Muutke küpsiste eelistusi

E-raamat: RIoT Control: Understanding and Managing Risks and the Internet of Things

5.00/5 (2 hinnangut Goodreads-ist)
(CISSP, CISA, Sunnyvale, CA, USA)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 16-Sep-2016
  • Kirjastus: Morgan Kaufmann Publishers In
  • Keel: eng
  • ISBN-13: 9780124199903
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 50,49 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
RIoT Control: Understanding and Managing Risks and the Internet of ThingsSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 16-Sep-2016
  • Kirjastus: Morgan Kaufmann Publishers In
  • Keel: eng
  • ISBN-13: 9780124199903
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

In RIOT Control, security experts from McAfee discuss how the Internet of Things (IoT) “flips the current internet with de-centralized, uncontrolled elements driving massive data from the ends into central servers and the cloud, rather than the other way around. Some estimates suggest that every human being will soon be surrounded by 1,000 to 5,000 connected objects – eventually, 100 trillion static or moving objects – which makes for a complex system, prone to unexpected behaviors. As various industry domains rush to adopt IoT technologies, they need guidance on IoT-ready security and risk management practices to ensure system availability and security.

This book explains IoT risk in terms of project requirements, business needs, and system designs that include endpoints, network connectivity, and cloud-based data centers. Understand the threats and vulnerabilities of the IoT, as well as performance metrics at the enterprise level. In recommending emerging techniques, the authors provide insight to help judge which are best according to specific risks and organizational needs under consideration. Multiple case studies span several chapters to better illustrate the business, operational, and technical risks inherent in IoT deployments.

  • Explains sources of risk across IoT architectures: endpoints, network, and cloud-based data centers
  • Includes multiple case studies threaded through several chapters covering business, operational, and technical risk issues
  • Offers insight from Intel (McAfee) insiders about emerging tools and techniques for real-world IoT systems

Muu info

Understand the challenges and system risks of a next-generation Internet of Things
Comments From Reviewers xv
Preface xxi
Chapter 1 Introduction-The Internet of Things 1(26)
You Are Never Too Young to Start Good Habits
2(1)
What Is the IoT?
2(1)
Audience
3(1)
How This Book Flows
3(2)
What Is the IoT?
5(2)
Not About Information Dissemination Paradigms
5(1)
Not About Information Sharing
5(1)
Not About Wireless Networking
5(1)
The IoT Is (Mostly) Not About Privacy
6(1)
The "Old" Internet of Data, Voice, and Video
7(1)
The Internet ++
8(2)
M2M Communication
8(1)
Connected Devices
9(1)
Smart-Everything
9(1)
Ubiquitous Computing
10(1)
Who Are the Major Players in the IoT?
10(9)
Stakeholders
10(1)
A Simplified View of the IoT Stakeholders: Grouping by Asset Class
11(1)
Endpoint Device as an Asset Class
12(2)
Gateway as an Asset Class
14(1)
Network as an Asset Class
14(2)
Data Centers and Clouds as an Asset Class
16(3)
Why Do They Care? Stakeholders From a Different Angle
19(6)
Who Has Access to Data in the IoT?
19(1)
The "What for?" Question of Data in the IoT
20(2)
The "Where" Things Happen to Data in the IoT Question
22(1)
Network Determinism in the IoT
22(1)
The "How" Question of IoT Data Management
23(2)
A Risk-Based Approach to the Security "How" Question of the IoT
25(1)
Final Word on Who/What/Where/How
25(1)
Conclusion
25(2)
Chapter 2 The Anatomy of the Internet of Things 27(30)
When Does the IoT Actually Get Here?
27(1)
IPv4 Does Not Do IoT Any Favors
27(1)
IoT Is Enabled by IPv6
28(2)
In Brief: What Is IPv6?
28(1)
What Does IPv6 Mean for IoT in General?
