seamless flow of the content will benefit all readers and that the extensive use of visuals greatly improves readability. Although knowledge knows no end, dissemination and sharing of knowledge are critical. I believe this book will help form the foundation of the next evolution of cybersecurity and I congratulate the team on their work and their amazing result.

Dan Swanson

Series Editor

Reviews:





"The Cybersecurity Body of Knowledge

is a technical but readable guide to the eight areas that make up the core cybersecurity areas. Rather than treating the book as a knowledge dump of everything cybersecurity, the authors present the essential cybersecurity elements readers need to know.Cybersecurity knowledge cannot be conveyed in a single volume. In fact, the cybersecurity curriculum guidelines developed by the JTF run to more than 100 pages. Those looking for a comprehensive roadmap to effectively begin their cybersecurity journey will find that The Cybersecurity Body of Knowledge is an excellent guide."





Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a senior information security specialist with Tapad, Inc.



https://www.asisonline.org/security-management-magazine/articles/2021/01/book-review-the-cybersecurity-body-of-knowledge/

Foreword 1 xvii
Foreword 2 xxi
Author Biographies xxv
Introduction xxvii
Chapter 1 Securing Cyberspace Is Everybody's Business
1(38)
Introduction: The Current Situation Is Out of Control
1(2)
The Challenge: How Do You Protect Something that Doesn't Actually Exist?
3(2)
We Must Re-evaluate Our Assumptions
5(2)
The Adversary Changes Things
7(2)
The Three-Legged Stool
9(2)
Learning to Play Better with Others
11(1)
Creating a Holistic Solution
11(1)
The Importance of Knowing What to Do
12(1)
Enabling Common Understanding
12(1)
Education Is the Key
13(1)
The Body of Knowledge and Educational Strategy
14(2)
Cybersecurity as an Academic Study
16(2)
The Association for Computing Machinery (ACM)
16(1)
The International Society of Electrical and Electronic Engineers (IEEE)
17(1)
The Association for Information Systems (AIS)
17(1)
The International Federation for Information Processing (IFIP)
18(1)
The Importance of Unified Recommendations about Areas of Vital Interest
18(1)
Circumscribing the Field: Background and Intention of CC2005
19(3)
Defining the Elements of the Discipline of Cybersecurity: CSEC2017
22(1)
Knowledge Area One: Data Security
23(1)
Knowledge Area Two: Software Security
24(1)
Knowledge Area Three: Component Security
24(1)
Knowledge Area Four: Connection Security
25(1)
Knowledge Area Five: System Security
25(1)
Knowledge Area Six: Human Security
26(1)
Knowledge Area Seven: Organizational Security
26(1)
Knowledge Area Eight: Societal Security
27(1)
Real-World Utilization of the CSEC2017 Body of Knowledge
28(1)
CSEC2017 Framework Areas of Application
29(3)
Thirty Review Questions: Introduction to the CSEC Standard
32(1)
You Might Also Like to Read
33(1)
Chapter Summary
34(1)
Keywords
35(1)
References
36(3)
Chapter 2 The Cybersecurity Body of Knowledge
39(48)
Bodies of Knowledge Are Essential Tools in Educational Settings
39(1)
Bodies of Knowledge
40(2)
Making Cybersecurity Teaching Real
42(1)
Validating Curricular Concepts
43(2)
Applying the CSEC2017
45(3)
The CSEC2017 Model
48(4)
The CSEC2017 Organization
52(2)
The CSEC2017 Implementation Process
54(2)
Knowledge Area One: Data Security
56(2)
Knowledge Area Two: Software Security
58(4)
Knowledge Area Three: Component Security
62(2)
Knowledge Area Four: Connection Security
64(4)
Knowledge Area Five: System Security
68(2)
Knowledge Area Six: Human Security
70(4)
Knowledge Area Seven: Organizational Security
74(4)
Knowledge Area Eight: Societal Security
78(3)
Twenty Review Questions: The Cybersecurity Body of Knowledge
81(1)
You Might Also Like to Read
82(1)
Chapter Summary
82(2)
Keywords
84(1)
References
85(2)
Chapter 3 Data Security
87(68)
Surviving in a Digital Era
87(2)