28(2)
The Architectural Framework of the IoT: Endpoints, Gateways, Networks, and DCs/Clouds
30(1)
Getting Below the Vision Layer
30(1)
Understanding the IoT at the System Layer
30(1)
Endpoint Asset Class in the IoT
31(3)
Endpoint Interdependency
32(1)
Sensing Versus Processing
33(1)
Gateway Asset Class in the IoT
34(1)
Not Just a Part of the Network
34(1)
Gateways as Information Processors
34(1)
Gateways as Localized Intrusion Prevention Agents
35(1)
Network Asset Class in the IoT
35(11)
OSI Reference Model
37(1)
The Many Layers of Different Networks
38(1)
Lots of Media, But Not Necessarily a Lot of Options
38(1)
IP and Reduced-Calorie IP
39(1)
Low-Cal Is Not Necessarily Better
40(1)
Above and Beyond IP
40(1)
At the Application Layer
41(1)
The Network Is the Dial Tone
41(1)
The Network You Know Versus the Network You Don't
41(1)
The Network Is a Commons
42(1)
Network Costs Are a Business Risk, Too
43(1)
The Network Tides Are Changing
43(2)
The Network Is Going White Box and Open Source
45(1)
Cloud and Data Center as an Asset Class
46(8)
Big Data and the IoT
46(1)
Define Cloud in this Day and Age: Call It a Dare
47(1)
Private and Dedicated: Before the Cloud
48(1)
Clouds
49(1)
Apparently Simple. Not
49(2)
Architectural and Business Models of the Cloud
51(1)
Technically Distributed Clouds
51(1)
Commercially Distributed DCs and Cloud Brokers
52(1)
Aggregating Brokers and the IoT
53(1)
Arbitrage Brokers
53(1)
One More Important Thing About Clouds and DCs in the IoT
54(1)
Conclusions
54(3)
Chapter 3 Requirements and Risk Management 57(24)
A Parable for Requirements and Risk Management
57(2)
Introduction
59(1)
Audience
59(1)
Framing the Discussion
59(1)
What Are Security Requirements?
60(2)
Translation, Please! Organizational and Business Process Requirements in Plain(er) Language
62(1)
Business/Organization Requirements
62(1)
Business Process/Operational Requirements
62(1)
Requirement Matrix
63(1)
Really-Who Wants to Know All This Requirements Stuff?!
63(2)
Risk, Requirements, and Deliverables
65(1)
Technical Requirements: This Is Where We Draw the Line
66(1)
Applications and Services Composing the IoT
67(1)
Operational Efficiency (as Ying)
67(1)
User Satisfaction (as Yang)
68(1)
Industry Use Cases, Efficiencies, and Satisfaction
68(10)
Transportation Industry
69(1)
Health Care
69(1)
Government
70(1)
Public Safety and Military
71(1)
Retail and Hospitality
71(1)
Food and Fanning Infrastructure
72(1)
Manufacturing and Heavy Industry
73(1)
Entertainment and Sports
74(1)
Energy: Utilities and the Smart Grid
75(1)
Finance and Banking
76(1)
Education
77(1)
Information and Communications Technology
77(1)
Summary
78(3)
Chapter 4 Business and Organizational Requirements 81(24)
Parable for Business and Organizational Requirements
81(2)
Introduction
83(1)
Audience
83(1)
Business and Organizational Requirements in the IoT
83(1)
Organizational Requirements Restated
84(1)
Regulatory and Legal Requirements
84(3)
Pay Now, Pay Later: Compliance Is Not an Option
85(1)
Hybrid Regulation: Laws and Industrial Standards in the Regulatory Environment of the IoT
85(1)
IoT Regulatory Examples and Hybridism
85(2)
Proving Compliance: The $64,000 Question
87(1)
Financial Requirements
87(2)
Do You Know What You Don't Know?
88(1)
Competitive Requirements
89(2)
Differentiation in the Face of Commoditization
89(1)
Moving From Vertical Markets to Ecosystems
90(1)
Internal Policy Requirements
91(2)
Auditing and Standards in the IoT
93(10)
Standards Have Flavors
94(1)
Defining Audit Scope in the IoT
94(1)
Short-Term Pain, Long-Term Gain: Third-Party Audit Versus Self-Assessment
95(1)
Witches Brew: Standards and the Art of the Audit Scopes
96(1)
Standards Bodies Impacts on the IoT
97(1)
Standards Bodies Born of Government
97(1)
Standards Bodies Born of Industry Groups and Associations
98(1)
IoT Standards in 2016
99(2)
What to Expect From Security Standards in the IoT
101(1)
Terminology From IoT Security Standards
101(1)
Reference Models, Reference Architectures, and the IoT
102(1)
Use Cases in the IoT
102(1)
Put It All Together: Standards Aid Risk Management in the IoT
103(1)
Summary
103(2)
Chapter 5 Operational and Process Requirements 105(8)
Parable for Operational and Process Requirements
105(2)
Introduction
107(1)
Audience
107(2)
The Device Trackers
108(1)
Data Insight [ Seekers]
108(1)
Device [ Custodians]-Longevity Specialists
108(1)
Real-Time Data Analyzer
109(1)
Security Fanatics
109(1)
Operational and Process Requirements in the IoT
109(1)
Organizational Risks and Requirements
110(1)
The Remaining
Chapters in This Book
110(3)
Chapter 6 Safety Requirements in the Internet of Things 113(12)
Safety Is Not Exactly the Same as Security
114(1)
Performance
114(1)
Reliability and Consistency
115(1)
Nontoxic and Biocompatible
116(1)
Disposability
116(1)
Safety and Change Management in the IoT
117(1)
Divisibility of Safety and Service Delivery Updates and Longevity
118(1)
Startup and Shutdown Efficiency (Minimization of Complexity)
118(1)
Failing Safely
119(1)
Isolation of Safety and Control From Service Delivery
120(1)
Safety Monitoring Versus Management and Service Delivery
121(1)
Recovery and Provisioning at the Edge
121(1)
Misuse and Unintended Applications
122(1)
Summary and Conclusions
123(2)
Chapter 7 Confidentiality and Integrity and Privacy Requirements in the IoT 125(16)
Data Confidentiality and Integrity
125(11)
Cryptographic Stability
126(1)
Aging Out: Confidentiality That Lasts the Test of Time
126(1)
Untampered Data-Prove the Integrity of the Data and Authenticity
127(1)
Prove Deletion and Decommissioning
127(1)
Chain of Trust
128(1)
Attestation of Capability and Functionality
128(1)
Trusted Routing of Data
129(1)
Erasure Code and Data Gravity
130(1)
Cold Storage Protocols
130(1)
Integrated Reporting: Endpoint, Gateway, Network, Clouds, and DCs
131(1)
Knowing Versus Learning in Provisioning
131(1)
Horizontal Logging: Across the Life Cycle
132(2)
Device Feedback: "Is the Damn Thing On or Off?"
134(2)
Privacy and Personal Data Regulations
136(2)
Regulatory and Statutory Privacy
136(1)
Nonintrinsic Privacy
136(1)
Illustration: Privacy and Smart Home Automation
137(1)
Conclusions and Summary
138(3)
Chapter 8 Availability and Reliability Requirements in the IoT 141(16)
Availability and Reliability
141(1)
Simplicity Versus Complexity
142(1)
Network Performance and SLAB
142(1)
Access to IoT Design and Documentation
143(1)
Application and System Design
143(1)
User Interface Design Documentation
144(1)
Reporting and System Documentation
144(1)
Self-Healing and Self-Organizing
144(1)
Remote Diagnostics and Management
145(2)
Resource Consumption and Energy Management
147(1)
Energy Consumption Adjustment and Management
148(1)
Wills
148(1)