The CSEC2017 Data Security Knowledge Units
89(2)
Knowledge Unit One: Cryptography
91(10)
Basic Concepts
92(2)
Advanced Concepts
94(1)
Mathematical Background
94(1)
Historical Ciphers
95(2)
Symmetric (Private Key) Ciphers
97(1)
Asymmetric (Public Key) Ciphers
98(3)
Knowledge Unit Two: Digital Forensics
101(16)
Introduction
103(1)
Legal Issues
103(1)
Digital Forensics Tools
104(2)
Investigatory Processes
106(2)
Acquisition and Preservation of Digital Evidence
108(3)
Analysis of Evidence
111(1)
Presentation of Results
112(1)
Authentication of Evidence
113(1)
Reporting, Incident Response, and Handling
114(2)
Mobile Forensics
116(1)
Knowledge Unit Three: Data Integrity and Authentication
117(6)
Authentication Strength
117(2)
Password Attacks
119(1)
Password Storage Techniques
120(1)
Data Integrity
121(2)
Knowledge Unit Four: Access Control
123(5)
Physical Data Security
124(1)
Logical Data Access Control
125(1)
Secure Architecture Design
126(1)
Data Leak Prevention
127(1)
Knowledge Unit Five: Secure Communication Protocols
128(4)
Application and Transport Layer Protocols
129(1)
Attacks on Transport Layer Security
130(1)
Internet/Network Layer
131(1)
Privacy Preserving Protocols
131(1)
Data Link Layer
132(1)
Knowledge Unit Six: Cryptanalysis
132(6)
Classical Attacks
134(1)
Side-Channel Attacks
135(1)
Attacks against Private Key Ciphers
135(1)
Attacks against Public Key Ciphers
136(1)
Algorithms for Solving the Discrete Log Problem
137(1)
Attacks on RSA
137(1)
Knowledge Unit Seven: Data Privacy
138(3)
Knowledge Unit Eight: Information Storage Security
141(6)
Disk and File Encryption
142(1)
Data Erasure
143(2)
Data Masking
145(1)
Database Security
145(1)
Data Security Law
146(1)
Chapter Review Questions
147(2)
You Might Also Like to Read
149(1)
Chapter Summary
150(1)
Learning Objectives for the Data Security Knowledge Area
151(1)
Keywords
152(1)
References
153(2)
Chapter 4 Software Security
155(58)
Building Pathways toward Software Security
155(1)
The CSEC2017 Software Security Knowledge Units
156(2)
Knowledge Unit One: Fundamental Principles
158(11)
Least Privilege
159(1)
Fail-Safe Defaults
160(1)
Complete Mediation
160(1)
Separation of Duties
161(1)
Minimize Trust
161(1)
Economy of Mechanism
162(1)
Minimize Common Mechanism
163(1)
Least Astonishment
163(1)
Open Design
164(1)
Layering
164(2)
Abstraction
166(1)
Modularity
167(1)
Complete Linkage
168(1)
Design for Iteration
169(1)
Knowledge Unit Two: Design
169(7)
Derivation of Security Requirements
170(2)
Specification of Security Requirements
172(1)
Software Development Life Cycle/Security Development Life Cycle
173(2)
Programming Languages and Type-Safe Languages
175(1)
Knowledge Unit Three: Implementation
176(8)
Validating Input and Checking Its Representation
177(1)
Using API's Correctly
178(1)
Using Security Features
179(1)
Checking Time and State Relationships
180(1)
Handling Exceptions and Errors Properly
180(1)
Programming Robustly
181(2)
Encapsulating Structures and Modules
183(1)
Taking Environment into Account
183(1)
Knowledge Unit Four: Analysis and Testing
184(3)
Static and Dynamic Analysis
185(1)
Unit Testing
186(1)
Integration Testing
186(1)
Software Testing
187(1)
Knowledge Unit Five: Deployment and Maintenance
187(7)
Configuring
190(1)
Patching and the Vulnerability Life Cycle
191(1)
Checking Environment
192(1)
DevOps
192(1)
Decommissioning and Retiring
193(1)
Knowledge Unit Six: Documentation
194(7)
Installation Documents
196(1)
User Guides and Manuals
197(2)
Assurance Documentation
199(1)
Security Documentation
199(2)
Knowledge Unit Seven: Ethics
201(6)
Ethical Issues in Software Development
202(2)
Social Aspects of Software Development
204(1)
Legal Aspects of Software Development
204(1)
Vulnerability Disclosure
205(1)
What, When, and Why to Test
206(1)
Twenty Review Questions for This
Chapter
207(1)
You Might Also Like to Read
208(1)
Chapter Summary
209(1)
Learning Objectives for the Component Security Knowledge Area
210(1)
Keywords
211(1)
Reference
212(1)
Chapter 5 Component Security
213(48)
It All Starts with the Components
213(4)
The CSEC2017 Component Security Knowledge Units
217(2)
Knowledge Unit One: Component Design
219(14)
Component Design Security
221(3)
Principles of Secure Component Design
224(5)
Component Identification
229(1)
Anti-reverse Engineering Techniques
230(1)
Side Channel Attack Mitigation
231(1)
Anti-tamper Technologies
232(1)
Knowledge Unit Two: Component Procurement
233(6)
Supply Chain Risks
235(1)
Supply Chain Security
236(2)
Supplier Vetting
238(1)
Knowledge Unit Three: Component Testing
239(5)
Principles of Unit Testing
241(1)
Security Testing
242(1)
Stress Testing
243(1)
Fuzz Testing
243(1)
Penetration Tests
244(1)
Knowledge Unit Four: Component Reverse Engineering
244(6)
Design Reverse Engineering
246(1)
Hardware Reverse Engineering
247(2)
Software Reverse Engineering
249(1)
Forty Review Questions: Component Security
250(1)
You Might Also Like to Read
251(1)
Chapter Summary
252(6)
Learning Objectives for the Component Security Knowledge Area
258(1)
Keywords
259(1)
Reference
259(2)
Chapter 6 Connection Security
261(76)
Introduction: Hie Challenge of Connecting the Enterprise
261(3)
The CSEC Connection Security Knowledge Areas
264(1)
Knowledge Unit One: Physical Media
265(9)
Transmission in a Medium
267(1)
Shared and Point-to-Point Media
268(1)
Sharing Models
269(2)
Common Technologies
271(3)
Knowledge Unit Two: Physical Interfaces and Connectors
274(1)
Hardware Characteristics and Materials
274(5)
Standards
276(1)
Common Connectors
277(2)
Knowledge Unit Three: Hardware Architecture
279(5)
Standard Architectures
280(1)
Hardware Interface Standards
281(1)
Common Architectures
282(2)
Knowledge Unit Four: Distributed Systems Architecture
284(10)
Network Architectures, General Concepts
286(1)
World Wide Web
287(1)
The Internet
288(2)
Protocols and Layering
290(1)
High Performance Computing (Supercomputers)
291(1)
Hypervisors and Cloud Computing Implementations
292(1)
Vulnerabilities
293(1)
Knowledge Unit Five: Network Architecture
294(8)
General Concepts
296(1)
Common Architectures
297(1)
Forwarding
298(1)
Routing
299(1)
Switching/Bridging
300(1)
Emerging Trends
301(1)
Virtualization and Virtual Hypervisor Architecture
302(1)
Knowledge Unit Six: Network Implementations
302(5)
IEEE 802/ISO Networks
303(1)
IETF Networks and TCP/IP
304(1)
Practical Integration and Ulue Protocols
305(1)
Vulnerabilities and Example Exploits
306(1)
Knowledge Unit Seven: Network Services
307(6)
Concept of a Service
308(1)
Service Models (Client-Server, Peer to Peer)
309(1)
Service Protocols and Concepts (IPC APIs, IDLs)
309(1)
Common Service Communication Architectures
310(1)
Service Virtualization
311(1)
Vulnerabilities and Example Exploits
312(1)
Knowledge Unit Eight: Network Defense
313(16)
Network Hardening
314(2)
Implementing Firewalls and Virtual Private Networks VPNs)
316(1)
Defense in Depth
317(1)
Honeypots and Honeynets
318(1)
Network Monitoring
319(1)
Network Traffic Analysis
319(1)
Minimizing Exposure (Attack Surface and Vectors)
320(1)
Network Access Control (Internal and External)
321(1)
Perimeter Networks/Proxy Servers
322(1)
Network Policy Development and Enforcement
323(1)
Network Operational Procedures
323(1)
Network Attacks
324(3)
Threat Hunting and Machine Learning
327(2)
Twenty Review Questions: Connection Security
329(1)
You Might Also Like to Read
330(1)
Chapter Summary
331(2)
Learning Objectives for the Connection Security Knowledge Area
333(1)
Keywords
334(1)
References
335(2)
Chapter 7 System Security
337(56)
Assembling the Parts into a Useful Whole
337(1)
The Key Role of Design in Systems
338(2)
The CSEC2017 System Security Knowledge Units
340(2)
Knowledge Unit One: System Thinking
342(9)
What Is a System?
344(2)
What Is Systems Engineering?
346(1)
Security of General-Purpose Systems
346(1)
Security of Special-Purposes Systems
347(1)
Threat Models
348(1)
Requirements Analysis
348(1)
Fundamental Principles
349(2)
Development for Testing
351(1)
Knowledge Unit Two: System Management
351(7)
Policy Models
353(1)
Policy Composition
353(1)
Use of Automation
354(1)
Patching and the Vulnerability Life Cycle
354(1)
Operation
355(2)
Commissioning and Decommissioning
357(1)
Insider Threat
357(1)
Documentation
357(1)
Systems and Procedures
358(1)
Knowledge Unit Three: System Access
358(3)
Authentication Methods
360(1)
Identity
360(1)
Knowledge Unit Four: System Control
361(9)
Access Control
362(1)
Authorization Models
363(2)
Intrusion Detection
365(1)
Defenses
366(1)
Audit
367(1)
Malware
367(1)
Vulnerability Models
368(1)
Penetration Testing
368(1)
Vulnerability Mapping
369(1)
Forensics
369(1)
Recovery Resilience
370(1)
Knowledge Unit Five: System Retirement
370(2)
Decommissioning
371(1)
Knowledge Unit Six: System Testing
372(4)
Validating Requirements
373(1)
Validating Composition of Components
374(1)
Unit versus System Testing
374(1)
Formal Verification of Systems
375(1)
Knowledge Unit Seven: Common System Architectures
376(4)
Internet of Things (IoT)
378(1)
Embedded Systems
378(1)
Mobile Systems
378(1)
Autonomous Systems
379(1)
General-Purpose Systems
380(1)
Seventy Review Questions: System Security
380(3)
You Might Also Like to Read
383(1)
Chapter Summary
384(5)
Learning Objectives for the Component Security Knowledge Area
389(2)
Keywords
391(1)
References
391(2)
Chapter 8 Human Security
393(42)
Human-Centered Threats
393(1)
Ensuring Disciplined Practice
394(1)
The Challenging Case of Human Behavior
395(2)
The CSEC2017 Human Security Knowledge Units
397(1)
Knowledge Unit One: Identity Management
398(4)
Identification and Authentication of People and Devices
400(1)
Physical Asset Control
400(1)
Identity as a Service (IDaaS)
401(1)
Third-Party Identity Services
401(1)
Access Control Attacks and Mitigation Measures
402(1)
Knowledge Unit Two: Social Engineering
402(4)
Types of Social Engineering Attacks
403(1)
Psychology of Social Engineering Attacks
404(1)
Misleading Users
405(1)
Detection and Mitigation of Social Engineering Attacks
405(1)
Knowledge Unit Three: Personal Compliance
406(6)
System Misuse and User Misbehavior
409(1)
Enforcement and Rules of Behavior
410(1)
Proper Behavior under Uncertainty
411(1)
Knowledge Unit Four: Awareness and Understanding
412(3)
Cyber Hygiene
413(1)
Cybersecurity User Education
414(1)
Cyber Vulnerabilities and Threats Awareness
415(1)
Knowledge Unit Five: Social and Behavioral Privacy
415(3)
Social Theories of Privacy
417(1)
Social Media Privacy and Security
417(1)
Knowledge Unit Six: Personal Data Privacy and Security
418(4)
Sensitive Personal Data
420(1)
Personal Tracking and Digital Footprint
421(1)
Knowledge Unit Seven: Usable Security and Privacy
422(3)
Usability and User Experience
422(1)
Human Security Factors
423(1)
Policy Awareness and Understanding
423(1)
Privacy Policy
424(1)
Design Guidance and Implications
424(1)
Seventy Review Questions: Human Security
425(3)
You Might Also Like to Read
428(2)
Chapter Summary
430(1)
Learning Objectives for the Human Security Knowledge Area
431(2)
Keywords
433(1)
References
434(1)
Chapter 9 Organizational Security
435(62)
Introduction Securing the Entire Enterprise
435(1)
Integrating the Elements of Cybersecurity into an Applied Solution
436(3)
The CSEC2017 Organizational Security Knowledge Units
439(1)
Knowledge Area One: Risk Management
440(6)
Risk Identification
443(1)
Risk Assessment and Analysis
443(1)
Insider Threats
444(1)
Risk Measurement and Evaluation Models and Methodologies
444(2)
Risk Control
446(1)
Knowledge Area Two: Security Governance and Policy
446(6)
Organizational Context
447(1)
Privacy
448(1)
Laws, Ethics, and Compliance
449(1)
Security Governance
450(1)
Executive- and Board-Level Communication
451(1)
Managerial Policy
452(1)
Knowledge Area Three: Analytical Tools
452(3)
Performance Measurements (Metrics)
454(1)
Data Analytics
454(1)
Security Intelligence
455(1)
Knowledge Unit Four: Systems Administration
455(8)
Operating System Administration
457(1)
Database System Administration
458(1)
Network Administration
459(1)
Cloud Administration
460(1)
Cyber-Physical System Administration
460(2)
System Hardening
462(1)
Availability
462(1)
Knowledge Area Five: Cybersecurity Planning
463(3)
Strategic Planning
464(1)
Operational and Tactical Management
465(1)
Knowledge Unit Six: Business Continuity, Disaster Recovery, and Incident Management
466(5)
Incident Response
468(1)
Disaster Recovery
468(2)
Business Continuity
470(1)
Knowledge Unit Seven: Security Program Management
471(5)
Project Management
472(1)
Resource Management
473(1)
Security Metrics
474(1)
Quality Assurance and Quality Control
475(1)
Knowledge Unit Eight: Personnel Security
476(5)
Security Awareness, Training, and Education
477(1)
Security Hiring Practices
478(1)
Security Termination Practices
479(1)
Third-Party Security
480(1)
Security in Review Processes
480(1)
Special Issue in Privacy of Employee Personal Information
481(1)
Knowledge Unit Nine: Security Operations
481(4)
Security Convergence
483(1)
Global Security Operations Centers (GSOCs)
484(1)
Forty Review Questions: Organizational Security
485(2)
You Might Also Like to Read
487(1)
Additional Web Resources
487(1)
Chapter Summary
488(5)
Learning Objectives for the Organizational Security Knowledge Area
493(2)
Keywords
495(1)
References
495(2)
Chapter 10 Societal Security
497(58)
Security and Worldwide Connectivity
497(4)
Virtual Behavior and Diversity
498(1)
Three Large-Scale Security Concerns: Why We Need Societal Security
499(2)
The CSEC2017 and the Profession
501(2)
The CSEC2017 Societal Security Knowledge Units
503(1)
Knowledge Unit One: Cybercrime
504(7)
Cybercriminal Behavior
505(3)
Cyberterrorism
508(1)
Cybercriminal Investigation
509(1)
Economics of Cybercrime
510(1)
Knowledge Unit Two: Cyber Law
511(14)
Constitutional Foundations of Cyber Law
512(3)
Intellectual Property Related to Cybersecurity
515(2)
Privacy Laws
517(1)
Data Security Law
518(1)
Computer Hacking Laws
519(1)
Digital Evidence
520(1)
Digital Contracts
521(2)
Multinational Conventions (Accords)
523(1)
Cross-Border Privacy and Data Security Laws
524(1)
Knowledge Unit Three: Cyber Ethics
525(7)
Defining Ethics
527(1)
Professional Ethics and Codes of Conduct
528(2)
Ethics and Equity/Diversity
530(1)
Ethics and Law
530(1)
Special Areas of Ethics: Robotics, War, and "Ethical" Hacking
531(1)
Knowledge Unit Four: Cyber Policy
532(7)
International Cyber Policy
534(1)
U.S. Federal Cyber Policy
535(1)
Global Impact
536(1)
Cybersecurity Policy and National Security
537(1)
National Economic Implications of Cybersecurity
538(1)
New Adjacencies to Diplomacy
538(1)
Knowledge Unit Five: Privacy
539(7)
Defining Privacy
541(1)
Privacy Rights
541(1)
Safeguarding Privacy
542(1)
Privacy Norms and Attitudes
543(1)
Privacy Breaches
544(1)
Privacy in Societies
545(1)
Fifty Review Questions: Societal Security
546(3)
You Might Also Like to Read
548(1)
Chapter Summary
549(3)
Learning Objectives for the Human Security Knowledge Area
552(1)
Keywords
553(1)
References
554(1)
Index 555
Dan Shoemaker, PhD, is full professor, senior research scientist, and Program Director at the University of Detroit Mercys Center for Cyber Security and Intelligence Studies. Dan is a former chair of the Cybersecurity & Information Systems Department and has authored numerous books and journal articles focused on cybersecurity.

Anne Kohnke, PhD, is an associate professor of cybersecurity and the principle investigator of the Center for Academic Excellence in Cyber Defence at the University of Detroit Mercy . Annes research is focused in cybersecurity, risk management, threat modeling, and mitigating attack vectors.

Ken Sigler is a faculty member of the Computer Information Systems (CIS) program at the Auburn Hills campus of Oakland Community College in Michigan. Kens research is in the areas of software management, software assurance, and cybersecurity.