Flow Classification and QoS
149(2)
Flow Control and QoS Is the Network
150(1)
Flow Control and QoS in the Endpoint or Gateway
150(1)
Interchangeability and Vendor-Neutral Standards
151(1)
Lifetimes, Upgrading, Patching, and Disposal
152(1)
Heartbeats, Census, and Inventory
153(1)
Documentation and Training
153(1)
The Discovery-Exploit Window and Cyber-Intelligence
154(1)
Summary
155(2)
Chapter 9 Identity and Access Control Requirements in the IoT 157(20)
Interoperability of I&A Controls
158(1)
Multiparty Authentication and Cryptography in the IoT
158(5)
Weak or Expensive: The Old Cryptosystem and Techniques Don't Scale to the IoT
159(1)
Multiparty Authentication and Data Protection
160(3)
Mass Authentication and Authorization
163(1)
Autonomics (Self-Configuring, Intelligent Adaptions)
164(1)
Device and Object Naming
164(2)
Discovery and Search in the IoT
166(1)
Authentication and Credentials Requirements
166(2)
Anonymity and Authentication of IoT Devices
167(1)
Tamper-Proof, Hardware-Based Authentication
168(1)
Authorization Requirements in the IoT
168(1)
Attribute-Based Access Control (ABAC)
169(2)
ABAC Overview
170(1)
Writing Versus Reading in the IoT
171(1)
Concurrency Privileges Become Uncommon in the IoT World
172(1)
Uniquely Addressable
173(1)
Bootstrapping Identity
173(1)
Interoperability and New Forms of Identity Lookup
174(1)
Ownership Transfer
175(1)
Summary
176(1)
Chapter 10 Usage Context and Environmental Requirements in the IoT 177(20)
Introduction
178(1)
Threat Intelligence
178(4)
Sources of Threat Intelligence
179(1)
Consuming Threat Intelligence
180(1)
Where to Apply Threat Intelligence in the IoT
180(1)
How Might You Use Threat Intelligence?
180(2)
Access to and Awareness of Date and Time
182(1)
Timeliness
182(1)
Time Stamping
182(1)
Presence of People (Living Beings) as Context
183(1)
Device Type as Context
184(1)
Context Versus State of IoT Application
184(1)
Location, Location, Location
185(4)
Context as a Combination of Location Inputs
186(1)
Geolocation and Electronic Tracking Policy Requirements
187(2)
Mapping IoT Service Requirements to Location and Tracking Technologies
189(1)
Location Finding
189(3)
Received Signal Strength (RSS)
190(1)
Proximity (i.e., RFID)
190(1)
Time of Arrival (TOA)
190(1)
Time Difference of Arrival (TDOA)
191(1)
Signals of Opportunity
191(1)
Acoustic Sensor
191(1)
Imaging
191(1)
Motion Tracking
192(1)
Automated Accessibility and Usage Conditions
193(2)
Summary
195(2)
Chapter 11 Interoperability, Flexibility, and Industrial Design Requirements in the IoT 197(24)
Interoperability of Components
197(1)
About Industrial Design
198(1)
Self-Defining Components and Architecture
198(1)
Device Adaptation
199(1)
Inclusivity of Things
200(1)
Scalability
201(2)
Next Generation Wireless Network Requirements Standardized Interfaces
203(1)
Limit or Minimize Black-Box Components
204(1)
Legacy Device Support
205(1)
Understanding When Good Is Good Enough
206(1)
Network Flow Reversal and Data Volumes
207(2)
IP Address Translation: IPv4 and IPv6
208(1)
What Are the New Network Requirements? What Is Changing?
209(1)
The IoT Network Security Perimeter: Hard on the Outside
210(1)
Control the "Net Within the 'Net'": Network Segmentation
211(1)
User Preferences
212(1)
Virtualization: Both Network and Application
213(3)
Network Function Virtualization and the White Box
213(1)
Why NFV?
213(2)
Software-Defined Networking and Network Function Virtualization
215(1)
How Do NFV and SDN Contribute to the Assurance of the IoT?
215(1)
The Other Side of the NFV-and-SDN Coin
216(1)
Transportability of Subscriptions and Service: Supporting Competitive Service Provision
216(2)
Diversity and Utility of Application Interfaces
218(1)
Summary
219(2)
Chapter 12 Threats and Impacts to the IoT 221(58)
Threats to the IoT
221(3)
Understanding Threat in the IoT
221(1)
Threat Skills in the IoT
222(1)
Threat Motivation
222(1)
Threat Resources
223(1)
Access
224(1)
Threat Agents
224(4)
New Threat Agents in the IoT
228(4)
Chaotic Actors and Vigilantes
229(1)
Regulators
230(2)
Business (Organizational) Threats
232(16)
Regulatory and Legal Threats
232(5)
Financial
237(5)
Competitive
242(4)
Internal Policy
246(2)
Operational and Process Threats in the IoT
248(29)
Safety Threats
249(4)
Confidentiality and Integrity Threats
253(6)
Availability and Resiliency Threats
259(3)
Identity and Access Threats
262(6)
Usage Environment and Context Threats
268(3)
Interoperability and Flexibility Threats
271(6)
Conclusion
277(2)
Chapter 13 RIoT Control 279(90)
Managing Business and Organizational Risk in the IoT
280(15)
The IoT Design Process
280(4)
Regulatory Vulnerabilities and Risks
284(8)
Health and Safety Regulation Risk
292(1)
Reidentification Vulnerabilities and Risk Management
292(1)
Lawful Access in the IoT
293(1)
Labeling and Fair Warning in the IoT
294(1)
Financial Vulnerabilities and Risks
295(4)
IoT Stored-Value Risks
295(4)
Liability and Insurance Risks
299(1)
Competitive and Market Risks
299(6)
User Acceptability
299(1)
Race to the Bottom
300(1)
Supply Chain Risks
300(1)
Privacy Arbitrage: Varying Costs to Maintain Privacy Compliance
301(1)
Insufficient Skills
301(3)
Increased User Support Costs
304(1)
Internal Policy
305(2)
Operational and Process Risk in the IoT
307(6)
Safety
307(2)
Panic Buttons
309(1)
Network Segmentation and Safety
310(3)
Confidentiality and Integrity
313(19)
To Encrypt or Not Encrypt?
314(1)
Delegation of Functions: Detection Versus Prevention
314(1)
Multiparty Authentication and Cryptography in the IoT
314(1)
Weak or Expensive: The Old Cryptosystem and Techniques Don't Scale to the IoT
315(2)
Multiparty Authentication and Data Protection
317(1)
Multiparty Horizontal Authentication and Data Protection
318(1)
Multiparty Cascading Authentication and Data Protection
318(1)
Hardware-Based Versus Software-Based Processing
318(3)
Microsegmentation
321(1)
White Networking
322(2)
Network Function Virtualization and Root of Trust
324(6)
Counterfeit Goods Prevention in the IoT
330(1)
Data Quality Risks
331(1)
Availability and Reliability
332(4)
Public Cloud Services for IoT
333(1)
Voice Communications Vulnerabilities and Risk in the IoT
334(1)
Smart Gateways for the IoT
335(1)
Identity and Access Controls
336(7)
Reidentification and Reidentification Risk
337(2)
Attribute-Based Access Control and Encryption
339(2)
Granular Identification and Authentication and Scaling Risks
341(1)
Data Provenance
342(1)
Usage Context and Operating Environment
343(5)
Location, Location, Location
343(1)
Reputation, Reputation, Reputation (Threat Intelligence)
344(4)
Interoperability and Flexibility
348(14)
5G, Complexity, and Conventional IT
348(3)
Brittle and Unpatchable Systems
351(1)
Fractal Security
352(1)
Unmanaged Interdependency Risks
353(6)
Risk Modeling
359(1)
Aging Out: Security That Lasts the Test of Time
360(1)
Software-Defined Networking and Network Function Virtualization
360(2)
Skills and IoT Risk Management
362(6)
Communications Infrastructure Engineering Scope of Practice
363(5)
Summary
368(1)
Index 369
Tyson Macaulay is a Chief Technology Officer and Chief Security Strategist with over 20 years in the security industry and experience at firms such as Fortinet, Intel and Bell Canada. Tyson is also a researcher with lectureship, books, periodical publications and patents dating from 1993. Tyson supports the development of engineering and security standards through the International Standards Organization (ISO), and Professional Engineers of Ontario. Specialties: Telecom-grade security design, Enterprise Risk Management, Technical Risk Management, Security Architecture, Security Methodology, Security Audit and Compliance, Security program development and Governance, International Standards development, Internet of Things (IoT), International Security Standards.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801241999036e.html
Märksõnad: