Data encryption Books

Book SynopsisTribal Knowledge from the Best in Cybersecurity Leadership The Tribe of Hackers series continues, sharing what CISSPs, CISOs, and other security leaders need to know to build solid cybersecurity teams and keep organizations secure. Dozens of experts and influential security specialists reveal their best strategies for building, leading, and managing information security within organizations. Tribe of Hackers Security Leaders follows the same bestselling format as the original Tribe of Hackers, but with a detailed focus on how information security leaders impact organizational security. Information security is becoming more important and more valuable all the time. Security breaches can be costly, even shutting businessesand governments down, so security leadership is a high-stakes game. Leading teams of hackers is not always easy, but the future of your organization may depend on it. In this book, the world's top security experts answer the Table of ContentsAcknowledgments vii Introduction viii 01 Marcus J. Carey 1 02 Ian Anderson 6 03 James Arlen 14 04 Mark Arnold 25 05 Andrew Bagrin 31 06 Zate Berg 36 07 Tash Bettridge 46 08 Philip Beyer 50 09 Kyle Bubp 58 10 Joanna Burkey 64 11 Bill Burns 70 12 Lesley Carhart 78 13 Christopher Caruso 83 14 Mike Chapple 91 15 Steve Christey Coley 98 16 Jim Christy 102 17 Chris Cochran 110 18 Edward Contreras 114 19 Dan Cornell 117 20 Mary Ann Davidson 124 21 Kimber Dowsett 132 22 David Evenden 136 23 Martin Fisher 141 24 Chris Hadnagy 147 25 Andrew Hay 153 26 Mark Hillick 157 27 Terence Jackson 165 28 Tanya Janca 168 29 David Kennedy 174 30 Joe Krull 180 31 Robert M. Lee 188 32 Rafal Los 194 33 Tracy Z. Maleeff 199 34 Jeffrey Man 202 35 Angela Marafino 209 36 James Medlock 212 37 Kent Nabors 221 38 Charles Nwatu 228 39 Greg Ose 232 40 Edward Prevost 239 41 Ray [REDACTED] 244 42 Stephen A. Ridley 249 43 David Rook 255 44 Marina Segal 259 45 Khalil Sehnaoui 262 46 Jackie Singh 267 47 Dan Tentler 271 48 Eugene Teo 274 49 Dominique West 279 50 Jake Williams 283 51 Wirefall 288 Appendix: Recommended Reading 293

Read more less

Book SynopsisYou will be breachedthe only question is whether you'll be ready A cyber breach could cost your organization millions of dollarsin 2019, the average cost of a cyber breach for companies was $3.9M, a figure that is increasing 20-30% annually. But effective planning can lessen the impact and duration of an inevitable cyberattack. Cyber Breach Response That Actually Works provides a business-focused methodology that will allow you to address the aftermath of a cyber breach and reduce its impact to your enterprise. This book goes beyond step-by-step instructions for technical staff, focusing on big-picture planning and strategy that makes the most business impact. Inside, you'll learn what drives cyber incident response and how to build effective incident response capabilities. Expert author Andrew Gorecki delivers a vendor-agnostic approach based on his experience with Fortune 500 organizations. Understand the evolving threat landscape and learn how to address tactical and strategic challenges to build a comprehensive and cohesive cyber breach response programDiscover how incident response fits within your overall information security program, including a look at risk managementBuild a capable incident response team and create an actionable incident response plan to prepare for cyberattacks and minimize their impact to your organizationEffectively investigate small and large-scale incidents and recover faster by leveraging proven industry practicesNavigate legal issues impacting incident response, including laws and regulations, criminal cases and civil litigation, and types of evidence and their admissibility in court In addition to its valuable breadth of discussion on incident response from a business strategy perspective, Cyber Breach Response That Actually Works offers information on key technology considerations to aid you in building an effective capability and accelerating investigations to ensure your organization can continue business operations during significant cyber events.Table of ContentsForeword xxiii Introduction xxv Chapter 1 Understanding the Bigger Picture 1 Evolving Threat Landscape 2 Identifying Threat Actors 2 Cyberattack Lifecycle 4 Cyberattack Preparation Framework 5 Cyberattack Execution Framework 6 Defining Cyber Breach Response 8 Events, Alerts, Observations, Incidents, and Breaches 9 Events 9 Alerts 9 Observations 10 Incidents 10 Breaches 11 What is Cyber Breach Response? 12 Identifying Drivers for Cyber Breach Response 13 Risk Management 13 Conducting Risk Management 13 Risk Assessment Process 14 Managing Residual Risk 17 Cyber Threat Intelligence 18 What is Cyber Threat Intelligence? 18 Importance of Cyber Threat Intelligence 19 Laws and Regulations 20 Compliance Considerations 20 Compliance Requirements for Cyber Breach Response 21 Changing Business Objectives 22 Incorporating Cyber Breach Response into a Cybersecurity Program 23 Strategic Planning 23 Designing a Program 24 Implementing Program Components 25 Program Operations 26 Continual Improvement 27 Strategy Development 27 Strategic Assessment 28 Gap Analysis 28 Maturity Assessment 30 Strategy Definition 32 Vision and Mission Statement 32 Goals and Objectives 33 Establishing Requirements 33 Defining a Target Operating Model 35 Developing a Business Case and Executive Alignment 35 Strategy Execution 37 Enacting an Incident Response Policy 37 Assigning an Incident Response Team 38 Creating an Incident Response Plan 38 Documenting Legal Requirements 38 Roadmap Development 39 Governance 40 Establishing Policies 40 Enterprise Security Policy 41 Issue-Specific Policies 41 Identifying Key Stakeholders 42 Executive Leadership 42 Project Steering Committee 42 Chief Information Security Officer 43 Stakeholders with Interest in Cyber Breach Response 43 Business Alignment 44 Continual Improvement 44 Necessity to Determine if the Program is Effective 45 Changing Threat Landscape 45 Changing Business Objectives 45 Summary 46 Notes 47 Chapter 2 Building a Cybersecurity Incident Response Team 51 Defining a CSIRT 51 CSIRT History 52 The Role of a CSIRT in the Enterprise 52 Defining Incident Response Competencies and Functions 55 Proactive Functions 55 Developing and Maintaining Procedures 56 Conducting Incident Response Exercises 56 Assisting with Vulnerability Identification 57 Deploying, Developing, and Tuning Tools 58 Implementing Lessons Learned 59 Reactive Functions 59 Digital Forensics and Incident Response 59 Cyber Threat Intelligence 60 Malware Analysis 60 Incident Management 61 Creating an Incident Response Team 61 Creating an Incident Response Mission Statement 62 Choosing a Team Model 62 Centralized Team Model 63 Distributed Team Model 64 Hybrid Team Model 65 An Integrated Team 66 Organizing an Incident Response Team 66 Tiered Model 66 Competency Model 68 Hiring and Training Personnel 69 Technical Skills 69 Soft Skills 71 Pros and Cons of Security Certifications 72 Conducting Effective Interviews 73 Retaining Incident Response Talent 74 Establishing Authority 75 Full Authority 75 Shared Authority 76 Indirect Authority 76 No Authority 76 Introducing an Incident Response Team to the Enterprise 77 Enacting a CSIRT 78 Defining a Coordination Model 78 Communication Flow 80 Incident Officer 80 Incident Manager 81 Assigning Roles and Responsibilities 82 Business Functions 82 Human Resources 82 Corporate Communications 83 Corporate Security 83 Finance 84 Other Business Functions 85 Legal and Compliance 85 Legal Counsel 85 Compliance Functions 86 Information Technology Functions 87 Technical Groups 87 Disaster Recovery 88 Outsourcing Partners and Vendors 89 Senior Management 89 Working with Outsourcing Partners 90 Outsourcing Considerations 91 Proven Track Record of Success 91 Offered Services and Capabilities 91 Global Support 92 Skills and Experience 92 Outsourcing Costs and Pricing Models 92 Establishing Successful Relationships with Vendors 93 Summary 94 Notes 95 Chapter 3 Technology Considerations in Cyber Breach Investigations 97 Sourcing Technology 98 Comparing Commercial vs. Open Source Tools 98 Commercial Tools 98 Open Source Software 98 Other Considerations 99 Developing In-House Software Tools 100 Procuring Hardware 101 Acquiring Forensic Data 102 Forensic Acquisition 102 Order of Volatility 103 Disk Imaging 103 System Memory Acquisition 105 Tool Considerations 106 Forensic Acquisition Use Cases 107 Live Response 108 Live Response Considerations 109 Live Response Tools 109 Live Response Use Cases 112 Incident Response Investigations in Virtualized Environments 113 Traditional Virtualization 115 Cloud Computing 115 Forensic Acquisition 115 Log Management in Cloud Computing Environments 117 Leveraging Network Data in Investigations 118 Firewall Logs and Network Flows 118 Proxy Servers and Web Gateways 120 Full-Packet Capture 120 Identifying Forensic Evidence in Enterprise Technology Services 123 Domain Name System 123 Dynamic Host Confi guration Protocol 125 Web Servers 125 Databases 126 Security Tools 127 Intrusion Detection and Prevention Systems 127 Web Application Firewalls 127 Data Loss Prevention Systems 128 Antivirus Software 128 Endpoint Detection and Response 129 Honeypots and Honeynets 129 Log Management 130 What is Logging? 130 What is Log Management? 132 Log Management Lifecycle 133 Collection and Storage 134 Agent-Based vs. Agentless Collection 134 Log Management Architectures 135 Managing Logs with a SIEM 137 What is SIEM? 138 SIEM Considerations 139 Summary 140 Notes 141 Chapter 4 Crafting an Incident Response Plan 143 Incident Response Lifecycle 143 Preparing for an Incident 144 Detecting and Analyzing Incidents 145 Detection and Triage 146 Analyzing Incidents 146 Containment, Eradication, and Recovery 147 Containing a Breach 147 Eradicating a Threat Actor 148 Recovering Business Operations 149 Post-Incident Activities 149 Understanding Incident Management 150 Identifying Process Components 151 Defining a Process 151 Process Controls 153 Process Enablers 155 Process Interfaces 155 Roles and Responsibilities 158 Service Levels 159 Incident Management Workfl ow 160 Sources of Incident Notifi cations 160 Incident Classifi cation and Documentation 162 Incident Categorization 163 Severity Assignment 163 Capturing Incident Information 167 Incident Escalations 169 Hierarchical Escalations 169 Functional Escalation 169 Creating and Managing Tasks 169 Major Incidents 170 Incident Closure 171 Crafting an Incident Response Playbook 171 Playbook Overview 171 Identifying Workfl ow Components 173 Detection 173 Analysis 174 Containment and Eradication 176 Recovery 176 Other Workflow Components 177 Post-Incident Evaluation 177 Vulnerability Management 177 Purpose and Objectives 178 Vulnerability Management Lifecycle 178 Integrating Vulnerability Management and Risk Management 180 Lessons Learned 180 Lessons-Learned Process Components 181 Conducting a Lessons-Learned Meeting 183 Continual Improvement 184 Continual Improvement Principles 184 The Deming Cycle 184 DIKW Hierarchy 185 The Seven-Step Improvement Process 187 Step 1: Define a Vision for Improvement 188 Step 2: Define Metrics 188 Step 3: Collect Data 189 Step 4: Process Data 190 Step 5: Analyze Information 191 Step 6: Assess Findings and Create Plan 191 Step 7: Implement the plan 192 Summary 192 Notes 193 Chapter 5 Investigating and Remediating Cyber Breaches 195 Investigating Incidents 196 Determine Objectives 197 Acquire and Preserve Data 198 Perform Analysis 200 Contain and Eradicate 202 Conducting Analysis 202 Digital Forensics 203 Digital Forensics Disciplines 203 Timeline Analysis 205 Other Considerations in Digital Forensics 206 Cyber Threat Intelligence 207 Cyber Threat Intelligence Lifecycle 208 Identifying Attacker Activity with Cyber Threat Intelligence 209 Categorizing Indicators 212 Malware Analysis 214 Classifying Malware 214 Static Analysis 216 Dynamic Analysis 217 Malware Analysis and Cyber Threat Intelligence 217 Threat Hunting 218 Prerequisites to Threat Hunting 218 Threat Hunting Lifecycle 219 Reporting 221 Evidence Types 223 System Artifacts 223 Persistent Artifacts 223 Volatile Artifacts 225 Network Artifacts 226 Security Alerts 227 Remediating Incidents 228 Remediation Process 229 Establishing a Remediation Team 230 Remediation Lead 231 Remediation Owner 232 Remediation Planning 233 Business Considerations 233 Technology Considerations 234 Logistics 235 Assessing Readiness 235 Consequences of Alerting the Attacker 236 Developing an Execution Plan 237 Containment and Eradication 238 Containment 238 Eradication 239 Monitoring for Attacker Activity 240 Summary 241 Notes 242 Chapter 6 Legal and Regulatory Considerations in Cyber Breach Response 243 Understanding Breaches from a Legal Perspective 244 Laws, Regulations, and Standards 244 United States 245 European Union 246 Standards 246 Materiality in Financial Disclosure 247 Cyber Attribution 248 Motive, Opportunity, Means 248 Attributing a Cyber Attack 249 Engaging Law Enforcement 251 Cyber Insurance 252 Collecting Digital Evidence 252 What is Digital Evidence? 253 Digital Evidence Lifecycle 253 Information Governance 254 Identification 254 Preservation 255 Collection 255 Processing 255 Reviewing 256 Analysis 256 Production 257 Presentation 258 Admissibility of Digital Evidence 258 Federal Rules of Evidence 258 Types of Evidence 260 Direct Evidence 260 Circumstantial Evidence 260 Admission of Digital Evidence in Court 261 Evidence Rules 261 Hearsay Rule 261 Business Records Exemption Rule 262 Best Evidence 262 Working with Legal Counsel 263 Attorney-Client Privilege 263 Attorney Work-Product 264 Non-testifying Expert Privilege 264 Litigation Hold 265 Establishing a Chain of Custody 265 What is a Chain of Custody? 266 Establishing a Defensible Protocol 266 Traditional Forensic Acquisition 267 Live Response and Logical Acquisition 268 Documenting a Defensible Protocol 269 Documentation 269 Accuracy 270 Auditability and Reproducibility 270 Collection Methods 270 Data Privacy and Cyber Breach Investigations 271 What is Data Privacy? 271 Handling Personal Data During Investigations 272 Enacting a Policy to Support Investigations 272 Cyber Breach Investigations and GDPR 273 Data Processing and Cyber Breach Investigations 274 Establishing a Lawful Basis for the Processing of Personal Data 275 Territorial Transfer of Personal Data 276 Summary 277 Notes 278 Index 281

Read more less

Book SynopsisLearn to analyze and measure risk by exploring the nature of trust and its application to cybersecurityTrust in Computer Systemsand the Clouddelivers an insightful and practical new take on what it means to trust in the context of computer and network security and the impact on the emerging field of Confidential Computing. Author MikeBursell'sexperience, ranging from Chief Security Architect at Red Hat to CEO at a Confidential Computing start-up grounds the reader in fundamental concepts of trust and related ideas before discussing the more sophisticated applications of these concepts to various areas in computing. The bookdemonstratesin the importance of understanding and quantifying risk and draws on the social and computer sciences to explain hardware and software security, complex systems, and open source communities. It takes a detailed look at the impact of Confidential Computing on security, trust and risk and also describes the emerging concept of trust domains, which provide an alternative to standard layered security. Foundational definitions of trust from sociology and other social sciences, how they evolved, and what modern concepts of trust mean to computer professionalsA comprehensive examination of the importance of systems, from open-source communities to HSMs, TPMs, and Confidential Computing with TEEs.A thorough exploration of trust domains, includingexplorationsof communities of practice, the centralization of control and policies, and monitoring Perfect for security architects at the CISSP level or higher,Trust in Computer Systemsand the Cloudis also an indispensable addition to the libraries of system architects, security system engineers, and master's students in software architecture and security.Table of ContentsIntroduction xv Chapter 1 Why Trust? 1 Analysing Our Trust Statements 4 What Is Trust? 5 What Is Agency? 8 Trust and Security 10 Trust as a Way for Humans to Manage Risk 13 Risk, Trust, and Computing 15 Defining Trust in Systems 15 Defining Correctness in System Behaviour 17 Chapter 2 Humans and Trust 19 The Role of Monitoring and Reporting in Creating Trust 21 Game Theory 24 The Prisoner’s Dilemma 24 Reputation and Generalised Trust 27 Institutional Trust 28 Theories of Institutional Trust 29 Who Is Actually Being Trusted? 31 Trust Based on Authority 33 Trusting Individuals 37 Trusting Ourselves 37 Trusting Others 41 Trust, But Verify 43 Attacks from Within 43 The Dangers of Anthropomorphism 45 Identifying the Real Trustee 47 Chapter 3 Trust Operations and Alternatives 53 Trust Actors, Operations, and Components 53 Reputation, Transitive Trust, and Distributed Trust 59 Agency and Intentionality 62 Alternatives to Trust 65 Legal Contracts 65 Enforcement 66 Verification 67 Assurance and Accountability 67 Trust of Non-Human or Non-Adult Actors 68 Expressions of Trust 69 Relating Trust and Security 75 Misplaced Trust 75 Chapter 4 Defining Trust in Computing 79 A Survey of Trust Definitions in Computer Systems 79 Other Definitions of Trust within Computing 84 Applying Socio-Philosophical Definitions of Trust to Systems 86 Mathematics and Trust 87 Mathematics and Cryptography 87 Mathematics and Formal Verification 89 Chapter 5 The Importance of Systems 93 System Design 93 The Network Stack 94 Linux Layers 96 Virtualisation and Containers: Cloud Stacks 97 Other Axes of System Design 99 “Trusted” Systems 99 Trust Within the Network Stack 101 Trust in Linux Layers 102 Trust in Cloud Stacks 103 Hardware Root of Trust 106 Cryptographic Hash Functions 110 Measured Boot and Trusted Boot 112 Certificate Authorities 114 Internet Certificate Authorities 115 Local Certificate Authorities 116 Root Certificates as Trust Pivots 119 The Temptations of “Zero Trust” 122 The Importance of Systems 125 Isolation 125 Contexts 127 Worked Example: Purchasing Whisky 128 Actors, Organisations, and Systems 129 Stepping Through the Transaction 130 Attacks and Vulnerabilities 134 Trust Relationships and Agency 136 Agency 136 Trust Relationships 137 The Importance of Being Explicit 145 Explicit Actions 145 Explicit Actors 149 Chapter 6 Blockchain and Trust 151 Bitcoin and Other Blockchains 151 Permissioned Blockchains 152 Trust without Blockchains 153 Blockchain Promoting Trust 154 Permissionless Blockchains and Cryptocurrencies 156 Chapter 7 The Importance of Time 161 Decay of Trust 161 Decay of Trust and Lifecycle 163 Software Lifecycle 168 Trust Anchors, Trust Pivots, and the Supply Chain 169 Types of Trust Anchors 170 Monitoring and Time 171 Attestation 173 The Problem of Measurement 174 The Problem of Run Time 176 Trusted Computing Base 177 Component Choice and Trust 178 Reputation Systems and Trust 181 Chapter 8 Systems and Trust 185 System Components 185 Explicit Behaviour 188 Defining Explicit Trust 189 Dangers of Automated Trust Relationships 192 Time and Systems 194 Defining System Boundaries 198 Trust and a Complex System 199 Isolation and Virtualisation 202 The Stack and Time 205 Beyond Virtual Machines 205 Hardware-Based Type 3 Isolation 207 Chapter 9 Open Source and Trust 211 Distributed Trust 211 How Open Source Relates to Trust 214 Community and Projects 215 Projects and the Personal 217 Open Source Process 219 Trusting the Project 220 Trusting the Software 222 Contents xiii xiv Contents Supply Chain and Products 226 Open Source and Security 229 Chapter 10 Trust, the Cloud, and the Edge 233 Deployment Model Differences 235 What Host Systems Offer 237 What Tenants Need 237 Mutually Adversarial Computing 240 Mitigations and Their Efficacy 243 Commercial Mitigations 243 Architectural Mitigations 244 Technical Mitigations 246 Chapter 11 Hardware, Trust, and Confidential Computing 247 Properties of Hardware and Trust 248 Isolation 248 Roots of Trust 249 Physical Compromise 253 Confidential Computing 256 TEE TCBs in detail 261 Trust Relationships and TEEs 266 How Execution Can Go Wrong—and Mitigations 269 Minimum Numbers of Trustees 276 Explicit Trust Models for TEE Deployments 278 Chapter 12 Trust Domains 281 The Composition of Trust Domains 284 Trust Domains in a Bank 284 Trust Domains in a Distributed Architecture 288 Trust Domain Primitives and Boundaries 292 Trust Domain Primitives 292 Trust Domains and Policy 293 Other Trust Domain Primitives 296 Boundaries 297 Centralisation of Control and Policies 298 Chapter 13 A World of Explicit Trust 301 Tools for Trust 301 The Role of the Architect 303 Architecting the System 304 The Architect and the Trustee 305 Coda 307 References 309 Index 321

Read more less

Book SynopsisGAME THEORY AND MACHINE LEARNING FOR CYBER SECURITY Move beyond the foundations of machine learning and game theory in cyber security to the latest research in this cutting-edge field In Game Theory and Machine Learning for Cyber Security, a team of expert security researchers delivers a collection of central research contributions from both machine learning and game theory applicable to cybersecurity. The distinguished editors have included resources that address open research questions in game theory and machine learning applied to cyber security systems and examine the strengths and limitations of current game theoretic models for cyber security. Readers will explore the vulnerabilities of traditional machine learning algorithms and how they can be mitigated in an adversarial machine learning approach. The book offers a comprehensive suite of solutions to a broad range of technical issues in applying game theory and machine learning to solve cyber security challenges. Beginning with an introduction to foundational concepts in game theory, machine learning, cyber security, and cyber deception, the editors provide readers with resources that discuss the latest in hypergames, behavioral game theory, adversarial machine learning, generative adversarial networks, and multi-agent reinforcement learning. Readers will also enjoy: A thorough introduction to game theory for cyber deception, including scalable algorithms for identifying stealthy attackers in a game theoretic framework, honeypot allocation over attack graphs, and behavioral games for cyber deceptionAn exploration of game theory for cyber security, including actionable game-theoretic adversarial intervention detection against advanced persistent threatsPractical discussions of adversarial machine learning for cyber security, including adversarial machine learning in 5G security and machine learning-driven fault injection in cyber-physical systemsIn-depth examinations of generative models for cyber security Perfect for researchers, students, and experts in the fields of computer science and engineering, Game Theory and Machine Learning for Cyber Security is also an indispensable resource for industry professionals, military personnel, researchers, faculty, and students with an interest in cyber security.Table of ContentsEditor biographies Contributors Foreword Preface Chapter 1: Introduction Christopher D. Kiekintveld, Charles A. Kamhoua, Fei Fang, Quanyan Zhu Part 1: Game Theory for Cyber Deception Chapter 2: Introduction to Game Theory Fei Fang, Shutian Liu, Anjon Basak, Quanyan Zhu, Christopher Kiekintveld, Charles A. Kamhoua Chapter 3: Scalable Algorithms for Identifying Stealthy Attackers in a Game Theoretic Framework Using Deception Anjon Basak, Charles Kamhoua, Sridhar Venkatesan, Marcus Gutierrez, Ahmed H. Anwar, Christopher Kiekintveld Chapter 4: Honeypot Allocation Game over Attack Graphs for Cyber Deception Ahmed H. Anwar, Charles Kamhoua, Nandi Leslie, Christopher Kiekintveld Chapter 5: Evaluating Adaptive Deception Strategies for Cyber Defense with Human Experimentation Palvi Aggarwal, Marcus Gutierrez, Christopher Kiekintveld, Branislav Bosansky, Cleotilde Gonzalez Chapter 6: A Theory of Hypergames on Graphs for Synthesizing Dynamic Cyber Defense with Deception Jie Fu, Abhishek N. Kulkarni Part 2: Game Theory for Cyber Security Chapter 7: Minimax Detection (MAD) for Computer Security: A Dynamic Program Characterization Muhammed O. Sayin, Dinuka Sahabandu, Muhammad Aneeq uz Zaman, Radha Poovendran, Tamer Başar Chapter 8: Sensor Manipulation Games in Cyber Security João P. Hespanha Chapter 9: Adversarial Gaussian Process Regression in Sensor Networks Yi Li, Xenofon Koutsoukos, Yevgeniy Vorobeychik Chapter 10: Moving Target Defense Games for Cyber Security: Theory and Applications Abdelrahman Eldosouky, Shamik Sengupta Chapter 11: Continuous Authentication Security Games Serkan Saritas, Ezzeldin Shereen, Henrik Sandberg, Gyorgy Dan Chapter 12: Cyber Autonomy in Software Security: Techniques and Tactics Tiffany Bao, Yan Shoshitaishvili Part 3: Adversarial Machine Learning for Cyber Security Chapter 13: A Game Theoretic Perspective on Adversarial Machine Learning and Related Cybersecurity Applications Yan Zhou, Murat Kantarcioglu, Bowei Xi Chapter 14: Adversarial Machine Learning in 5G Communications Security Yalin Sagduyu, Tugba Erpek, Yi Shi Chapter 15: Machine Learning in the Hands of a Malicious Adversary: A Near Future If Not Reality Keywhan Chung, Xiao Li, Peicheng Tang, Zeran Zhu, Zbigniew T. Kalbarczyk, Thenkurussi Kesavadas, Ravishankar K. Iyer Chapter 16: Trinity: Trust, Resilience and Interpretability of Machine Learning Models Susmit Jha, Anirban Roy, Brian Jalaian, Gunjan Verma Part 4: Generative Models for Cyber Security Chapter 17: Evading Machine Learning based Network Intrusion Detection Systems with GANs Bolor-Erdene Zolbayar, Ryan Sheatsley, Patrick McDaniel, Mike Weisman Chapter 18: Concealment Charm (ConcealGAN): Automatic Generation of Steganographic Text using Generative Models to Bypass Censorship Nurpeiis Baimukan, Quanyan Zhu Part 5: Reinforcement Learning for Cyber Security Chapter 19: Manipulating Reinforcement Learning: Stealthy Attacks on Cost Signals Yunhan Huang, Quanyan Zhu Chapter 20: Resource-Aware Intrusion Response based on Deep Reinforcement Learning for Software-Defined Internet-of-Battle-Things Seunghyun Yoon, Jin-Hee Cho, Gaurav Dixit, Ing-Ray Chen Part 6: Other Machine Learning approach to Cyber Security Chapter 21: Smart Internet Probing: Scanning Using Adaptive Machine Learning Armin Sarabi, Kun Jin, Mingyan Liu Chapter 22: Semi-automated Parameterization of a Probabilistic Model using Logistic Regression - A Tutorial Stefan Rass, Sandra König, Stefan Schauer Chapter 23: Resilient Distributed Adaptive Cyber-Defense using Blockchain George Cybenko, Roger A. Hallman Chapter 24: Summary and Future Work Quanyan Zhu, Fei Fang

Read more less

Book SynopsisSECURITY ISSUES AND PRIVACY CONCERNS IN INDUSTRY 4.0 APPLICATIONS Written and edited by a team of international experts, this is the most comprehensive and up-to-date coverage of the security and privacy issues surrounding Industry 4.0 applications, a must-have for any library. The scope of Security Issues and Privacy Concerns in Industry 4.0 Applications is to envision the need for security in Industry 4.0 applications and the research opportunities for the future. This book discusses the security issues in Industry 4.0 applications for research development. It will also enable the reader to develop solutions for the security threats and attacks that prevail in the industry. The chapters will be framed on par with advancements in the industry in the area of Industry 4.0 with its applications in additive manufacturing, cloud computing, IoT (Internet of Things), and many others. This book helps a researcher and an industrial specialist to reflect on the latest trends and the need for teTable of ContentsPreface xiii 1 Industry 4.0: Smart Water Management System Using IoT 1S. Saravanan, N. Renugadevi, C.M. Naga Sudha and Parul Tripathi 1.1 Introduction 2 1.1.1 Industry 4.0 2 1.1.2 IoT 2 1.1.3 Smart City 3 1.1.4 Smart Water Management 3 1.2 Preliminaries 4 1.2.1 Internet World to Intelligent World 4 1.2.2 Architecture of IoT System 4 1.2.3 Architecture of Smart City 6 1.3 Literature Review on SWMS 7 1.3.1 Water Quality Parameters Related to SWMS 8 1.3.2 SWMS in Agriculture 8 1.3.3 SWMS Using Smart Grids 9 1.3.4 Machine Learning Models in SWMS 10 1.3.5 IoT-Based SWMS 11 1.4 Conclusion 11 References 12 2 Fourth Industrial Revolution Application: Network Forensics Cloud Security Issues 15Abdullah Ayub Khan, Asif Ali Laghari, Shafique Awan and Awais Khan Jumani 2.1 Introduction 16 2.1.1 Network Forensics 16 2.1.2 The Fourth Industrial Revolution 17 2.1.2.1 Machine-to-Machine (M2M) Communication 18 2.1.3 Cloud Computing 18 2.1.3.1 Infrastructure-as-a-Service (IaaS) 19 2.1.3.2 Challenges of Cloud Security in Fourth Industrial Revolution 19 2.2 Generic Model Architecture 20 2.3 Model Implementation 24 2.3.1 OpenNebula (Hypervisor) Implementation Platform 24 2.3.2 NetworkMiner Analysis Tool 25 2.3.3 Performance Matrix Evaluation & Result Discussion 27 2.4 Cloud Security Impact on M2M Communication 28 2.4.1 Cloud Computing Security Application in the Fourth Industrial Revolution (4.0) 29 2.5 Conclusion 30 References 31 3 Regional Language Recognition System for Industry 4.0 35Bharathi V, N. Renugadevi, J. Padmapriya and M. Vijayprakash 3.1 Introduction 36 3.2 Automatic Speech Recognition System 39 3.2.1 Preprocessing 41 3.2.2 Feature Extraction 42 3.2.2.1 Linear Predictive Coding (LPC) 42 3.2.2.2 Linear Predictive Cepstral Coefficient (LPCC) 44 3.2.2.3 Perceptual Linear Predictive (PLP) 44 3.2.2.4 Power Spectral Analysis 44 3.2.2.5 Mel Frequency Cepstral Coefficients 45 3.2.2.6 Wavelet Transform 46 3.2.3 Implementation of Deep Learning Technique 46 3.2.3.1 Recurrent Neural Network 47 3.2.3.2 Long Short-Term Memory Network 47 3.2.3.3 Hidden Markov Models (HMM) 47 3.2.3.4 Hidden Markov Models - Long Short-Term Memory Network (HMM-LSTM) 48 3.2.3.5 Evaluation Metrics 49 3.3 Literature Survey on Existing TSRS 49 3.4 Conclusion 52 References 52 4 Approximation Algorithm and Linear Congruence: An Approach for Optimizing the Security of IoT-Based Healthcare Management System 55Anirban Bhowmik and Sunil Karforma 4.1 Introduction 56 4.1.1 IoT in Medical Devices 56 4.1.2 Importance of Security and Privacy Protection in IoT-Based Healthcare System 57 4.1.3 Cryptography and Secret Keys 58 4.1.4 RSA 58 4.1.5 Approximation Algorithm and Subset Sum Problem 58 4.1.6 Significance of Use of Subset Sum Problem in Our Scheme 59 4.1.7 Linear Congruence 60 4.1.8 Linear and Non-Linear Functions 61 4.1.9 Pell’s Equation 61 4.2 Literature Survey 62 4.3 Problem Domain 63 4.4 Solution Domain and Objectives 64 4.5 Proposed Work 65 4.5.1 Methodology 65 4.5.2 Session Key Generation 65 4.5.3 Intermediate Key Generation 67 4.5.4 Encryption Process 69 4.5.5 Generation of Authentication Code and Transmission File 70 4.5.6 Decryption Phase 71 4.6 Results and Discussion 71 4.6.1 Statistical Analysis 72 4.6.2 Randomness Analysis of Key 73 4.6.3 Key Sensitivity Analysis 75 4.6.4 Security Analysis 76 4.6.4.1 Key Space Analysis 76 4.6.4.2 Brute-Force Attack 77 4.6.4.3 Dictionary Attack 77 4.6.4.4 Impersonation Attack 78 4.6.4.5 Replay Attack 78 4.6.4.6 Tampering Attack 78 4.6.5 Comparative Analysis 79 4.6.5.1 Comparative Analysis Related to IoT Attacks 79 4.6.6 Significance of Authentication in Our Proposed Scheme 85 4.7 Conclusion 85 References 86 5 A Hybrid Method for Fake Profile Detection in Social Network Using Artificial Intelligence 89Ajesh F, Aswathy S U, Felix M Philip and Jeyakrishnan V 5.1 Introduction 90 5.2 Literature Survey 91 5.3 Methodology 94 5.3.1 Datasets 94 5.3.2 Detection of Fake Account 94 5.3.3 Suggested Framework 95 5.3.3.1 Pre-Processing 97 5.3.3.2 Principal Component Analysis (PCA) 98 5.3.3.3 Learning Algorithms 99 5.3.3.4 Feature or Attribute Selection 102 5.4 Result Analysis 103 5.4.1 Cross-Validation 103 5.4.2 Analysis of Metrics 104 5.4.3 Performance Evaluation of Proposed Model 105 5.4.4 Performance Analysis of Classifiers 105 5.5 Conclusion 109 References 109 6 Packet Drop Detection in Agricultural-Based Internet of Things Platform 113Sebastian Terence and Geethanjali Purushothaman 6.1 Introduction 113 6.2 Problem Statement and Related Work 114 6.3 Implementation of Packet Dropping Detection in IoT Platform 115 6.4 Performance Analysis 120 6.5 Conclusion 129 References 129 7 Smart Drone with Open CV to Clean the Railway Track 131Sujaritha M and Sujatha R 7.1 Introduction 132 7.2 Related Work 132 7.3 Problem Definition 134 7.4 The Proposed System 134 7.4.1 Drones with Human Intervention 134 7.4.2 Drones without Human Intervention 135 7.4.3 Working Model 137 7.5 Experimental Results 137 7.6 Conclusion 139 References 139 8 Blockchain and Big Data: Supportive Aid for Daily Life 141Awais Khan Jumani, Asif Ali Laghari and Abdullah Ayub Khan 8.1 Introduction 142 8.1.1 Steps of Blockchain Technology Works 144 8.1.2 Blockchain Private 144 8.1.3 Blockchain Security 145 8.2 Blockchain vs. Bitcoin 145 8.2.1 Blockchain Applications 146 8.2.2 Next Level of Blockchain 146 8.2.3 Blockchain Architecture’s Basic Components 149 8.2.4 Blockchain Architecture 150 8.2.5 Blockchain Characteristics 150 8.3 Blockchain Components 151 8.3.1 Cryptography 152 8.3.2 Distributed Ledger 153 8.3.3 Smart Contracts 153 8.3.4 Consensus Mechanism 154 8.3.4.1 Proof of Work (PoW) 155 8.3.4.2 Proof of Stake (PoS) 155 8.4 Categories of Blockchain 155 8.4.1 Public Blockchain 156 8.4.2 Private Blockchain 156 8.4.3 Consortium Blockchain 156 8.4.4 Hybrid Blockchain 156 8.5 Blockchain Applications 158 8.5.1 Financial Application 158 8.5.1.1 Bitcoin 158 8.5.1.2 Ripple 158 8.5.2 Non-Financial Applications 159 8.5.2.1 Ethereum 159 8.5.2.2 Hyperledger 159 8.6 Blockchain in Different Sectors 160 8.7 Blockchain Implementation Challenges 160 8.8 Revolutionized Challenges in Industries 163 8.9 Conclusion 170 References 172 9 A Novel Framework to Detect Effective Prediction Using Machine Learning 179Shenbaga Priya, Revadi, Sebastian Terence and Jude Immaculate 9.1 Introduction 180 9.2 ML-Based Prediction 180 9.3 Prediction in Agriculture 182 9.4 Prediction in Healthcare 183 9.5 Prediction in Economics 184 9.6 Prediction in Mammals 185 9.7 Prediction in Weather 186 9.8 Discussion 186 9.9 Proposed Framework 187 9.9.1 Problem Analysis 187 9.9.2 Preprocessing 188 9.9.3 Algorithm Selection 188 9.9.4 Training the Machine 188 9.9.5 Model Evaluation and Prediction 188 9.9.6 Expert Suggestion 188 9.9.7 Parameter Tuning 189 9.10 Implementation 189 9.10.1 Farmers and Sellers 189 9.10.2 Products 189 9.10.3 Price Prediction 190 9.11 Conclusion 192 References 192 10 Dog Breed Classification Using CNN 195Sandra Varghese and Remya S 10.1 Introduction 195 10.2 Related Work 196 10.3 Methodology 198 10.4 Results and Discussions 201 10.4.1 Training 201 10.4.2 Testing 201 10.5 Conclusions 203 References 203 11 Methodology for Load Balancing in Multi-Agent System Using SPE Approach 207S. Ajitha 11.1 Introduction 207 11.2 Methodology for Load Balancing 208 11.3 Results and Discussion 213 11.3.1 Proposed Algorithm in JADE Tool 213 11.3.1.1 Sensitivity Analysis 218 11.3.2 Proposed Algorithm in NetLogo 218 11.4 Algorithms Used 219 11.5 Results and Discussion 219 11.6 Summary 226 References 226 12 The Impact of Cyber Culture on New Media Consumers 229Durmuş KoÇak 12.1 Introduction 229 12.2 The Rise of the Term of Cyber Culture 231 12.2.1 Cyber Culture in the 21st Century 231 12.2.1.1 Socio-Economic Results of Cyber Culture 232 12.2.1.2 Psychological Outcomes of Cyber Culture 233 12.2.1.3 Political Outcomes of Cyber Culture 234 12.3 The Birth and Outcome of New Media Applications 234 12.3.1 New Media Environments 236 12.3.1.1 Social Sharing Networks 237 12.3.1.2 Network Logs (Blog, Weblog) 240 12.3.1.3 Computer Games 240 12.3.1.4 Digital News Sites and Mobile Media 240 12.3.1.5 Multimedia Media 241 12.3.1.6 What Affects the New Media Consumers’ Tendencies? 242 12.4 Result 244 References 245 Index 251

Read more less

Book SynopsisTable of Contents Foreword ix Preface xi Acknowledgments xv Introduction 1 Part I Foundational Business Knowledge 7 Chapter 1 Financial Principles 9 Chapter 2 Business Strategy Tools 29 Chapter 3 Business Decisions 55 Chapter 4 Value Creation 91 Chapter 5 Articulating the Business Case 129 Part II Communication and Education 167 Chapter 6 Cybersecurity: A Concern of the Business, Not Just IT 169 Chapter 7 Translating Cyber Risk into Business Risk 197 Chapter 8 Communication – You Do It Every Day (or Do You?) 239 Part III Cybersecurity Leadership 273 Chapter 9 Relationship Management 275 Chapter 10 Recruiting and Leading High Performing Teams 307 Chapter 11 Managing Human Capital 339 Chapter 12 Negotiation 367 Conclusion 383 Index 385

Read more less

Book SynopsisCORPORATE CYBERSECURITY An insider's guide showing companies how to spot and remedy vulnerabilities in their security programs A bug bounty program is offered by organizations for people to receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilities. Corporate Cybersecurity gives cyber and application security engineers (who may have little or no experience with a bounty program) a hands-on guide for creating or managing an effective bug bounty program. Written by a cyber security expert, the book is filled with the information, guidelines, and tools that engineers can adopt to sharpen their skills and become knowledgeable in researching, configuring, and managing bug bounty programs. This book addresses the technical aspect of tooling and managing a bug bounty program and discusses common issues that engineers may run into on a daily basis. The author includes information on the often-overlTable of ContentsForeword xiii Acknowledgments xv Part 1 Bug Bounty Overview 1 1 The Evolution of Bug Bounty Programs 3 1.1 Making History 3 1.2 Conservative Blockers 4 1.3 Increased Threat Actor Activity 4 1.4 Security Researcher Scams 5 1.5 Applications Are a Small Consideration 5 1.6 Enormous Budgetary Requirements 5 1.7 Other Security Tooling as a Priority 6 1.8 Vulnerability Disclosure Programs vs Bug Bounty Programs 6 1.8.1 Vulnerability Disclosure Programs 6 1.8.2 Bug Bounty Programs 7 1.9 Program Managers 7 1.10 The Law 7 1.11 Redefining Security Research 8 1.12 Taking Action 8 1.12.1 Get to Know Security Researchers 9 1.12.2 Fair and Just Resolution 9 1.12.3 Managing Disclosure 9 1.12.4 Corrections 9 1.12.5 Specific Community Involvement 9 Part 2 Evaluating Programs 11 2 Assessing Current Vulnerability Management Processes 13 2.1 Who Runs a Bug Bounty Program? 13 2.2 Determining Security Posture 13 2.3 Management 14 2.3.1 Software Engineering Teams 14 2.3.2 Security Departments (Security Operations, Fraud Prevention, Governance/Risk/Compliance, Edge Controls, Vulnerability Management, Endpoint Detection, and Response) 14 2.3.3 Infrastructure Teams 14 2.3.4 Legal Department 14 2.3.5 Communications Team 14 2.4 Important Questions 15 2.5 Software Engineering 15 2.5.1 Which Processes Are in Place for Secure Coding? Do the Software Engineers Understand the Importance of Mitigating the Risks Associated with Vulnerable Code? 15 2.5.2 How Effective Are Current Communication Processes? Will Vulnerabilities Be Quickly Resolved If Brought to Their Attention? 15 2.5.3 Is the Breadth of Our Enterprise’s Web and Mobile Applications Immense? Which Processes Are Engineers Using for Development in the Software Development Lifecycle? 16 2.6 Security Departments 16 2.6.1 How Does Security Operations Manage Incidents? Will Employee Assistance Be Provided from the Security Operations Team If a Threat Actor Manages to Exploit an Application Vulnerability? Which Tools Do They Have in Place? 16 2.6.2 What Does the Fraud Prevention Team Do to Prevent Malicious Activities? How Many Occurrences Do They See of Issues such as Account Takeover, and Could They Potentially Create Application Vulnerabilities? 16 2.6.3 Are There Any Compliance Practices in Place and, If So, How Do They Affect the Vulnerability Management Process? What Does the Application Security Team Have to Do to Assist in Enterprise Compliance? 17 2.6.4 What Edge Tooling is in Place to Prevent Attacks? Are Any of the Enterprise Applications at Risk of Being Exploited due to an IoT (Internet of Things) Device? 17 2.6.5 How Often Does Our Vulnerability Management Team Push for Updates? How Does the Vulnerability Management Team Ensure Servers in which Enterprise Applications Reside Are Secure? 17 2.7 Infrastructure Teams 17 2.7.1 What Are Infrastructure Teams Doing to Ensure Best Security Practices Are Enabled? How Long Will It Take the Infrastructure Team to Resolve a Serious Issue When a Server-side Web Application is Exploited, or During a Subdomain Takeover Vulnerability? 17 2.7.2 Is There Effective Communication between Infrastructure, Vulnerability Management, Security Operations, and Endpoint Detection and Response? 18 2.8 Legal Department 18 2.8.1 How Well Refined is the Relationship between the Application Security Team and the Legal Department? 18 2.8.2 What Criteria Are/Will Be Set Out for the Escalation of Issues? 18 2.8.3 Does the Legal Department Understand the Necessity of Bug Bounty Program Management? 18 2.9 Communications Team 18 2.9.1 Has the Communications Team Dealt with Security Researchers Before? is the Importance Understood? 18 2.9.2 Was the Communications Team Informed of Bug Bounty Program Expectations? 19 2.10 Engineers 19 2.11 Program Readiness 19 3 Evaluating Program Operations 21 3.1 One Size Does Not Fit All 21 3.2 Realistic Program Scenarios 21 3.3 Ad Hoc Program 22 3.4 Note 24 3.5 Applied Knowledge 24 3.5.1 Applied Knowledge #1 24 3.5.1.1 Private Programs 25 3.5.2 Applied Knowledge #2 25 3.5.2.1 Public Programs 25 3.5.3 Applied Knowledge #3 26 3.5.3.1 Hybrid Models 26 3.6 Crowdsourced Platforms 27 3.7 Platform Pricing and Services 28 3.8 Managed Services 28 3.9 Opting Out of Managed Services 29 3.10 On-demand Penetration Tests 29 Part 3 Program Setup 31 4 Defining Program Scope and Bounties 33 4.1 What is a Bounty? 33 4.2 Understanding Scope 33 4.3 How to Create Scope 34 4.3.1 Models 34 4.4 Understanding Wildcards 34 4.4.1 Subdomain 35 4.4.2 Domain 35 4.4.3 Specific Domain Path or Specific Subdomain Path 35 4.5 Determining Asset Allocation 36 4.6 Asset Risk 37 4.7 Understanding Out of Scope 37 4.8 Vulnerability Types 38 4.8.1 Denial of Service (DOS) or Distributed Denial of Service (DDoS) Attacks 38 4.8.2 Social Engineering Attacks 38 4.8.3 Brute Force or Rate Limiting 38 4.8.4 Account and Email Enumeration 38 4.8.5 Self-XSS 39 4.8.6 Clickjacking 39 4.8.7 Miscellaneous 39 4.9 When is an Asset Really Out of Scope? 39 4.10 The House Wins – Or Does It? 40 4.11 Fair Judgment on Bounties 42 4.12 Post-mortem 43 4.13 Awareness and Reputational Damage 43 4.14 Putting It All Together 44 4.15 Bug Bounty Payments 44 4.15.1 Determining Payments 45 4.15.2 Bonus Payments 46 4.15.3 Nonmonetary Rewards 46 5 Understanding Safe Harbor and Service Level Agreements 49 5.1 What is “Safe Harbor”? 49 5.1.1 The Reality of Safe Harbor 49 5.1.2 Fear and Reluctance 49 5.1.3 Writing Safe Harbor Agreements 50 5.1.4 Example Safe Harbor Agreement 50 5.2 Retaliation against a Rogue Researcher (Cybercriminal or Threat/Bad Actor) 51 5.3 Service Level Agreements (SLAs) 52 5.3.1 Resolution Times 53 5.3.2 Triage Times 53 6 Program Configuration 55 6.1 Understanding Options 55 6.2 Bugcrowd 55 6.2.1 Creating the Program 55 6.2.2 Program Overview 61 6.2.2.1 The Program Dashboard 61 6.2.2.2 The Crowd Control Navbar 63 Summary 63 Submissions 63 Researchers 64 Rewards 65 Insights Dashboard 65 Reports 66 6.2.3 Advanced Program Configuration and Modification 66 6.2.3.1 Program Brief 66 6.2.3.2 Scope and Rewards 67 6.2.3.3 Integrations 72 6.2.3.4 Announcements 73 6.2.3.5 Manage Team 74 6.2.3.6 Submissions 75 6.2.4 Profile Settings 76 6.2.4.1 The Profile and Account 78 6.2.4.2 Security 78 6.2.4.3 Notification Settings 79 6.2.4.4 API Credentials 80 6.2.5 Enterprise “Profile” Settings 81 6.2.5.1 Management and Configuration 81 6.2.5.2 Organization Details 81 6.2.5.3 Team Members 81 6.2.5.4 Targets 81 6.2.5.5 Authentication 81 6.2.5.6 Domains 82 6.2.5.7 Accounting 83 6.3 HackerOne 84 6.3.1 Program Settings 85 6.3.1.1 General 85 6.3.1.2 Information 86 6.3.1.3 Product Edition 86 6.3.1.4 Authentication 87 6.3.1.5 Verified Domains 88 6.3.1.6 Credential Management 89 6.3.1.7 Group Management 89 6.3.1.8 User Management 90 6.3.1.9 Audit Log 91 6.3.2 Billing 92 6.3.2.1 Overview 92 6.3.2.2 Credit Card 92 6.3.2.3 Prepayment 92 6.3.3 Program 93 6.3.3.1 Policy 93 6.3.3.2 Scope 93 6.3.3.3 Submit Report Form 95 6.3.3.4 Response Targets 96 6.3.3.5 Metrics Display 97 6.3.3.6 Email Notifications 97 6.3.3.7 Inbox Views 98 6.3.3.8 Disclosure 98 6.3.3.9 Custom Fields 98 6.3.3.10 Invitations 99 6.3.3.11 Submission 100 6.3.3.12 Message Hackers 101 6.3.3.13 Email Forwarding 102 6.3.3.14 Embedded Submission Form 102 6.3.3.15 Bounties 103 6.3.3.16 Swag 103 6.3.3.17 Common Responses 104 6.3.3.18 Triggers 106 6.3.3.19 Integrations 107 6.3.3.20 API 107 6.3.3.21 Hackbot 107 6.3.3.22 Export Reports 108 6.3.3.23 Profile Settings 108 6.3.4 Inbox 108 6.3.4.1 Report Details 109 6.3.4.2 Timeline 109 6.4 Summary 110 Part 4 Vulnerability Reports and Disclosure 111 7 Triage and Bug Management 113 7.1 Understanding Triage 113 7.1.1 Validation 113 7.1.2 Lessons Learned 115 7.1.3 Vulnerability Mishaps 115 7.1.4 Managed Services 115 7.1.5 Self-service 116 7.2 Bug Management 116 7.2.1 Vulnerability Priority 116 7.2.2 Vulnerability Examples 117 7.2.2.1 Reflected XSS on a login portal 117 Report and Triage 117 Validation 117 7.2.2.2 Open redirect vulnerability 117 Report and Triage 117 Validation 118 7.2.2.3 Leaked internal Structured Query Language (SQL) server credentials 118 Report and Triage 118 Validation 118 7.3 Answers 118 7.3.1 Vulnerability Rating-test Summary 119 7.3.1.1 Reflected XSS in a login portal 118 7.3.1.2 Open redirect vulnerability 118 7.3.1.3 Leaked internal SQL server credentials 118 7.3.2 Complexity vs Rating 119 7.3.3 Projected Ratings 120 7.3.4 Ticketing and Internal SLA 120 7.3.4.1 Creating Tickets 120 8 Vulnerability Disclosure Information 123 8.1 Understanding Public Disclosure 123 8.1.1 Making the Decision 123 8.1.1.1 Private Programs 123 The Bottom Line 124 8.1.1.2 Public Programs 125 The Bottom Line 126 8.2 CVE Responsibility 126 8.2.1 What are CVEs? 126 8.2.2 Program Manager Responsibilities 126 8.2.3 Hardware CVEs 126 8.2.4 Software and Product CVEs 128 8.2.5 Third-party CVEs 128 8.3 Submission Options 130 8.3.1 In-house Submissions 130 8.3.2 Program Managed Submissions and Hands-off Submissions 130 8.3.2.1 Program Managed Submissions 130 8.3.2.2 Hands-off Submissions 131 Part 5 Internal and External Communication 133 9 Development and Application Security Collaboration 135 9.1 Key Role Differences 135 9.1.1 Application Security Engineer 135 9.1.2 Development 135 9.2 Facing a Ticking Clock 136 9.3 Meaningful Vulnerability Reporting 136 9.4 Communicating Expectations 137 9.5 Pushback, Escalations, and Exceptions 138 9.5.1 Internal steps 138 9.5.2 External steps 139 9.5.2 Escalations 139 9.5.3 Summary 140 9.6 Continuous Accountability 141 9.6.1 Tracking 141 9.6.2 Missed Deadlines 141 10 Hacker and Program Interaction Essentials 143 10.1 Understanding the Hacker 143 10.1.1 Money, Ethics, or Both? 143 10.1.2 Case Study Analysis 145 10.2 Invalidating False Positives 145 10.2.1 Intake Process and Breaking the News 145 10.2.2 Dealing with a Toxic Hacker 147 10.3 Managed Program Considerations 147 10.4 In-house Programs 148 10.5 Blackmail or Possible Threat Actor 151 10.6 Public Threats or Disclosure 151 10.7 Program Warning Messages 153 10.8 Threat Actor or Security Researcher? 153 10.9 Messaging Researchers 155 10.9.1 Security Researcher Interviews 155 10.9.2 Bug Bounty Program Manager Interviews 159 10.10 Summary 164 Part 6 Assessments and Expansions 165 11 Internal Assessments 167 11.1 Introduction to Internal Assessments 167 11.2 Proactive Vs Reactive Testing 167 11.3 Passive Assessments 168 11.3.1 Shodan 168 11.3.1.1 Using Shodan 168 11.3.2 Amass/crt.sh 171 11.3.2.1 Amass 172 11.3.2.2 crt.sh 173 11.4 Active Assessments 173 11.4.1 nmapAutomator.sh 173 11.4.2 Sn1per 175 11.4.3 Owasp Zap 175 11.4.4 Dalfox 177 11.4.5 Dirsearch 179 11.5 Passive/Active Summary 180 11.6 Additional Considerations: Professional Testing and Third-Party Risk 180 12 Expanding Scope 181 12.1 Communicating with the Team 181 12.2 Costs of Expansion 182 12.3 When to Expand Scope 182 12.4 Alternatives to Scope Expansion 183 12.5 Managing Expansion 183 13 Public Release 185 13.1 Understanding the Public Program 185 13.2 The “Right” Time 185 13.3 Recommended Release 186 13.3.1 Requirements 186 13.4 Rolling Backwards 186 13.5 Summary 187 Index 189

Read more less

Book SynopsisHarden your business against internal and external cybersecurity threats with a single accessible resource. In 8 Steps to Better Security: A Simple Cyber Resilience Guide for Business, cybersecurity researcher and writer Kim Crawley delivers a grounded and practical roadmap to cyber resilience in any organization. Offering you the lessons she learned while working for major tech companies like Sophos, AT&T, BlackBerry Cylance, Tripwire, and Venafi, Crawley condenses the essence of business cybersecurity into eight steps. Written to be accessible to non-technical businesspeople as well as security professionals, and with insights from other security industry leaders, this important book will walk you through how to: Foster a strong security culture that extends from the custodial team to the C-suiteBuild an effective security team, regardless of the size or nature of your businessComply with regulatory requirements, including general data privacy rules and industry-specific legislationTest your cybersecurity, including third-party penetration testing and internal red team specialists Perfect for CISOs, security leaders, non-technical businesspeople, and managers at any level, 8 Steps to Better Security is also a must-have resource for companies of all sizes, and in all industries.Table of ContentsForeword xi Introduction xiii Chapter 1: Step 1: Foster a Strong Security Culture 1 Kevin Mitnick, Human Hacker Extraordinaire 3 The Importance of a Strong Security Culture 5 Hackers Are the Bad Guys, Right? 6 What is Security Culture? 7 How to Foster a Strong Security Culture 9 Security Leaders on Security Culture 12 What Makes a Good CISO? 13 The Biggest Mistakes Businesses Make When It Comes to Cybersecurity 14 The Psychological Phases of a Cybersecurity Professional 15 Chapter 2: Step 2: Build a Security Team 19 Why Step 2 is Controversial 20 How to Hire the Right Security Team. . .the Right Way 28 Security Team Tips from Security Leaders 29 The “Culture Fit”—Yuck! 30 Cybersecurity Budgets 34 Design Your Perfect Security Team 35 Chapter 3: Step 3: Regulatory Compliance 39 What Are Data Breaches, and Why Are They Bad? 40 The Scary Truth Found in Data Breach Research 45 An Introduction to Common Data Privacy Regulations 49 The General Data Protection Regulation 49 The California Consumer Privacy Act 50 The Health Insurance Portability and Accountability Act 52 The Gramm-Leach-Bliley Act 52 Payment Card Industry Data Security Standard 53 Governance, Risk Management, and Compliance 53 More About Risk Management 54 Threat Modeling 55 Chapter 4: Step 4: Frequent Security Testing 57 What is Security Testing? 58 Security Testing Types 58 Security Audits 58 Vulnerability Assessments Versus Penetration Testing 59 Red Team Testing 61 Bug Bounty Programs 61 What’s Security Maturity? 63 The Basics of Security Audits and Vulnerability Assessments 64 Log Early, Log Often 66 Prepare for Vulnerability Assessments and Security Audits 67 A Concise Guide to Penetration Testing 69 Penetration Testing Based on Network Knowledge 70 Penetration Testing Based on Network Aspects 73 Security Leaders on Security Maturity 76 Security Testing is Crucial 78 Chapter 5: Step 5: Security Framework Application 79 What is Incident Response? 80 Preparation 80 Identification or Analysis 82 Containment, Mitigation, or Eradication 83 Recovery 84 Post-incident 86 Your Computer Security Incident Response Team 86 Cybersecurity Frameworks 89 NIST Cybersecurity Framework 89 Identify 90 Protect 92 Detect 95 Respond 97 Recover 99 ISO 27000 Cybersecurity Frameworks 101 CIS Controls 102 COBIT Cybersecurity Framework 105 Security Frameworks and Cloud Security 106 Chapter 6: Step 6: Control Your Data Assets 109 The CIA Triad 110 Access Control 112 Patch Management 113 Physical Security and Your Data 115 Malware 116 Cryptography Basics 119 Bring Your Own Device and Working from Home 123 Data Loss Prevention 124 Managed Service Providers 126 The Dark Web and Your Data 128 Security Leaders on Cyber Defense 130 Control Your Data 132 Chapter 7: Step 7: Understand the Human Factor 133 Social Engineering 134 Phishing 139 What Can NFTs and ABA Teach Us About Social Engineering? 141 How to Prevent Social Engineering Attacks on Your Business 146 UI and UX Design 147 Internal Threats 148 Hacktivism 152 Chapter 8: Step 8: Build Redundancy and Resilience 155 Understanding Data and Networks 156 Building Capacity and Scalability with the Power of the Cloud 158 Back It Up, Back It Up, Back It Up 161 RAID 162 What Ransomware Taught Business About Backups 164 Business Continuity 167 Disaster Recovery 168 Chapter 9: Afterword 173 Step 1 173 The Most Notorious Cyberattacker Was Actually a Con Man 174 A Strong Security Culture Requires All Hands on Deck 174 Hackers Are the Good Guys, Actually 174 What Is Security Culture? 175 What Makes a Good CISO? 175 The Psychological Phases of a Cybersecurity Professional 176 Recommended Readings 177 Step 2 178 Tackling the Cybersecurity Skills Gap Myth 178 Take “Culture Fit” Out of Your Vocabulary 179 Your Cybersecurity Budget 180 Recommended Readings 180 Step 3 181 Data Breaches 181 Data Privacy Regulations 182 Risk Management 183 Recommended Readings 183 Step 4 184 Security Audits 184 Vulnerability Assessments 185 Penetration Testing 185 Bug Bounty Programs 185 Recommended Reading 186 Step 5 187 Incident Response 187 Cybersecurity Frameworks 187 Recommended Reading 188 Step 6 188 The CIA Triad 188 Access Control 189 Patch Management 189 Physical Security 189 Malware 189 Cryptography 190 BYOD and Working from Home 190 Data Loss Prevention 191 Managed Service Providers 191 Recommended Reading 191 Step 7 192 Social Engineering 192 UI and UX Design 193 Internal Threats 193 Recommended Readings 194 Step 8 194 Cloud Networks 195 Data Backups 195 Business Continuity and Disaster Recovery 196 Recommended Readings 196 Keeping Your Business Cyber Secure 197 Index 199

Read more less

Book SynopsisPrepare for success on the challenging CASP+ CAS-004 exam Inthe newly updated Second Edition ofCASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004,accomplished cybersecurityexpertNadean Tannerdeliversan extensive collection of CASP+preparation materials, including hundreds of domain-by-domain test questions and two additional practice exams. Prepare for the new CAS-004 exam, as well asa new career in advanced cybersecurity, with Sybex's proven approach tocertification success.You'll get ready for the exam, to impressyour next interviewer, and excel at your first cybersecurity job. This book includes: Comprehensive coverage of allexam CAS-004 objectivedomains, including security architecture, operations, engineering, cryptography, and governance, risk, and complianceIn-depthpreparation for test success with 1000 practice exam questionsAccess to the Sybex interactive learning environment and online test bank Perfect for anyone studying for the CASP+ Exam CAS-004,CASP+ CompTIA Advanced Security Practitioner Practice Tests Exam CAS-004is also an ideal resource for anyone with IT security experience who seeks to brush up on their skillset or seek a valuable new CASP+ certification.Table of ContentsIntroduction xix Chapter 1 Security Architecture 1 Chapter 2 Security Operations 61 Chapter 3 Security Engineering and Cryptography 123 Chapter 4 Governance, Risk, and Compliance 175 Chapter 5 Practice Test 1 207 Chapter 6 Practice Test 2 227 Appendix Answers to Review Questions 247 Chapter 1: Security Architecture 248 Chapter 2: Security Operations 278 Chapter 3: Security Engineering and Cryptography 308 Chapter 4: Governance, Risk, and Compliance 333 Chapter 5: Practice Test 1 346 Chapter 6: Practice Test 2 353 Index 363

Read more less

Book SynopsisTable of ContentsAbout the Author xvii Acknowledgment and Disclaimers xix Foreword to the Third Edition (2022) xxi Foreword to the Second Edition (2019) xxiii Introduction to First Edition xxvii About the Companion Website xxxv 1 Data Security Laws and Enforcement Actions 1 1.1 FTC Data Security 2 1.1.1 Overview of Section 5 of the FTC Act 2 1.1.2 Wyndham: Does the FTC Have Authority to Regulate Data Security Under Section 5 of the FTC Act? 6 1.1.3 LabMD: What Constitutes “Unfair” Data Security? 10 1.1.4 FTC June 2015 Guidance on Data Security, and 2017 Updates 13 1.1.5 FTC Data Security Expectations and the NIST Cybersecurity Framework 18 1.1.6 Lessons from FTC Cybersecurity Complaints 18 1.1.6.1 Failure to Secure Highly Sensitive Information 19 1.1.6.1.1 Use Industry-standard Encryption for Sensitive Data 20 1.1.6.1.2 Routine Audits and Penetration Testing Are Expected 20 1.1.6.1.3 Health-related Data Requires Especially Strong Safeguards 21 1.1.6.1.4 Data Security Protection Extends to Paper Documents 23 1.1.6.1.5 Business-to-business Providers Also Are Accountable to the FTC for Security of Sensitive Data 25 1.1.6.1.6 Companies Are Responsible for the Data Security Practices of Their Contractors 27 1.1.6.1.7 Make Sure that Every Employee Receives Regular Data Security Training for Processing sensitive Data 28 1.1.6.1.8 Privacy Matters, Even in Data Security 28 1.1.6.1.9 Limit the Sensitive Information Provided to Third Parties 29 1.1.6.1.10 Children’s Data Requires Special Protection 29 1.1.6.2 Failure to Secure Payment Card Information 30 1.1.6.2.1 Adhere to Security Claims about Payment Card Data 30 1.1.6.2.2 Always Encrypt Payment Card Data 31 1.1.6.2.3 Payment Card Data Should Be Encrypted Both in Storage and at Rest 31 1.1.6.2.4 In-store Purchases Pose Significant Cybersecurity Risks 32 1.1.6.2.5 Minimize Duration of Storage of Payment Card Data 34 1.1.6.2.6 Monitor Systems and Networks for Unauthorized Software 35 1.1.6.2.7 Apps Should Never Override Default App Store Security Settings 35 1.1.6.3 Failure to Adhere to Security Claims 36 1.1.6.3.1 Companies Must Address Commonly Known Security Vulnerabilities 36 1.1.6.3.2 Ensure That Security Controls Are Sufficient to Abide by Promises About Security and Privacy 37 1.1.6.3.3 Omissions about Key Security Flaws Also Can Be Misleading 40 1.1.6.3.4 Companies Must Abide by Promises for Security-related Consent Choices 40 1.1.6.3.5 Companies That Promise Security Must Ensure Adequate Authentication Procedures 41 1.1.6.3.6 Adhere to Promises About Encryption 42 1.1.6.3.7 Promises About Security Extend to Vendors’ Practices 43 1.1.6.3.8 Companies Cannot Hide Vulnerable Software in Products 43 1.1.7 FTC Internet of Things Security Guidance 43 1.2 State Data Breach Notification Laws 46 1.2.1 When Consumer Notifications Are Required 47 1.2.1.1 Definition of Personal Information 48 1.2.1.2 Encrypted Data 49 1.2.1.3 Risk of Harm 49 1.2.1.4 Safe Harbors and Exceptions to Notice Requirement 49 1.2.2 Notice to Individuals 50 1.2.2.1 Timing of Notice 50 1.2.2.2 Form of Notice 50 1.2.2.3 Content of Notice 51 1.2.3 Notice to Regulators and Consumer Reporting Agencies 51 1.2.4 Penalties for Violating State Breach Notification Laws 52 1.3 State Data Security Laws 52 1.3.1 Oregon 54 1.3.2 Rhode Island 55 1.3.3 Nevada 56 1.3.4 Massachusetts 57 1.3.5 Ohio 59 1.3.6 Alabama 60 1.3.7 New York 61 1.4 State Data Disposal Laws 61 2 Cybersecurity Litigation 63 2.1 Article III Standing 64 2.1.1 Applicable Supreme Court Rulings on Standing 66 2.1.2 Lower Court Rulings on Standing in Data Breach Cases 71 2.1.2.1 Injury-in-fact 71 2.1.2.1.1 Broad View of Injury-in-fact 71 2.1.2.1.2 Narrow View of Injury-in-fact 76 2.1.2.1.3 Attempts at Finding a Middle Ground for Injury-in-fact 81 2.1.2.2 Fairly Traceable 82 2.1.2.3 Redressability 83 2.2 Common Causes of Action Arising from Data Breaches 84 2.2.1 Negligence 84 2.2.1.1 Legal Duty and Breach of Duty 85 2.2.1.2 Cognizable Injury 87 2.2.1.3 Causation 90 2.2.2 Negligent Misrepresentation or Omission 92 2.2.3 Breach of Contract 95 2.2.4 Breach of Implied Warranty 101 2.2.5 Invasion of Privacy 105 2.2.6 Unjust Enrichment 107 2.2.7 State Consumer Protection Laws 109 2.3 Class Action Certification in Data Breach Litigation 112 2.4 Insurance Coverage for Data Breaches 120 2.5 Protecting Cybersecurity Work Product and Communications from Discovery 124 2.5.1 Attorney–client Privilege 126 2.5.2 Work Product Doctrine 129 2.5.3 Nontestifying Expert Privilege 131 2.5.4 Genesco v. Visa 132 2.5.5 In re Experian Data Breach Litigation 135 2.5.6 In re Premera 136 2.5.7 In re United Shore Financial Services 138 2.5.8 In re Dominion Dental Services USA, Inc. Data Breach Litigation 138 2.5.9 In re Capital One Consumer Data Security Breach Litigation 140 3 Cybersecurity Requirements for Specific Industries 141 3.1 Financial Institutions: GLBA Safeguards Rule 142 3.1.1 Interagency Guidelines 142 3.1.2 SEC’s Regulation S-P 144 3.1.3 FTC Safeguards Rule 146 3.2 New York Department of Financial Services Cybersecurity Regulations 149 3.3 Financial Institutions and Creditors: Red Flags Rule 151 3.3.1 Financial Institutions or Creditors 155 3.3.2 Covered Accounts 156 3.3.3 Requirements for a Red Flags Identity Theft Prevention Program 157 3.4 Companies that Use Payment and Debit Cards: PCI DSS 157 3.5 IoT Cybersecurity Laws 160 3.6 Health Providers: HIPAA Security Rule 161 3.7 Electric Transmission: FERC Critical Infrastructure Protection Reliability Standards 167 3.7.1 CIP-003-6: Cybersecurity—Security Management Controls 167 3.7.2 CIP-004-6: Personnel and Training 168 3.7.3 CIP-006-6: Physical Security of Cyber Systems 168 3.7.4 CIP-007-6: Systems Security Management 168 3.7.5 CIP-009-6: Recovery Plans for Cyber Systems 169 3.7.6 CIP-010-2: Configuration Change Management and Vulnerability Assessments 169 3.7.7 CIP-011-2: Information Protection 170 3.8 NRC Cybersecurity Regulations 170 3.9 State Insurance Cybersecurity Laws 171 4 Cybersecurity and Corporate Governance 175 4.1 SEC Cybersecurity Expectations for Publicly Traded Companies 176 4.1.1 10-K Disclosures: Risk Factors 178 4.1.2 10-K Disclosures: Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) 179 4.1.3 10-K Disclosures: Description of Business 180 4.1.4 10-K Disclosures: Legal Proceedings 180 4.1.5 10-K Disclosures: Financial Statements 181 4.1.6 10K Disclosures: Board Oversight of Cybersecurity 181 4.1.7 Disclosing Data Breaches to Investors 182 4.1.8 Yahoo! Data Breach 185 4.1.9 Cybersecurity and Insider Trading 185 4.2 Fiduciary Duty to Shareholders and Derivative Lawsuits Arising from Data Breaches 186 4.3 CFIUS and Cybersecurity 189 4.4 Law Firms and Cybersecurity 191 5 Antihacking Laws 193 5.1 Computer Fraud and Abuse Act 194 5.1.1 Origins of the CFAA 194 5.1.2 Access Without Authorization and Exceeding Authorized Access 195 5.1.2.1 Narrow View of “Exceeds Authorized Access” and “Without Authorization” 198 5.1.2.2 Broader View of “Exceeds Authorized Access” and “Without Authorization” 203 5.1.2.3 Finding Some Clarity: Van Buren v. United States 205 5.1.3 The Seven Sections of the CFAA 208 5.1.3.1 CFAA Section (a) (1): Hacking to Commit Espionage 209 5.1.3.2 CFAA Section (a) (2): Hacking to Obtain Information 210 5.1.3.3 CFAA Section (a) (3): Hacking a Federal Government Computer 214 5.1.3.4 CFAA Section (a) (4): Hacking to Commit Fraud 216 5.1.3.5 CFAA Section (a) (5): Hacking to Damage a Computer 218 5.1.3.5.1 CFAA Section (a) (5) (A): Knowing Transmission that Intentionally Damages a Computer Without Authorization 219 5.1.3.5.2 CFAA Section (a) (5) (B): Intentional Access Without Authorization that Recklessly Causes Damage 222 5.1.3.5.3 CFAA Section (a) (5) (C): Intentional Access Without Authorization that Causes Damage and Loss 223 5.1.3.5.4 CFAA Section (a) (5): Requirements for Felony and Misdemeanor Cases 224 5.1.3.6 CFAA Section (a) (6): Trafficking in Passwords 226 5.1.3.7 CFAA Section (a) (7): Threatening to Damage or Obtain Information from a Computer 228 5.1.4 Civil Actions Under the CFAA 231 5.1.5 Criticisms of the CFAA 235 5.1.6 CFAA and Coordinated Vulnerability Disclosure Programs 237 5.2 State Computer Hacking Laws 240 5.3 Section 1201 of the Digital Millennium Copyright Act 243 5.3.1 Origins of Section 1201 of the DMCA 244 5.3.2 Three Key Provisions of Section 1201 of the DMCA 245 5.3.2.1 DMCA Section 1201(a) (1) 245 5.3.2.2 DMCA Section 1201(a) (2) 250 5.3.2.2.1 Narrow Interpretation of Section (a) (2): Chamberlain Group v. Skylink Technologies 251 5.3.2.2.2 Broad Interpretation of Section (a) (2): MDY Industries, LLC v. Blizzard Entertainment 254 5.3.2.3 DMCA Section 1201(b) (1) 258 5.3.3 Section 1201 Penalties 261 5.3.4 Section 1201 Exemptions 262 5.3.5 The First Amendment and DMCA Section 1201 269 5.4 Economic Espionage Act 274 5.4.1 Origins of the EEA 274 5.4.2 Criminal Prohibitions on Economic Espionage and Theft of Trade Secrets 275 5.4.2.1 Definition of “Trade Secret” 276 5.4.2.2 “Knowing” Violations of the EEA 279 5.4.2.3 Purpose and Intent Required under Section 1831: Economic Espionage 279 5.4.2.4 Purpose and Intent Required under Section 1832: Theft of Trade Secrets 281 5.4.3 Civil Actions for Trade Secret Misappropriation: The Defend Trade Secrets Act of 2016 284 5.4.3.1 Definition of “Misappropriation” 285 5.4.3.2 Civil Seizures 288 5.4.3.3 Injunctions 289 5.4.3.4 Damages 289 5.4.3.5 Statute of Limitations 290 5.5 Budapest Convention on Cybercrime 291 6 U.S. Government Cyber Structure and Public–Private Cybersecurity Partnerships 293 6.1 U.S. Government’s Civilian Cybersecurity Organization 293 6.2 Department of Homeland Security Information Sharing under the Cybersecurity Act of 2015 297 6.3 Critical Infrastructure Executive Order and the NIST Cybersecurity Framework 301 6.4 U.S. Military Involvement in Cybersecurity and the Posse Comitatus Act 309 6.5 Vulnerabilities Equities Process 311 6.6 Executive Order 14028 314 7 Surveillance and Cyber 317 7.1 Fourth Amendment 318 7.1.1 Was the Search or Seizure Conducted by a Government Entity or Government Agent? 319 7.1.2 Did the Search or Seizure Involve an Individual’s Reasonable Expectation of Privacy? 324 7.1.3 Did the Government Have a Warrant? 332 7.1.4 If the Government Did Not Have a Warrant, Did an Exception to the Warrant Requirement Apply? 335 7.1.5 Was the Search or Seizure Reasonable Under the Totality of the Circumstances? 337 7.2 Electronic Communications Privacy Act 338 7.2.1 Stored Communications Act 340 7.2.1.1 Section 2701: Third-party Hacking of Stored Communications 344 7.2.1.2 Section 2702: Restrictions on Service Providers’ Ability to Disclose Stored Communications and Records to the Government and Private Parties 345 7.2.1.3 Section 2703: Government’s Ability to Require Service Providers to Turn Over Stored Communications and Customer Records 349 7.2.2 Wiretap Act 354 7.2.3 Pen Register Act 358 7.2.4 National Security Letters 359 7.3 Communications Assistance for Law Enforcement Act (CALEA) 361 7.4 Encryption and the All Writs Act 362 7.5 Encrypted Devices and the Fifth Amendment 364 8 Cybersecurity and Federal Government Contractors 369 8.1 Federal Information Security Management Act 370 8.2 NIST Information Security Controls for Government Agencies and Contractors 372 8.3 Classified Information Cybersecurity 376 8.4 Covered Defense Information, CUI, and the Cybersecurity Maturity Model Certification 377 9 Privacy Laws 385 9.1 Section 5 of the FTC Act and Privacy 386 9.2 Health Insurance Portability and Accountability Act 388 9.3 Gramm–Leach–Bliley Act and California Financial Information Privacy Act 390 9.4 CAN-SPAM Act 391 9.5 Video Privacy Protection Act 392 9.6 Children’s Online Privacy Protection Act 394 9.7 California Online Privacy Laws 396 9.7.1 California Online Privacy Protection Act (CalOPPA) 396 9.7.2 California Shine the Light Law 398 9.7.3 California Minor “Online Eraser” Law 400 9.8 California Consumer Privacy Act 401 9.9 Illinois Biometric Information Privacy Act 404 9.10 NIST Privacy Framework 406 10 International Cybersecurity Law 409 10.1 European Union 410 10.2 Canada 420 10.3 China 425 10.4 Mexico 430 10.5 Japan 434 11 Cyber and the Law of War 439 11.1 Was the Cyberattack a “Use of Force” that Violates International Law? 441 11.2 If the Attack Was a Use of Force, Was that Force Attributable to a State? 444 11.3 Did the Use of Force Constitute an “Armed Attack” that Entitles the Target to Self-defense? 445 11.4 If the Use of Force Was an Armed Attack, What Types of Selfdefense Are Justified? 448 11.5 If the Nation Experiences Hostile Cyber Actions that Fall Short of Use of Force or Armed Attacks, What Options Are Available? 449 12 Ransomware 453 12.1 Defining Ransomware 454 12.2 Ransomware-related Litigation 455 12.3 Insurance Coverage for Ransomware 462 12.4 Ransomware Payments and Sanctions 466 12.5 Ransomware Prevention and Response Guidelines from Government Agencies 467 12.5.1 Department of Homeland Security 467 12.5.2 Federal Trade Commission 469 12.5.3 Federal Interagency Guidance for Information Security Executives 470 12.5.4 New York Department of Financial Services Guidance 472 Appendix A: Text of Section 5 of the FTC Act 473 Appendix B: Summary of State Data Breach Notification Laws 483 Appendix C: Text of Section 1201 of the Digital Millennium Copyright Act 545 Appendix D: Text of the Computer Fraud and Abuse Act 557 Appendix E: Text of the Electronic Communications Privacy Act 565 Appendix F: Key Cybersecurity Court Opinions 629 Appendix G: Hacking Cybersecurity Law 781 Index 825

Read more less

Book SynopsisMaster CEH v11 and identify your weak spots CEH: Certified Ethical Hacker Version11Practice Testsare the ideal preparation for this high-stakes exam. Five complete, unique practice tests are designed to help you identify weak spots in your understanding, so you can direct your preparation efforts efficiently and gain the confidenceand skillsyou need to pass. These tests cover allsectionsections of the examblueprint, allowing you to test your knowledge ofBackground,Analysis/Assessment, Security, Tools/Systems/Programs, Procedures/Methodology, Regulation/Policy, and Ethics. Coverage aligns with CEH version11, including materialto test your knowledge ofreconnaissance and scanning,cloud, tablet, and mobileand wirelesssecurity and attacks, the latest vulnerabilities, and the new emphasis on Internet of Things (IoT). The exams are designed to familiarize CEH candidates with the test format, allowing them to become more comfortableapply their knowledge and skills in a high-pressure test setting. The ideal companion for the SybexCEH v11 Study Guide, this book is an invaluable tool for anyone aspiring to thishighly-regardedcertification. Offered by the International Council of Electronic Commerce Consultants, the Certified Ethical Hacker certification is unique in the penetration testingsphere, andrequires preparation specific to the CEH exam more than general IT security knowledge. This book of practice tests help you steer your study where it needs to go by giving you a glimpse of exam day while there's still time to prepare. Practice allsevensections of the CEH v11 examTest your knowledge of security, tools, procedures, and regulationsGauge your understanding ofvulnerabilities and threatsMaster the material well in advance of exam day By getting inside the mind ofan attacker, you gain a one-of-a-kind perspective that dramatically boosts your marketability and advancement potential. If you're ready to attempt this unique certification, the CEH: Certified Ethical Hacker Version 11 Practice Tests are the major preparation tool you should not be without.Table of ContentsIntroduction vi Chapter 1 Practice Test 1 1 Chapter 2 Practice Test 2 27 Chapter 3 Practice Test 3 55 Chapter 4 Practice Test 4 81 Chapter 5 Practice Test 5 107 Appendix Answers to Practice Tests 133 Chapter 1: Practice Test 1 134 Chapter 2: Practice Test 2 145 Chapter 3: Practice Test 3 157 Chapter 4: Practice Test 4 169 Chapter 5: Practice Test 5 180 Index 191

Read more less

Book SynopsisTable of ContentsForeword: Navigating the Cybersecurity Career Path xv Introduction xvii Part I Arriving in Security 1 Chapter 1 How Do You Become a Security Professional? 3 Create Your Story 8 So, You Want to Work in Security 13 What’s Next? 16 Chapter 2 Why Security? 19 What Kind of People Do Security? 21 What Is Your Why? 24 What’s Next? 28 Chapter 3 Where Can I Begin? 29 What Does It Mean to Be a Security Professional? 32 How Can You Make Sense of It All? 35 What’s Next? 39 Chapter 4 What Training Should I Take? 41 For the Traditional Student 43 For the Nontraditional Student 44 For the Full-Time Nonsecurity Worker 45 Other Things to Consider 46 What’s Next? 51 Chapter 5 What Skills Should I Have? 53 The Entry Point —Technology 55 Professional Skills 59 What’s Next? 66 Chapter 6 Is My Résumé Okay? 67 Linking the Résumé to the Job Posting 70 Elements of a Résumé 71 Digital Presence 77 References 78 Cover Letters 79 What’s Next? 80 Chapter 7 Trying with Little Success? 81 Physical Location 85 Your Company 85 Get Specific 86 Know Your Market 88 Assess Your Efforts So Far 89 But I’m Doing All Those Things! 91 What’s Next? 92 Part II Thriving in Security 93 Chapter 8 How Do I Keep Up? 97 Fitting It Into Your Schedule 99 Ad Hoc and Planned Learning 102 Take a Mini-Sabbatical 103 Where Do I Find the Information? 103 What’s Next? 105 Chapter 9 How Can I Manage Security Stress? 107 The Stress of Working in Security 109 Managing Security Stress 113 What’s Next? 118 Chapter 10 How Can I Succeed as a Minority? 119 Making Security Work for You 124 What’s Next? 128 Chapter 11 How Can I Progress? 129 The Security Journey 131 The Opportunist 132 The Intentional Career Seeker 136 How to Get Promoted 139 What’s Next? 141 Chapter 12 Should I Manage People? 143 Leadership and Management 145 Preparing for Your Next Role 150 What’s Next? 152 Chapter 13 How Can I Deal with Impostor Syndrome? 153 Fact-Check Your Inner Monologue 157 Know Competence and Incompetence 158 Know When to Ask for Help 159 Keep Learning and Know When Enough Is Enough 160 Keep Track of Your Successes 161 What’s Next? 162 Chapter 14 How Can I Know If It’s Time to Move On? 163 Are You Happy Where You Are? 165 Have You Done All You Wanted to Do? 166 Have You Learned All You Wanted? 167 What Are Your Long-Term Goals? 168 Are You Being Pigeonholed? 169 Do You Fit Into the Culture? 170 Job Hopping 171 Are the Other Options Better than Your Current Job? 172 What’s Next? 173 Part III Leading Security 175 Chapter 15 Where Do I Start? 179 What’s on Fire? 180 What Is Your Timeline to Act? 181 Who Are Your Partners? 182 Find the Strengths and Note the Weaknesses 183 Draw the Business Risk Picture 184 Do You Have a Mandate? 185 What’s Next? 186 Chapter 16 How Do I Manage Security Strategically? 187 Consider Your Industry 190 Know Your Business Priorities 191 Be Pragmatic 193 Address Stakeholder Pain Points 194 Threats and Vulnerabilities 195 Rinse and Repeat 197 Putting It Together 198 What’s Next? 200 Chapter 17 How Do I Build a Team? 201 It Is About the How 203 Things to Consider 207 Identify Important Things 209 Identify Areas of Weakness 211 Discontinuing a Function 212 Building New Functions 213 What’s Next? 215 Chapter 18 How Do I Write a Job Posting? 217 The Challenge of Job Postings 220 What’s Next? 225 Chapter 19 How Do I Encourage Diversity? 227 Start with Numbers 229 Understand Your Cultural Issues 230 Attracting Diverse Talent 232 Writing the Job Description and Posting 234 The Interviewing Process 235 Retaining Diverse Talent 236 Promotions and Career Development 237 Leaving the Team 239 What’s Next? 239 Chapter 20 How Do I Manage Up? 241 Who Are Senior Stakeholders? 242 Help Them Understand Security 246 When Things Go Wrong 250 What’s Next? 251 Chapter 21 How Do I Fund My Program? 253 Funding a Team 255 Funding a Program 256 The Big Ask 260 What’s Next? 261 Chapter 22 How Do I Talk About My Security Program? 263 What Story Should I Tell? 264 Telling Stories 271 What’s Next? 273 Chapter 23 What Is My Legacy? 275 Making an Impact on the Industry 277 Making an Impact on Your Company 281 What’s Next? 283 Epilogue 285 Appendix: Resources 287 About the Author 291 Acknowledgments 293 Index 295

Read more less

Book SynopsisSECURITY TECHNOLOGIES AND SOCIAL IMPLICATIONS Explains how the latest technologies can advance policing and security, identify threats, and defend citizens from crime and terrorism Security Technologies and Social Implications focuses on the development and application of new technologies that police and homeland security officers can leverage as a tool for both predictive and intelligence-led investigations. The book recommends the best practices for incorporation of these technologies into day-to-day activities by law enforcement agencies and counter-terrorism units. Practically, it addresses legal, technological, and organizational challenges (e.g. resource limitation and privacy concerns) combined with challenges related to the adoption of innovative technologies. In contrast to classic tools, modern policing and security requires the development and implementation of new technologies using AI, machine learning, social media tracking, drones, robots, GIS, computer vision, and moTable of ContentsThe circle of change: technology impact on LEAs Data Protection Impact Assessments in Law Enforcement: Identifying and Mitigating Risks in Algorithmic Policing Methods of Stakeholder Engagement for the Co-Design of Security Technologies Performance Assessment of Soft biometrics technologies for border crossing Counter-Unmanned Aerial Vehicle Systems: Technical, Training and Regulatory Challenges Critical Infrastructure security using Computer Vision Technologies Evaluation of Content Fusion Algorithms for Large and Heterogeneous Datasets Stakeholder Engagement Model to facilitate the uptake by end-users of Crisis Communication Systems CRIME MAPPING IN CRIME ANALYSIS – THE DEVELOPMENTS IN THE PAST TWO DECADES The Threat of Behavioural Radicalization Online: Conceptual Challenges and Technical Solutions Provided by the PROPHETS (Preventing Radicalization Online through the Proliferation of Harmonized ToolkitS) Project Blockchain technologies for chain of custody authentication Chances and challenges of predictive policing for law enforcement agencies Conclusions

Read more less

Book SynopsisCYBER THREAT INTELLIGENCE Martin takes a thorough and focused approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know.Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO Effective introduction to cyber threat intelligence, supplemented with detailed case studies and after action reports of intelligence on real attacks Cyber Threat Intelligence introduces the history, terminology, and techniques to be applied within cyber security, offering an overview of the current state of cyberattacks and stimulating readers to consider their own issues from a threat intelligence point of view. The author takes a systematic, system-agnostic, and holistic view to generating, collecting, and applying threat intelligence. The text covers the threat environment, malicious attacks, collecting, generating, and applying intelligence and attribution, as well as legal and ethical considerations. It ensures readers know what to look out for when considering a potential cyber attack and imparts how to prevent attacks early on, explaining how threat actors can exploit a system's vulnerabilities. It also includes analysis of large scale attacks such as WannaCry, NotPetya, Solar Winds, VPNFilter, and the Target breach, looking at the real intelligence that was available before and after the attack. Topics covered in Cyber Threat Intelligence include: The constant change of the threat environment as capabilities, intent, opportunities, and defenses change and evolveDifferent business models of threat actors, and how these dictate the choice of victims and the nature of their attacksPlanning and executing a threat intelligence programme to improve an organistation's cyber security postureTechniques for attributing attacks and holding perpetrators to account for their actions Cyber Threat Intelligence describes the intelligence techniques and models used in cyber threat intelligence. It provides a survey of ideas, views and concepts, rather than offering a hands-on practical guide. It is intended for anyone who wishes to learn more about the domain, particularly if they wish to develop a career in intelligence, and as a reference for those already working in the area.Trade Review"Martin takes a thorough and focussed approach to the processes that rule threat intelligence, but he doesn't just cover gathering, processing and distributing intelligence. He explains why you should care who is trying to hack you, and what you can do about it when you know."—Simon Edwards, Security Testing Expert, CEO SE Labs Ltd., Chair AMTSO "I really enjoyed this engaging book, which beautifully answered one of the first questions I had coming into the profession of cyber security: 'What is Cyber Threat Intelligence?' It progressively walked me through the world of cyber threat intelligence, peppered with rich content collected through years' of experience and knowledge. It is satisfyingly detailed to make it an interesting read for those already in cyber security wanting to learn more, but also caters to those who are just curious about the prevalent cyber threat and where it may be headed. One of the takeaways from this book for me is how finding threats is not the most important thing but how the effective communication of it is equally important so that it triggers appropriate actions at appropriate timing. Moreover, as a penetration tester, we are used to looking at the little details so it was refreshing and eye-opening to learn about the macro view on cyber threat landscape."—Ryoko Amano, Penetration Tester "Cyber threats are a constant danger for companies in the private sector, which makes cyber threat intelligence an increasingly crucial tool for identifying security risks, developing proactive strategies, and responding swiftly to attacks. Martin Lee's new book is a comprehensive guide that takes the mystery out of using threat intelligence to strengthen a company's cyber defence. With a clear and concise explanation of the basics of threat intelligence, Martin provides a full picture of what's available and how to use it. Moreover, his book is packed with useful references and resources that will be invaluable for threat intelligence teams. Whether you're just starting in cybersecurity or a seasoned professional, this book is a must-have reference guide that will enhance your detection and mitigation of cyber threats."—Gavin Reid, CISO VP Threat Intelligence at Human Security "Martin Lee blends cyber threats, intel collection, attribution, and respective case studies in a compelling narrative. Lee does an excellent job of explaining complex concepts in a manner that is accessible to anyone wanting to develop a career in intelligence. What sets this book apart is the author's ability to collect related fundamentals and applications described in a pragmatic manner. Understandably, the book's challenge is non-disclosure of sensitive operational information. This is an excellent reference that I would highly recommend to cyber security professionals and academics wanting to deepen their domain expertise and broaden current knowledge. Threats indeed evolve and we must too."—Dr Roland Padilla, FACS CP (Cyber Security), Senior Cyber Security Advisor - Defence Program (CISCO Systems), Army Officer (AUS DoD) "Cyber Threat Intelligence by Martin Lee is an interesting and valuable contribution to the literature supporting the development of cyber security professional practice. This well researched and thoroughly referenced book provides both practitioners and those studying cyber threats with a sound basis for understanding the threat environment and the intelligence cycle required to understand and interpret existing and emerging threats. It is supported by relevant case studies of cyber security incidents enabling readers to contextualise the relationship between threat intelligence and incident response."—Hugh Boyes, University of Warwick "Cyber Threat Intelligence is a valuable resource for anyone within the cyber security industry. It breaks down the concepts behind building an effective cyber threat intelligence practice by not only explaining the practical elements to gathering and sharing intelligence data, but the fundamentals behind why it’s important and how to assess the usefulness of it. By also providing a detailed history of intelligence sharing across the ages with a rich set of examples, Martin is able to show the value of developing this side of cyber security that is often neglected. This book is equally accessible to those beginning their careers in cyber security as well as to those who have been in the industry for some time and wish to have a comprehensive reference."—Stephan Freeman, Director, Axcelot Ltd "This book is a wonderful read; what most impressed me was Martin's ability to provide a succinct history of threat intelligence in a coherent, easy to read manner. Citing numerous examples throughout the book, Martin allows the reader to understand what threat intelligence encompasses and provides guidance on industry best practices and insight into emerging threats which every organisation should be aware of. An incumbent read for any cybersecurity professional!"—Yusuf Khan, Technical Solutions Specialist - Cybersecurity, CiscoTable of ContentsPreface xi About the Author xiii Abbreviations xv Endorsements for Martin Lee’s Book xix 1 Introduction 1 1.1 Definitions 1 1.1.1 Intelligence 2 1.1.2 Cyber Threat 3 1.1.3 Cyber Threat Intelligence 4 1.2 History of Threat Intelligence 5 1.2.1 Antiquity 5 1.2.2 Ancient Rome 7 1.2.3 Medieval and Renaissance Age 8 1.2.4 Industrial Age 10 1.2.5 World War I 11 1.2.6 World War II 13 1.2.7 Post War Intelligence 14 1.2.8 Cyber Threat Intelligence 15 1.2.9 Emergence of Private Sector Intelligence Sharing 19 1.3 Utility of Threat Intelligence 21 1.3.1 Developing Cyber Threat Intelligence 23 Summary 24 References 24 2 Threat Environment 31 2.1 Threat 31 2.1.1 Threat Classification 33 2.2 Risk and Vulnerability 35 2.2.1 Human Vulnerabilities 38 2.2.1.1 Example – Business Email Compromise 39 2.2.2 Configuration Vulnerabilities 39 2.2.2.1 Example – Misconfiguration of Cloud Storage 40 2.2.3 Software Vulnerabilities 41 2.2.3.1 Example – Log4j Vulnerabilities 43 2.3 Threat Actors 43 2.3.1 Example – Operation Payback 46 2.3.2 Example – Stuxnet 47 2.3.3 Tracking Threat Actors 47 2.4 TTPs – Tactics, Techniques, and Procedures 49 2.5 Victimology 53 2.5.1 Diamond Model 55 2.6 Threat Landscape 56 2.6.1 Example – Ransomware 57 2.7 Attack Vectors, Vulnerabilities, and Exploits 58 2.7.1 Email Attack Vectors 59 2.7.2 Web-Based Attacks 60 2.7.3 Network Service Attacks 61 2.7.4 Supply Chain Attacks 61 2.8 The Kill Chain 62 2.9 Untargeted versus Targeted Attacks 64 2.10 Persistence 65 2.11 Thinking Like a Threat Actor 66 Summary 66 References 67 3 Applying Intelligence 75 3.1 Planning Intelligence Gathering 75 3.1.1 The Intelligence Programme 77 3.1.2 Principles of Intelligence 78 3.1.3 Intelligence Metrics 81 3.2 The Intelligence Cycle 82 3.2.1 Planning, Requirements, and Direction 83 3.2.2 Collection 84 3.2.3 Analysis and Processing 84 3.2.4 Production 85 3.2.5 Dissemination 85 3.2.6 Review 85 3.3 Situational Awareness 86 3.3.1 Example – 2013 Target Breach 88 3.4 Goal Oriented Security and Threat Modelling 89 3.5 Strategic, Operational, and Tactical Intelligence 91 3.5.1 Strategic Intelligence 91 3.5.1.1 Example – Lazarus Group 92 3.5.2 Operational Intelligence 93 3.5.2.1 Example – SamSam 93 3.5.3 Tactical Intelligence 94 3.5.3.1 Example – WannaCry 94 3.5.4 Sources of Intelligence Reports 94 3.5.4.1 Example – Shamoon 95 3.6 Incident Preparedness and Response 96 3.6.1 Preparation and Practice 99 Summary 100 References 100 4 Collecting Intelligence 105 4.1 Hierarchy of Evidence 105 4.1.1 Example – Smoking Tobacco Risk 107 4.2 Understanding Intelligence 108 4.2.1 Expressing Credibility 109 4.2.2 Expressing Confidence 110 4.2.3 Understanding Errors 114 4.2.3.1 Example – the WannaCry Email 114 4.2.3.2 Example – the Olympic Destroyer False Flags 114 4.3 Third Party Intelligence Reports 115 4.3.1 Tactical and Operational Reports 116 4.3.1.1 Example – Heartbleed 117 4.3.2 Strategic Threat Reports 118 4.4 Internal Incident Reports 118 4.5 Root Cause Analysis 119 4.6 Active Intelligence Gathering 120 4.6.1 Example – the Nightingale Floor 122 4.6.2 Example – the Macron Leaks 122 Summary 123 References 123 5 Generating Intelligence 127 5.1 The Intelligence Cycle in Practice 128 5.1.1 See it, Sense it, Share it, Use it 128 5.1.2 F3EAD Cycle 129 5.1.3 D3A Process 131 5.1.4 Applying the Intelligence Cycle 132 5.1.4.1 Planning and Requirements 132 5.1.4.2 Collection, Analysis, and Processing 133 5.1.4.3 Production and Dissemination 134 5.1.4.4 Feedback and Improvement 135 5.1.4.5 The Intelligence Cycle in Reverse 135 5.2 Sources of Data 136 5.3 Searching Data 137 5.4 Threat Hunting 138 5.4.1 Models of Threat Hunting 139 5.4.2 Analysing Data 140 5.4.3 Entity Behaviour Analytics 143 5.5 Transforming Data into Intelligence 144 5.5.1 Structured Geospatial Analytical Method 144 5.5.2 Analysis of Competing Hypotheses 146 5.5.3 Poor Practices 146 5.6 Sharing Intelligence 147 5.6.1 Machine Readable Intelligence 150 5.7 Measuring the Effectiveness of Generated Intelligence 151 Summary 152 References 152 6 Attribution 155 6.1 Holding Perpetrators to Account 155 6.1.1 Punishment 156 6.1.2 Legal Frameworks 156 6.1.3 Cyber Crime Legislation 157 6.1.4 International Law 158 6.1.5 Crime and Punishment 158 6.2 Standards of Proof 158 6.2.1 Forensic Evidence 159 6.3 Mechanisms of Attribution 160 6.3.1 Attack Attributes 161 6.3.1.1 Attacker TTPs 161 6.3.1.2 Example – HAFNIUM 162 6.3.1.3 Attacker Infrastructure 162 6.3.1.4 Victimology 163 6.3.1.5 Malicious Code 163 6.3.2 Asserting Attribution 165 6.4 Anti- Attribution Techniques 166 6.4.1 Infrastructure 166 6.4.2 Malicious Tools 166 6.4.3 False Attribution 167 6.4.4 Chains of Attribution 167 6.5 Third Party Attribution 167 6.6 Using Attribution 168 Summary 170 References 171 7 Professionalism 175 7.1 Notions of Professionalism 176 7.1.1 Professional Ethics 177 7.2 Developing a New Profession 178 7.2.1 Professional Education 178 7.2.2 Professional Behaviour and Ethics 179 7.2.2.1 Professionalism in Medicine 179 7.2.2.2 Professionalism in Accountancy 181 7.2.2.3 Professionalism in Engineering 183 7.2.3 Certifications and Codes of Ethics 186 7.3 Behaving Ethically 188 7.3.1 The Five Philosophical Approaches 188 7.3.2 The Josephson Model 189 7.3.3 PMI Ethical Decision Making Framework 190 7.4 Legal and Ethical Environment 191 7.4.1 Planning 192 7.4.1.1 Responsible Vulnerability Disclosure 193 7.4.1.2 Vulnerability Hoarding 194 7.4.2 Collection, Analysis, and Processing 194 7.4.2.1 PRISM Programme 195 7.4.2.2 Open and Closed Doors 196 7.4.3 Dissemination 196 7.4.3.1 Doxxing 197 7.5 Managing the Unexpected 198 7.6 Continuous Improvement 199 Summary 199 References 200 8 Future Threats and Conclusion 207 8.1 Emerging Technologies 207 8.1.1 Smart Buildings 208 8.1.1.1 Software Errors 209 8.1.1.2 Example – Maroochy Shire Incident 210 8.1.2 Health Care 211 8.1.2.1 Example – Conti Attack Against Irish Health Sector 212 8.1.3 Transport Systems 213 8.2 Emerging Attacks 214 8.2.1 Threat Actor Evolutions 214 8.2.1.1 Criminal Threat Actors 214 8.2.1.2 Nation State Threat Actors 216 8.2.1.3 Other Threat Actors 220 8.3 Emerging Workforce 221 8.3.1 Job Roles and Skills 221 8.3.2 Diversity in Hiring 225 8.3.3 Growing the Profession 227 8.4 Conclusion 228 References 229 9 Case Studies 237 9.1 Target Compromise 2013 238 9.1.1 Background 238 9.1.2 The Attack 241 9.2 WannaCry 2017 243 9.2.1 Background 244 9.2.1.1 Guardians of Peace 244 9.2.1.2 The Shadow Brokers 245 9.2.1.3 Threat Landscape – Worms and Ransomware 247 9.2.2 The Attack 247 9.2.2.1 Prelude 247 9.2.2.2 Malware 249 9.3 NotPetya 2017 251 9.3.1 Background 251 9.3.2 The Attack 252 9.3.2.1 Distribution 253 9.3.2.2 Payload 253 9.3.2.3 Spread and Consequences 254 9.4 VPNFilter 2018 255 9.4.1 Background 255 9.4.2 The Attack 256 9.5 SUNBURST and SUNSPOT 2020 257 9.5.1 Background 258 9.5.2 The Attack 259 9.6 Macron Leaks 2017 260 9.6.1 Background 260 9.6.2 The Attack 261 References 262 Index 277

Read more less

Book SynopsisA solid, non-technical foundation to help executives and board members understand cyber risk In the Executive''s Guide to Cyber Risk: Securing the Future Today, distinguished information security and data privacy expert Siegfried Moyo delivers an incisive and foundational guidance for executives tasked with making sound decisions regarding cyber risk management. The book offers non-technical, business-side executives with the key information they need to understand the nature of cyber risk and its impact on organizations and their growth. In the book, readers will find: Strategies for leading with foresight (as opposed to hindsight) while maintaining the company's vision and objectives Focused, jargon-free explanations of cyber risk that liken it to any other business risk Comprehensive discussions of the fundamentals of cyber risk that enable executive leadership to make well-informed choices Perfect for chiefTable of ContentsForeword ix Preface xi Acknowledgments xv About the Author xvii Chapter 1: Cyber Strategy: The Strategy- Centric Approach 1 Chapter 2: Cyber Value: The Value- Centric Approach 17 Chapter 3: Cyber Compliance: The Compliance- Centric Approach 31 Chapter 4: Cyber Culture: The Human- Centric Approach 41 Chapter 5: Cyber Resilience: The Technology- Centric Approach 57 Appendix A 73 Appendix B 95 Appendix C 99 Appendix D 107 Appendix E 109 Index 177

Read more less

Book SynopsisDeep Learning Approaches for Security Threats in IoT Environments An expert discussion of the application of deep learning methods in the IoT security environment In Deep Learning Approaches for Security Threats in IoT Environments, a team of distinguished cybersecurity educators deliver an insightful and robust exploration of how to approach and measure the security of Internet-of-Things (IoT) systems and networks. In this book, readers will examine critical concepts in artificial intelligence (AI) and IoT, and apply effective strategies to help secure and protect IoT networks. The authors discuss supervised, semi-supervised, and unsupervised deep learning techniques, as well as reinforcement and federated learning methods for privacy preservation. This book applies deep learning approaches to IoT networks and solves the security problems that professionals frequently encounter when working in the field of IoT, as well as providing ways in which smart devices can solve cybersecurity iTable of ContentsAbout the Authors xv 1 Introducing Deep Learning for IoT Security 1 1.1 Introduction 1 1.2 Internet of Things (IoT) Architecture 1 1.2.1 Physical Layer 3 1.2.2 Network Layer 4 1.2.3 Application Layer 5 1.3 Internet of Things’ Vulnerabilities and Attacks 6 1.3.1 Passive Attacks 6 1.3.2 Active Attacks 7 1.4 Artificial Intelligence 11 1.5 Deep Learning 14 1.6 Taxonomy of Deep Learning Models 15 1.6.1 Supervision Criterion 15 1.6.1.1 Supervised Deep Learning 15 1.6.1.2 Unsupervised Deep Learning 17 1.6.1.3 Semi-Supervised Deep Learning 18 1.6.1.4 Deep Reinforcement Learning 19 1.6.2 Incrementality Criterion 19 1.6.2.1 Batch Learning 20 1.6.2.2 Online Learning 21 1.6.3 Generalization Criterion 21 1.6.3.1 Model-Based Learning 22 1.6.3.2 Instance-Based Learning 22 1.6.4 Centralization Criterion 22 1.7 Supplementary Materials 25 References 25 2 Deep Neural Networks 27 2.1 Introduction 27 2.2 From Biological Neurons to Artificial Neurons 28 2.2.1 Biological Neurons 28 2.2.2 Artificial Neurons 30 2.3 Artificial Neural Network 31 2.3.1 Input Layer 34 2.3.2 Hidden Layer 34 2.3.3 Output Layer 34 2.4 Activation Functions 35 2.4.1 Types of Activation 35 2.4.1.1 Binary Step Function 35 2.4.1.2 Linear Activation Function 36 2.4.1.3 Nonlinear Activation Functions 36 2.5 The Learning Process of ANN 40 2.5.1 Forward Propagation 41 2.5.2 Backpropagation (Gradient Descent) 42 2.6 Loss Functions 49 2.6.1 Regression Loss Functions 49 2.6.1.1 Mean Absolute Error (MAE) Loss 50 2.6.1.2 Mean Squared Error (MSE) Loss 50 2.6.1.3 Huber Loss 50 2.6.1.4 Mean Bias Error (MBE) Loss 51 2.6.1.5 Mean Squared Logarithmic Error (MSLE) 51 2.6.2 Classification Loss Functions 52 2.6.2.1 Binary Cross Entropy (BCE) Loss 52 2.6.2.2 Categorical Cross Entropy (CCE) Loss 52 2.6.2.3 Hinge Loss 53 2.6.2.4 Kullback–Leibler Divergence (KL) Loss 53 2.7 Supplementary Materials 53 References 54 3 Training Deep Neural Networks 55 3.1 Introduction 55 3.2 Gradient Descent Revisited 56 3.2.1 Gradient Descent 56 3.2.2 Stochastic Gradient Descent 57 3.2.3 Mini-batch Gradient Descent 59 3.3 Gradient Vanishing and Explosion 60 3.4 Gradient Clipping 61 3.5 Parameter Initialization 62 3.5.1 Zero Initialization 62 3.5.2 Random Initialization 63 3.5.3 Lecun Initialization 65 3.5.4 Xavier Initialization 65 3.5.5 Kaiming (He) Initialization 66 3.6 Faster Optimizers 67 3.6.1 Momentum Optimization 67 3.6.2 Nesterov Accelerated Gradient 69 3.6.3 AdaGrad 69 3.6.4 RMSProp 70 3.6.5 Adam Optimizer 70 3.7 Model Training Issues 71 3.7.1 Bias 72 3.7.2 Variance 72 3.7.3 Overfitting Issues 72 3.7.4 Underfitting Issues 73 3.7.5 Model Capacity 74 3.8 Supplementary Materials 74 References 75 4 Evaluating Deep Neural Networks 77 4.1 Introduction 77 4.2 Validation Dataset 78 4.3 Regularization Methods 79 4.3.1 Early Stopping 79 4.3.2 L1 and L2 Regularization 80 4.3.3 Dropout 81 4.3.4 Max-Norm Regularization 82 4.3.5 Data Augmentation 82 4.4 Cross-Validation 83 4.4.1 Hold-Out Cross-Validation 84 4.4.2 k-Folds Cross-Validation 85 4.4.3 Stratified k-Folds’ Cross-Validation 86 4.4.4 Repeated k-Folds’ Cross-Validation 87 4.4.5 Leave-One-Out Cross-Validation 88 4.4.6 Leave-p-Out Cross-Validation 89 4.4.7 Time Series Cross-Validation 90 4.4.8 Rolling Cross-Validation 90 4.4.9 Block Cross-Validation 90 4.5 Performance Metrics 92 4.5.1 Regression Metrics 92 4.5.1.1 Mean Absolute Error (MAE) 92 4.5.1.2 Root Mean Squared Error (RMSE) 93 4.5.1.3 Coefficient of Determination (R2) 93 4.5.1.4 Adjusted R2 94 4.5.2 Classification Metrics 94 4.5.2.1 Confusion Matrix 94 4.5.2.2 Accuracy 96 4.5.2.3 Precision 96 4.5.2.4 Recall 97 4.5.2.5 Precision–Recall Curve 97 4.5.2.6 F1-Score 97 4.5.2.7 Beta F1 Score 98 4.5.2.8 False Positive Rate (FPR) 98 4.5.2.9 Specificity 99 4.5.2.10 Receiving Operating Characteristics (ROC) Curve 99 4.6 Supplementary Materials 99 References 100 5 Convolutional Neural Networks 103 5.1 Introduction 103 5.2 Shift from Full Connected to Convolutional 104 5.3 Basic Architecture 106 5.3.1 The Cross-Correlation Operation 106 5.3.2 Convolution Operation 107 5.3.3 Receptive Field 108 5.3.4 Padding and Stride 109 5.3.4.1 Padding 109 5.3.4.2 Stride 111 5.4 Multiple Channels 113 5.4.1 Multi-Channel Inputs 113 5.4.2 Multi-Channel Output 114 5.4.3 Convolutional Kernel 1 × 1 115 5.5 Pooling Layers 116 5.5.1 Max Pooling 117 5.5.2 Average Pooling 117 5.6 Normalization Layers 119 5.6.1 Batch Normalization 119 5.6.2 Layer Normalization 122 5.6.3 Instance Normalization 124 5.6.4 Group Normalization 126 5.6.5 Weight Normalization 126 5.7 Convolutional Neural Networks (LeNet) 127 5.8 Case Studies 129 5.8.1 Handwritten Digit Classification (One Channel Input) 129 5.8.2 Dog vs. Cat Image Classification (Multi-Channel Input) 130 5.9 Supplementary Materials 130 References 130 6 Dive Into Convolutional Neural Networks 133 6.1 Introduction 133 6.2 One-Dimensional Convolutional Network 134 6.2.1 One-Dimensional Convolution 134 6.2.2 One-Dimensional Pooling 135 6.3 Three-Dimensional Convolutional Network 136 6.3.1 Three-Dimensional Convolution 136 6.3.2 Three-Dimensional Pooling 136 6.4 Transposed Convolution Layer 137 6.5 Atrous/Dilated Convolution 144 6.6 Separable Convolutions 145 6.6.1 Spatially Separable Convolutions 146 6.6.2 Depth-wise Separable (DS) Convolutions 148 6.7 Grouped Convolution 150 6.8 Shuffled Grouped Convolution 152 6.9 Supplementary Materials 154 References 154 7 Advanced Convolutional Neural Network 157 7.1 Introduction 157 7.2 AlexNet 158 7.3 Block-wise Convolutional Network (VGG) 159 7.4 Network in Network 160 7.5 Inception Networks 162 7.5.1 GoogLeNet 163 7.5.2 Inception Network v2 (Inception v2) 166 7.5.3 Inception Network v3 (Inception v3) 170 7.6 Residual Convolutional Networks 170 7.7 Dense Convolutional Networks 173 7.8 Temporal Convolutional Network 176 7.8.1 One-Dimensional Convolutional Network 177 7.8.2 Causal and Dilated Convolution 180 7.8.3 Residual Blocks 185 7.9 Supplementary Materials 188 References 188 8 Introducing Recurrent Neural Networks 189 8.1 Introduction 189 8.2 Recurrent Neural Networks 190 8.2.1 Recurrent Neurons 190 8.2.2 Memory Cell 192 8.2.3 Recurrent Neural Network 193 8.3 Different Categories of RNNs 194 8.3.1 One-to-One RNN 195 8.3.2 One-to-Many RNN 195 8.3.3 Many-to-One RNN 196 8.3.4 Many-to-Many RNN 197 8.4 Backpropagation Through Time 198 8.5 Challenges Facing Simple RNNs 202 8.5.1 Vanishing Gradient 202 8.5.2 Exploding Gradient 204 8.5.2.1 Truncated Backpropagation Through Time (TBPTT) 204 8.5.2.2 Penalty on the Recurrent Weights Whh205 8.5.2.3 Clipping Gradients 205 8.6 Case Study: Malware Detection 205 8.7 Supplementary Material 206 References 207 9 Dive Into Recurrent Neural Networks 209 9.1 Introduction 209 9.2 Long Short-Term Memory (LSTM) 210 9.2.1 LSTM Gates 211 9.2.2 Candidate Memory Cells 213 9.2.3 Memory Cell 214 9.2.4 Hidden State 216 9.3 LSTM with Peephole Connections 217 9.4 Gated Recurrent Units (GRU) 218 9.4.1 CRU Cell Gates 218 9.4.2 Candidate State 220 9.4.3 Hidden State 221 9.5 ConvLSTM 222 9.6 Unidirectional vs. Bidirectional Recurrent Network 223 9.7 Deep Recurrent Network 226 9.8 Insights 227 9.9 Case Study of Malware Detection 228 9.10 Supplementary Materials 229 References 229 10 Attention Neural Networks 231 10.1 Introduction 231 10.2 From Biological to Computerized Attention 232 10.2.1 Biological Attention 232 10.2.2 Queries, Keys, and Values 234 10.3 Attention Pooling: Nadaraya–Watson Kernel Regression 235 10.4 Attention-Scoring Functions 237 10.4.1 Masked Softmax Operation 239 10.4.2 Additive Attention (AA) 239 10.4.3 Scaled Dot-Product Attention 240 10.5 Multi-Head Attention (MHA) 240 10.6 Self-Attention Mechanism 242 10.6.1 Self-Attention (SA) Mechanism 242 10.6.2 Positional Encoding 244 10.7 Transformer Network 244 10.8 Supplementary Materials 247 References 247 11 Autoencoder Networks 249 11.1 Introduction 249 11.2 Introducing Autoencoders 250 11.2.1 Definition of Autoencoder 250 11.2.2 Structural Design 253 11.3 Convolutional Autoencoder 256 11.4 Denoising Autoencoder 258 11.5 Sparse Autoencoders 260 11.6 Contractive Autoencoders 262 11.7 Variational Autoencoders 263 11.8 Case Study 268 11.9 Supplementary Materials 269 References 269 12 Generative Adversarial Networks (GANs) 271 12.1 Introduction 271 12.2 Foundation of Generative Adversarial Network 272 12.3 Deep Convolutional GAN 279 12.4 Conditional GAN 281 12.5 Supplementary Materials 285 References 285 13 Dive Into Generative Adversarial Networks 287 13.1 Introduction 287 13.2 Wasserstein GAN 288 13.2.1 Distance Functions 289 13.2.2 Distance Function in GANs 291 13.2.3 Wasserstein Loss 293 13.3 Least-Squares GAN (LSGAN) 298 13.4 Auxiliary Classifier GAN (ACGAN) 300 13.5 Supplementary Materials 301 References 301 14 Disentangled Representation GANs 303 14.1 Introduction 303 14.2 Disentangled Representations 304 14.3 InfoGAN 306 14.4 StackedGAN 309 14.5 Supplementary Materials 316 References 316 15 Introducing Federated Learning for Internet of Things (IoT) 317 15.1 Introduction 317 15.2 Federated Learning in the Internet of Things 319 15.3 Taxonomic View of Federated Learning 322 15.3.1 Network Structure 322 15.3.1.1 Centralized Federated Learning 322 15.3.1.2 Decentralized Federated Learning 323 15.3.1.3 Hierarchical Federated Learning 324 15.3.2 Data Partition 325 15.3.3 Horizontal Federated Learning 326 15.3.4 Vertical Federated Learning 327 15.3.5 Federated Transfer Learning 328 15.4 Open-Source Frameworks 330 15.4.1 TensorFlow Federated 330 15.4.2 PySyft and PyGrid 331 15.4.3 FedML 331 15.4.4 LEAF 332 15.4.5 PaddleFL 332 15.4.6 Federated AI Technology Enabler (FATE) 333 15.4.7 OpenFL 333 15.4.8 IBM Federated Learning 333 15.4.9 NVIDIA Federated Learning Application Runtime Environment (NVIDIA FLARE) 334 15.4.10 Flower 334 15.4.11 Sherpa.ai 335 15.5 Supplementary Materials 335 References 335 16 Privacy-Preserved Federated Learning 337 16.1 Introduction 337 16.2 Statistical Challenges in Federated Learning 338 16.2.1 Nonindependent and Identically Distributed (Non-IID) Data 338 16.2.1.1 Class Imbalance 338 16.2.1.2 Distribution Imbalance 341 16.2.1.3 Size Imbalance 346 16.2.2 Model Heterogeneity 346 16.2.2.1 Extracting the Essence of a Subject 346 16.2.3 Block Cycles 348 16.3 Security Challenge in Federated Learning 348 16.3.1 Untargeted Attacks 349 16.3.2 Targeted Attacks 349 16.4 Privacy Challenges in Federated Learning 350 16.4.1 Secure Aggregation 351 16.4.1.1 Homomorphic Encryption (HE) 351 16.4.1.2 Secure Multiparty Computation 352 16.4.1.3 Blockchain 352 16.4.2 Perturbation Method 353 16.5 Supplementary Materials 355 References 355 Index 357

Read more less

Book SynopsisTable of ContentsForeword xv Introduction xvii Chapter 1: What Is Social Engineering? 1 Chapter 2: 330 Cameras 4 Chapter 3: Expensive Doesn’t Mean Secure 7 Chapter 4: The Trolley Problem 12 Chapter 5: High (Street) Security 17 Chapter 6: The Psychology of Stairs 19 Chapter 7: The Broken Arm Ruse 21 Chapter 8: Crown Jewels Are Not Always Shiny 24 Chapter 9: This Is My Office Now 27 Chapter 10: How to Use a Pen to Hack Any Door 31 Chapter 11: My First Kidnapping 34 Chapter 12: I Needed a New Computer 40 Chapter 13: Building My Own Office 43 Chapter 14: Letter of Authority 47 Chapter 15: Astute Manager 49 Chapter 16: I Can’t Fly a Helicopter 51 Chapter 17: Doppelgangers Exist 54 Chapter 18: Stealing the Keychain 56 Chapter 19: It’s Dangerous to Go Alone. Take This! 59 Chapter 20: The Gold Bar 63 Chapter 21: Plush Carpets 68 Chapter 22: Clean(er) Access 71 Chapter 23: What We Do in the Shadows 73 Chapter 24: What Do I Know about Diamonds? 77 Chapter 25: How to Crack a Safe 80 Chapter 26: Find a Safe Space 88 Chapter 27: Well, That Was Unexpected 92 Chapter 28: Opening a Door on Security 95 Chapter 29: How to Tailgate an Opaque Door 98 Chapter 30: The Guard Who Was Too Polite 100 Chapter 31: The Swan Effect 102 Chapter 32: What’s in the Box? 105 Chapter 33: How to Bypass an Elevator Security System 107 Chapter 34: The Loading Bay 109 Chapter 35: The Escort 111 Chapter 36: The Staircase 114 Chapter 37: How to Bypass PIR Detectors 116 Chapter 38: ATMs 121 Chapter 39: Open Windows 124 Chapter 40: Security on a String Budget 127 Chapter 41: How to Bypass Padlocks 131 Chapter 42: Padlocked Gates 134 Chapter 43: The Security of Glass 138 Chapter 44: Trading Places 142 Chapter 45: How to Bypass Keypads 145 Chapter 46: E- Waste 148 Chapter 47: Fourteen Desktop PCs 151 Chapter 48: Spy Gadgets 155 Chapter 49: How to Steal Fingerprints 158 Chapter 50: Five Banks a Week 162 Chapter 51: Finding Out Too Much 165 Chapter 52: Needle in a Haystack 168 Chapter 53: Stealing a Purse and Keys 172 Chapter 54: How to Pick Locks 174 Chapter 55: The Porn Cupboard 179 Chapter 56: The Apartment Across the Way 182 Chapter 57: Magazine Shoot 186 Chapter 58: Double Trouble 189 Chapter 59: Fake ID 191 Chapter 60: Impersonation 195 Chapter 61: How Maglocks Work 199 Chapter 62: Personal Escort 202 Chapter 63: My Favorite Door 205 Chapter 64: Microwave Fences 208 Chapter 65: Discarded Passes 211 Chapter 66: Bypassing Speed Lanes 214 Chapter 67: The Case of the Angry Man 217 Chapter 68: Let’s Play Doctors 220 Chapter 69: That’s for Me! 225 Chapter 70: How to Use a Snickers Bar 231 Chapter 71: Taking the Bus to Work 233

Read more less

Book SynopsisTable of Contents1. Network Security Fundamentals. 2. TCP/IP. 3. Network Traffic Signatures. 4. Routing Fundamentals. 5. Cryptography. 6. Wireless Networking Fundamentals. 7. Understanding Wireless Network Security. 8. Intrusion Detection and Prevention System Concepts. 9. Firewall Concepts. 10. Firewall Design and Management. 11. VPN Concepts. 12. Internet and Web Security. 13. Security Policy Design and Implementation. 14. Ongoing Security Management. Appendix A: Security Resources.

Read more less

Book SynopsisUpdated with the latest advances from the field, GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS, Fifth Edition combines all-encompassing topic coverage, authoritative information from seasoned experts, and real-world applications to deliver the most comprehensive forensics resource available. This proven author team's wide ranging areas of expertise mirror the breadth of coverage provided in the book, which focuses on techniques and practices for gathering and analyzing evidence used to solve crimes involving computers. While other books offer more of an overview of the field, this hands-on learning text provides clear instruction on the tools and techniques of the trade, introducing readers to every step of the computer forensics investigation-from lab set-up to testifying in court. It also details step-by-step guidance on how to use current forensics software and provides free demo downloads. Appropriate for learners new to the field, it is also an excellent refresher and technology

Read more less

Book SynopsisSpecifically oriented to the needs of information systems students, PRINCIPLES OF INFORMATION SECURITY, 5e delivers the latest technology and developments from the field. Taking a managerial approach, this bestseller teaches all the aspects of information security-not just the technical control perspective. It provides a broad review of the entire field of information security, background on many related elements, and enough detail to facilitate understanding of the topic. It covers the terminology of the field, the history of the discipline, and an overview of how to manage an information security program. Current and relevant, the fifth edition includes the latest practices, fresh examples, updated material on technical security controls, emerging legislative issues, new coverage of digital forensics, and hands-on application of ethical issues in IS security. It is the ultimate resource for future business decision-makers.Table of Contents1. Introduction to Information Security. 2. The Need for Security. 3. Legal, Ethical, and Professional Issues in Information Security. 4. Planning for Security. 5. Risk Management. 6. Security Technology: Firewalls, VPNs, and Wireless. 7. Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools. 8. Cryptography. 9. Physical Security. 10. Implementing Information Security. 11. Security and Personnel. 12. Information Security Maintenance and eDiscovery.

Read more less

Book SynopsisThis book provides a comprehensive introduction to quantum cryptography for advanced undergraduate and graduate students in computer science, physics, engineering and applied mathematics. Requiring no background in quantum computing, this title includes discussion of both background theory and key, modern applications of quantum cryptography.Trade Review'If you are intrigued by the prospects of quantum cryptography but not yet familiar with the formalism behind it, then this book is the perfect starting point for you. It playfully introduces the most important concepts in modern quantum cryptography, and at the same time gently but purposefully helps you discover the mathematical framework required to make formal statements.' Marco Tomamichel, National University of Singapore'Vidick and Wehner cover quantum cryptography in its full beauty and depth. Packed with enlightening examples and comprehensive exercises, this book will likely become an indispensable companion next time I hold lectures on the subject.' Renato Renner, ETH Zurich'Thomas Vidick and Stephanie Wehner take readers on an insightful exploration of the full landscape of quantum cryptography, skillfully weaving together theory and applications and providing pedagogical quizzes and exercises. The mathematical formalism is rigorous yet approachable, making this book an excellent introduction to this captivating area.' Anne Broadbent, University of OttawaTable of ContentsPreface; 1. Background material; 2. Quantum tools and a first protocol; 3. Quantum money; 4. The power of entanglement; 5. Quantifying information; 6. From imperfect information to (near) perfect security; 7. Distributing keys; 8. Quantum key distribution protocols; 9. Quantum cryptography using untrusted devices; 10. Quantum cryptography beyond key distribution; 11. Security from physical assumptions; 12. Further topics around encryption; 13. Delegated computation; References; Index.

Read more less

Book SynopsisMaster the latest technology and developments from the field with the book specifically oriented to the needs of information systems students like you -- PRINCIPLES OF INFORMATION SECURITY, 6E. Taking a managerial approach, this bestseller emphasizes all aspects of information security, rather than just a technical control perspective. You receive a broad overview of the entire field of information security and related elements with the detail to ensure understanding. You review terms used in the field and a history of the discipline as you learn how to manage an information security program. Current and relevant, this edition highlights the latest practices with fresh examples that explore the impact of emerging technologies, such as the Internet of Things, Cloud Computing, and DevOps. Updates address technical security controls, emerging legislative issues, digital forensics, and ethical issues in IS security, making this the ideal IS resource for business decision makers.Table of Contents1. Introduction to Information Security. 2. The Need for Security. 3. Legal, Ethical, and Professional Issues in Information Security. 4. Planning for Security. 5. Risk Management. 6. Security Technology: Firewalls, VPNs, and Wireless. 7. Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools. 8. Cryptography. 9. Physical Security. 10. Implementing Information Security. 11. Security and Personnel. 12. Information Security Maintenance and eDiscovery.

Read more less

Book SynopsisMANAGEMENT OF INFORMATION SECURITY, Sixth Edition prepares you to become an information security management practitioner able to secure systems and networks in a world where continuously emerging threats, ever-present attacks and the success of criminals illustrate the weaknesses in current information technologies. You'll develop both the information security skills and practical experience that organizations are looking for as they strive to ensure more secure computing environments. The text focuses on key executive and managerial aspects of information security. It also integrates coverage of CISSP and CISM throughout to effectively prepare you for certification. Reflecting the most recent developments in the field, it includes the latest information on NIST, ISO and security governance as well as emerging concerns like Ransomware, Cloud Computing and the Internet of Things.Table of ContentsUnit I: FOUNDATIONS OF INFORMATION SECURITY. 1. Introduction to Management of Information Security. 2. Compliance: Law and Ethics. Unit II: STRATEGIC INFORMATION SECURITY MANAGEMENT. 3. Governance and Strategic Planning for Security. 4. Information Security Policy. 5. Developing the Security Program. 6. Risk Management: Identifying and Assessing Risk. 7. Risk Management: Controlling Risk. Unit III: OPERATIONAL INFORMATION SECURITY MANAGEMENT. 8. Security Management Models. 9. Security Management Practices. 10. Planning for Contingencies. 11. Security Maintenance and the Management of Digital Forensics. 12. Protection Mechanisms.

Read more less

Book SynopsisMaster the skills you need to conduct a successful digital investigation with Nelson/Phillips/Steuart's GUIDE TO COMPUTER FORENSICS AND INVESTIGATIONS, Sixth Edition--the most comprehensive forensics resource available. While other books offer just an overview of the field, this hands-on learning text provides clear instruction on the tools and techniques of the trade, walking you through every step of the computer forensics investigation--from lab setup to testifying in court. It also explains how to use current forensics software and provides free demo downloads. It includes the most up-to-date coverage available of Linux and Macintosh, virtual machine software such as VMware and Virtual Box, Android, mobile devices, handheld devices, cloud forensics, email, social media and the Internet of Anything. With its practical applications, you can immediately put what you learn into practice.Table of Contents1. Understanding the Digital Forensics Profession and Investigations. 2. The Investigator's Office and Laboratory. 3. Data Acquisition. 4. Processing Crime and Incident Scenes. 5. Working with Windows and CLI Systems. 6. Current Computer Forensics Tools. 7. Linux Boot Processes and File Systems. 8. Recovering Graphics Files. 9. Digital Forensics Analysis and Validation. 10. Virtual Machine Forensics, Live Acquisitions and Cloud Forensics. 11. Email and Social Media. 12. Mobile Device Forensics and the Internet of Anything. 13. Cloud Forensics. 14. Report Writing for High-Tech Investigations. 15. Expert Testimony in Digital Forensic Investigations. 16. Ethics for the Digital Forensic Examiner and Expert Witness. Appendix A: Digital Forensics Test References. Appendix B: Digital Forensics References. Appendix C: Digital Forensics Lab Considerations. Appendix D: Digital Forensics Alternative Tools and Methods.

Read more less

Book SynopsisTable of ContentsBook 1: Cybersecurity Basics 5 Chapter 1: What Exactly Is Cybersecurity? 7 Chapter 2: Getting to Know Common Cyberattacks 23 Chapter 3: The Bad Guys You Must Defend Against 49 Book 2: Personal Cybersecurity 69 Chapter 1: Evaluating Your Current Cybersecurity Posture 71 Chapter 2: Enhancing Physical Security 93 Chapter 3: Cybersecurity Considerations When Working from Home 103 Chapter 4: Securing Your Accounts 113 Chapter 5: Passwords 131 Chapter 6: Preventing Social Engineering Attacks 147 Book 3: Securing a Business 169 Chapter 1: Securing Your Small Business 171 Chapter 2: Cybersecurity and Big Businesses 195 Chapter 3: Identifying a Security Breach 211 Chapter 4: Recovering from a Security Breach 229 Chapter 5: Backing Up 249 Chapter 6: Resetting Your Device 277 Chapter 7: Restoring from Backups 287 Book 4: Securing the Cloud 311 Chapter 1: Clouds Aren’t Bulletproof 313 Chapter 2: Getting Down to Business 333 Chapter 3: Developing Secure Software 349 Chapter 4: Restricting Access 377 Chapter 5: Implementing Zero Trust 407 Chapter 6: Using Cloud Security Services 429 Book 5: Testing Your Security 451 Chapter 1: Introduction to Vulnerability and Penetration Testing 453 Chapter 2: Cracking the Hacker Mindset 473 Chapter 3: Developing Your Security Testing Plan 485 Chapter 4: Hacking Methodology 497 Chapter 5: Information Gathering 507 Chapter 6: Social Engineering 513 Chapter 7: Physical Security 529 Book 6: Enhancing Cybersecurity Awareness 541 Chapter 1: Knowing How Security Awareness Programs Work 543 Chapter 2: Creating a Security Awareness Strategy 553 Chapter 3: Determining Culture and Business Drivers 559 Chapter 4: Choosing the Best Tools for the Job 573 Chapter 5: Measuring Performance 589 Chapter 6: Assembling Your Security Awareness Program 601 Chapter 7: Running Your Security Awareness Program 621 Chapter 8: Implementing Gamification 641 Index 655

Read more less

Book SynopsisTable of ContentsAcknowledgmentsxiii Glossary xv Foreword xvii Introduction 1 I. 1 Who Am I? 2 I. 2 How This Book Is Organized 3 I. 3 Scope of This Book 4 I. 4 Disclaimers 5 I. 5 Corrections 5 Part I Crypto-native DeFi 7 1 What Is DeFi? 9 1.1 The Role of Intermediaries in TradFi 12 1.2 Definitions 13 1.3 Other Characteristics of DeFi 15 1.4 The DeFi Stack 16 1.5 Size of DeFi 18 1.6 Key Participants in DeFi 19 1.7 DeFi and FinTech 25 1.8 How Can I Try DeFi? 27 1.9 Where Does DeFi Meet TradFi? 28 1.10 What Are the Risks of DeFi? 30 1.11 Chapter Summary 31 2 Infrastructure and Instruments 33 2.1 The Infrastructure of DeFi 33 2.2 Basics of Blockchains 34 2.3 Bitcoin and Ethereum 38 2.4 Permissioned vs Public Blockchains 39 2.5 L1s and L2s 41 2.6 Accounts, Keys, Wallets, and Addresses 44 2.7 Transactions 46 2.8 Smart Contracts 48 2.9 Clients and Nodes 49 2.10 Block Explorers 50 2.11 Custody 50 2.12 Oracles 52 2.13 RegTech 52 2.14 Identity 52 2.15 Bridges 52 2.16 DeFi Instruments 53 2.17 Stablecoins 55 2.18 Derivatives 60 2.19 Chapter Summary 61 3 Activities and Applications 63 3.1 Trading / DEXs 63 3.2 Overcollateralized Lending / Borrowing 66 3.3 Governance / DAOs 70 3.4 Undercollateralized Lending 72 3.5 Investing 82 3.6 Payments 84 3.7 Insurance 89 3.8 Prediction Markets 91 3.9 Chapter Summary 92 4 Risks and Mitigation 95 4.1 Types of Losses 96 4.2 Basic Terminology 96 4.3 Endogenous DeFi Risks 97 4.4 Exogenous DeFi Risks 104 4.5 Chapter Summary 118 5 Regulation 121 5.1 Introduction 121 5.2 Global Nature of Crypto and DeFi 122 5.3 What Regulators Want 124 5.4 Are Tokens Securities? 125 5.5 The Travel Rule 126 5.6 Prudential Treatment of Crypto-asset Exposures 128 5.7 SSBs, United States and European Union 131 5.8 European Union – MiCA 136 5.9 United States 140 5.10 DeFi Specific Regulation 143 5.11 Chapter Summary 147 Part II DLT in Traditional Finance 151 6 Central Bank Digital Currencies 153 6.1 Introduction 153 6.2 Prologue: Libra 155 6.3 Role of the Central Bank 156 6.4 Structure of the Monetary System and a View Towards the Future 157 6.5 Central Bank Motivations and Considerations around CBDCs 158 6.6 Retail vs Wholesale CBDCs 159 6.7 Wholesale CBDCs 159 6.8 Case Study: Project mBridge 163 6.9 Retail CBDCs 165 6.10 Benefits and Risks of R-CBDCs 167 6.11 R-CBDC Design Choices 170 6.12 Types of R-CBDCs 174 6.13 Examples of R-CBDCs 177 6.14 Case Study: Nigerian eNaira 178 6.15 Case Study: United States 179 6.16 Case Study: eCNY 数字人民币 181 6.17 Chapter Summary 184 7 Asset Tokenization 187 7.1 What Is Asset Tokenization? 187 7.2 Benefits of Asset Tokenization 189 7.3 How is Tokenization Performed? 192 7.4 Considerations for Tokenization 193 7.5 DLT in Capital Markets 194 7.6 Asset Servicing 198 7.7 Chapter Summary 200 8 Deposit Tokens 203 8.1 What Are Deposit Tokens? 203 8.2 Benefits of Deposit Tokens 205 8.3 Deposit Token Projects 206 8.4 Chapter Summary 211 9 Institutional DeFi 213 9.1 Considerations for Institutions to Participate in DeFi 213 9.2 Institutional DeFi Examples 214 9.3 AMMs and FX 218 9.4 Considerations for AMMs and Tokenized Assets 220 9.5 Unified Ledger 221 9.6 Chapter Summary 222 10 Conclusion 225 10.1 The Crypto–Fiat Innovation Dialectic 226 10.2 Future Scenarios for DeFi: The Wild West, the Citadel, and the Bazaar 231 10.3 The Future of Money 236 Bibliography and Online Resources 241 Index 243

Read more less

Book SynopsisThe best way to prep for the CS0-003 CySA+ certification exam and hone your practical cybersecurity skillset In the newly updated 3rd edition of the CompTIA CySA+ Practice Tests: Exam CS0-003, veteran information security experts and educators Mike Chapple and David Seidl deliver an effective and efficient collection of study resources for the challenging CompTIA Cybersecurity Analyst+ (CySA+) certification exam. In the book, you'll find 1000 practice questions, complete with answers and explanations, covering every domain tested by Exam CS0-003. You'll hone your skills in security operations, vulnerability management, incident response and management, and reporting and communication, improving your ability to detect and respond to malicious activity on the job and dramatically increasingly your chances of success on the CySA+ exam. You'll also get: Techniques for threat hunting and the collection of threat intelligenceStrategies for effective incident response processes and activities, ensuring you're able to react appropriately to cybersecurity incidents at workComplimentary access to Sybex's superior online test bank, including all the practice questions you need to review and test your knowledge before you walk into the exam room Perfect for anyone studying for the CompTIA CySA+ CS0-003 certification exam, CompTIA CySA+ Practice Tests: Exam CS0-003, Third Edition, will also benefit IT security practitioners looking to test and improve their skillset.Table of ContentsIntroduction xvii Chapter 1 Domain 1.0: Security Operations 1 Chapter 2 Domain 2.0: Vulnerability Management 67 Chapter 3 Domain 3.0: Incident Response and Management 167 Chapter 4 Reporting and Communication 207 Chapter 5 Practice Test 1 227 Chapter 6 Practice Test 2 253 Appendix Answers and Explanations 281 Chapter 1: Domain 1.0: Security Operations 282 Chapter 2: Domain 2.0: Vulnerability Management 309 Chapter 3: Domain 3.0: Incident Response and Management 345 Chapter 4: Reporting and Communication 361 Chapter 5: Practice Test 1 371 Chapter 6: Practice Test 2 380 Index 391

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book Synopsis

Read more less

Book SynopsisCYBERSECURITY: THE ESSENTIAL BODY OF KNOWLEDGE provides a comprehensive, trustworthy framework of practices for assuring information security. This book is organized to help readers understand how the various roles and functions within cybersecurity practice can be combined and leveraged to produce a secure organization.In this unique book, concepts are not presented as stagnant theory; instead, the content is interwoven in a real world adventure story that runs throughout. In the story, a fictional company experiences numerous pitfalls of cyber security and the reader is immersed in the everyday practice of securing the company through various characters' efforts. This approach grabs learners' attention and assists them in visualizing the application of the content to real-world issues that they will face in their professional life.Derived from the Department of Homeland Security's Essential Body of Knowledge (EBK) for IT Security, this book is an indispensable resource dedicated to uTrade ReviewSection I: BACKGROUND. 1. The Field of Cyber Security. 2. The DHS EBK Initiative. 3. Applying the EBK. Section II: EBK ROLES AND REQUIRED CAPABILITIES. 4. The Executive role. 5. The Functional role. 6. The Corollary role. Section II: THE 14 AREAS OF INFORMATION SECURITY. 7. Data Security. 8. Digital Forensics. 9. Enterprise Continuity. 10. Incident Management. 11. IT Security Training and Awareness. 12. IT Systems Operations and Maintenance. 13. Network and Telecommunications Security. 14. Personnel Security. 15. Physical and Environmental Security. 16. Procurement. 17. Regulatory and Standards Compliance. 18. Security Risk Management. 19. Strategic Security Management. 20. System and Application Security.Table of ContentsSection I: BACKGROUND. 1. The Field of Cyber Security. 2. The DHS EBK Initiative. 3. Applying the EBK. Section II: EBK ROLES AND REQUIRED CAPABILITIES. 4. The Executive role. 5. The Functional role. 6. The Corollary role. Section II: THE 14 AREAS OF INFORMATION SECURITY. 7. Data Security. 8. Digital Forensics. 9. Enterprise Continuity. 10. Incident Management. 11. IT Security Training and Awareness. 12. IT Systems Operations and Maintenance. 13. Network and Telecommunications Security. 14. Personnel Security. 15. Physical and Environmental Security. 16. Procurement. 17. Regulatory and Standards Compliance. 18. Security Risk Management. 19. Strategic Security Management. 20. System and Application Security.

Read more less

Book SynopsisIntended for advanced level students in computer science and mathematics, this key text, now in a brand new edition, provides a survey of recent progress in primality testing and integer factorization, with implications for factoring based public key cryptography.Trade ReviewFrom the reviews of the second edition:"The well-written and self-contained second edition ‘is designed for a professional audience composed of researchers practitioners in industry.’ In addition, ‘this book is also suitable as a secondary text for graduate-level students in computer science, mathematics, and engineering,’ as it contains about 300 problems. … Overall … ‘this monograph provides a survey of recent progress in Primality Testing and Integer Factorization, with implications in factoring-based Public Key Cryptography.’" (Hao Wang, ACM Computing Reviews, April, 2009)“This is the second edition of a book originally published in 2004. … I used it as a reference in preparing lectures for an advanced cryptography course for undergraduates, and it proved to be a wonderful source for a general description of the algorithms. … the book will be a valuable addition to any good reference library on cryptography and number theory … . It contains descriptions of all the main algorithms, together with explanations of the key ideas behind them.” (S. C. Coutinho, SIGACT News, April, 2012)Table of ContentsPreface to the Second Edition.- Preface to the First Edition.- Number-Theoretic Preliminaries.- Problems in Number Theory. Divisibility Properties. Euclid's Algorithm and Continued Fractions. Arithmetic Functions. Linear Congruences. Quadratic Congruences. Primitive Roots and Power Residues. Arithmetic of Elliptic Curves. Chapter Notes and Further Reading.- Primality Testing and Prime Generation.- Computing with Numbers and Curves. Riemann Zeta and Dirichlet L Functions. Rigorous Primality Tests. Compositeness and Pseudoprimality Tests. Lucas Pseudoprimality Test. Elliptic Curve Primality Tests. Superpolynomial-Time Tests. Polynomial-Time Tests. Primality Tests for Special Numbers. Prime Number Generation. Chapter Notes and Further Reading.- Integer Factorization and Discrete Logarithms.- Introduction. Simple Factoring Methods. Elliptic Curve Method (ECM). General Factoring Congruence. Continued FRACtion Method (CFRAC). Quadratic Sieve (QS). Number Field Sieve (NFS). Quantum Factoring Algorithm. Discrete Logarithms. kth Roots. Elliptic Curve Discrete Logarithms. Chapter Notes and Further Reading.- Number-Theoretic Cryptography.- Public-Key Cryptography. RSA Cryptosystem. Rabin Cryptography. Quadratic Residuosity Cryptography. Discrete Logarithm Cryptography. Elliptic Curve Cryptography. Zero-Knowledge Techniques. Deniable Authentication. Non-Factoring Based Cryptography. Chapter Notes and Further Reading.- Bibliography.- Index.- About the Author.

Read more less

Book SynopsisWhile other books have documented the development of public key cryptograpy, this is the first to provide a comprehensive insiders’ perspective on the full impacts of public key cryptography, including six original chapters by nine distiguished scholars.

Read more less

Book SynopsisJourney into the world of Web3-based application development, its related protocols, and its usage in developing decentralized applications. This book will explain how programmable blockchains are revolutionizing the world of web applications, which can be run on decentralized platforms or peer-to-peer networks like IPFS. You'll start with an introduction to decentralization with a focus on blockchain implementations like Ethereum and Bitcoin. You'll then learn to develop simple decentralized applications (dApps) using Solidity, the language used for developing apps with Ethereum as well as smart contracts, wallets, gateways and NFTs. This book also covers how security and scale are addressed by L2 networks for scaling Bitcoin and Ethereum blockchains.A Brief Introduction to Web3is your go-to guide for setting up simple Web3 applications using the Ethereum blockchain programming model. WhatYou Will LearnBuild NFT tokensExamine Web3 differs from Web2-based applicationsUnderstand theTable of ContentsChapter1. Introduction to DecentralizationChapter 2. BlockchainChapter 3.Solidity.Chapter 4. Wallets and Gateways.Chapter 5. Remix IDE.Chapter 6. Truffle.Chapter 7. IPFS and NFTsChapter 8. Hardhat.

Read more less

Book SynopsisWe are at the threshold of a new area of the internet that promises to transform the way we engage financially and take the power of data and privacy back from big corporations and give it to the individual through decentralization. This is sometimes called Web 3.0. While Web 1.0 transformed information sharing and commerce and brought us giants like Google and Amazon and Web 2.0 unlocked the social potential of the internet and created Facebook, Twitter, and Snapchat, exactly what will come of Web 3.0 remains to be seen. It is indisputable that the seed of Web 3.0 is the technological, social, and economic innovations that came together in Bitcoin and the blockchain technology it created. But where the first web iterations were relatively straightforward to understand, the inner workings of Web 3.0 remain more opaque and shrouded in mystique. Current voices on Bitcoin and the blockchain revolution fall squarely into one of two camps; either technological experts who are all also invTable of ContentsIntroduction Part 1 - Genealogy of bitcoin technology The technological developments leading to bitcoin. This part is a technological history that reviews the technological developments that Bitcoin builds on. There are a few strands that developed more or less independently that combine into Bitcoin. Once they are explained it is possible to give a deeper explanation of how Bitcoin works. This understanding will inform the remaining parts of the book. Chapter 1: Cryptography The purpose of cryptography is to keep information private by preserving confidentiality, integrity and access to it. Public private key encryption Hashing Zero knowledge proof Chapter 2: Virtual Money In this chapter we will go into the history of electronic or virtual money before bitcoin. Digicash E gold Bitgold b Money Hash cash Chapter 3: Peer-to-peer technology The internet of today is a centralized type of computing working through a number of web servers that function in a hierarchy. Properties of p2p networks Discovering a peer Secure sharing File Sharing from Napster to BitTorrent Chapter 4: Proof of work An inherent problem with the networked world is that accessing and processing information is essentially free, which makes certain types of disruptive behavior easy, which we see in denial of service attacks, spam mail and robocalling. This brings new problems that did not exist when it cost significant money to send a letter, read a paper or book or make a phone call. DDoS Spam Money transactions Chapter 5: Public record Since the time of the code of Hammurabi, the purpose of a public record has been clear: to establish indisputable truth. While this is seemingly the opposite of the privacy and confidentiality entailed by cryptography it serves the purpose of making information shared and immutable. Historical technologies of public record The purpose of public records The accounting revolution and the development of ledgers, double entry bookkeeping to triple entry bookkeeping Chapter 6: Bitcoin From the previous chapters we are now able to piece together how bitcoin and the block chain works. Virtual money - The Bitcoin Encrypting for privacy - The Wallet Public record - The Blockchain Peer to peer network - The Miners Proof of work - Transactions (cryptographic proof and the consensus algorithm) Part 2 - Still searching for Satoshi - who is the historical Satoshi Nakamoto? Much writing about Bitcoin has focused on who the historical person or persons behind Satoshi Nakamoto is. This part will apply a historical critical perspective to this question and sift through the evidence in order to create a better understanding of what we can and cannot say about the identity of Satoshi Nakamoto. Chapter 7: Who dunnit? A review of previous identifications of the person behind Satoshi. This has previously taken the shape of investigative journalism in the style of true crime reporting Joshua Davis, The New Yorker 2011 Adam Penenberg, Fast Company 2011 Alec Liu, Vice 2013 John Markoff, New York Times 2013 Andy Greenberg, Forbes 2014 Leah McGrath Goodman, Newsweek 2014 Skye Grey, blog 2014 Dominic Frisby, Bitcoin the future of money 2014 Nathaniel Popper, New York Time 2015 Andy Greenberg, Gwern Branwen, Wired 2015 Sam Biddle, Gizmodo 2015 Izabella Kasminska, Financial Times 2016 Evan Ratliff, Wired 2019 Other sources - twitter, youtube, tv Chapter 8: Ad fontes-What do the sources say? By focusing on the sources we are able to extract a number of key characteristics to look for: Historical analysis - establishes a couple of key points for historical analysis The bitcoin whitepaper - the most crucial piece of evidence The forums - the p2p forum and later the bitcoin forum are sources where Satoshi discussed with peers about bitcoin The code - the code in itself may also contain clues The blockchain - the record of transactions also provides an insight into the origin of bitcoin Summary - what can the sources tell us? Chapter 9: Motives What were the motives behind the creation of bitcoin Ideology - what can be said about the ideology of the author based on extant sources? Why the synonym? - what could be the reason for the initial and continued secrecy surrounding the inventor? Summary - why did the inventor invent bitcoin and in this particular way? Chapter 10: The social network of early bitcoin Who were the people involved in the beginning of Bitcoin p2p forum communication Bitcoin forum communication Blockchain transactions Summary - what can we learn from looking at the bitcoin initial network Chapter 11: The usual suspects? Rather than pointing definitively to one or another suspect we will try to integrate the knowledge we have gained with the list of known suspects. An evaluation framework - developing an evaluation framework against which to measure the likelihood of any candidate being Satoshi Nakamoto Prime suspects - the suspects that have gained most attention · Hal Finney · Nick Szabo · Dorian Sakamoto · Craig Wright and David Kleiman · Paul Leroux Secondary suspects - suspects that have gained some attention · Vili Lehdonum and Michael Clear · Neal King, Vladimir Oksman, Charles Bry · Hal Finney, Nick Szabo and Adam Back · Shinichi Mochizuki · Ross Ulbricht · Adam Back · Gavin Andresen · Jed McCaleb · Elon Musk · Len Sassaman · Someone else A new primary suspect - as in the movie The Usual Suspects, careful analysis points towards a surprising suspect who is not in the primary field of suspects. Part 3 - Bitcoin in context How is bitcoin viewed in the wider context of human civilization? Bitcoin does not exist in a technological bubble addressing only technological issues. It is firmly situated in a web of themes that are and have been central to human civilization. This may account for its notoriety but needs to be put in context. Chapter 12: Money Since prehistoric times humans have engaged in exchange. This falls in a continuum from barter, through intermediaries as cowry shells, gold and silver coins to purely symbolic means of exchange. The history of money Medium of exchange Unit of account Standard of deferred payment Store of value Types of money · Commodity · Representative money · Fiat · Digital money · Deposits The politics of money Money as a bridge between domains of value Chapter 13: Ownership Proving that you own something has been a central feature of human societies for millenia and disputes have fueled more than its share of violence and conflict. Owners · Private · Public · Corporate · Communal Property · Tangible · Intangible Establishing and policing ownership · National · Transnational Chapter 14: Social organization Human societies have always been characterized by some sort of social organization. The different options have been debated since classical antiquity. This chapter will take a look at the space of social organization and narrow it down to the particular types associated with bitcoin and blockchain. An ancient discussion: Monarchy, Oligarchy and Democracy - and anarchy Centralization vs decentralization Types of social organization in human groups Open source Cypher punks Chapter 15: Religion A rarely debated issue are the religious aspects surrounding Bitcoin and the blockchain movement. But these aspects are nothing new when it comes to human cultures. Understanding this helps explain a lot of the seemingly strange behavior of bitcoin believers without claiming that Bitcoin is an actual religion. The prophet - Satoshi Nakamoto Sacred scriptures- The Bitcoin whitepaper and the forum posts Believers and heathens Cargo cults Millenarianism Part 4 - Blockchain and the future Where can blockchain technology be applied? Where, if anywhere, might we see cryptocurrencies and the blockchain in the future and how might it affect our lives? A case could be made that we are only in the beginning phases of the blockchain now, sometimes called Web3, where the worst of the teething problems are gone and the wild west ethos is receding. Where not to use blockchain - First let us consider a number of areas where blockchain is currently suggested that might not be particularly relevant. Parameters to be tweaked - Bitcoin was the first version of blockchain technology and certain choices were made. But subsequent and future blockchains need not make the same choices. We need to understand how this can be done in order to ascertain the future utility of the blockchain. Transaction speed Energy consumption Degree of centralization Public availability Mining rewards Banking - even though Bitcoin at its outset was antithetical to the banking industry there are particularly good use cases here. Payment - bitcoin may not in itself have been very successful as a payments solution so far but there is no reason why another cryptocurrency will not be. Current payment systems are slow and expensive compared to what the blockchain can offer. International payments Remittance Peer to peer payments Micropayments Certification - building on the ability to serve as a public record there are good reasons that a blockchain can serve as a public record for information about ownership NFTs Real estate Media Contracts - the ability to establish indisputable truth makes it possible to build contracts that automatically execute according to some logic. This can be used for escrow services and delivery of other services as well as insurance. Regulatory compliance - the immutability of the blockchain makes it good for a great number of use cases where fraud has previously been an issue Forensics - the public nature of the blockchain makes it a valuable tool for law enforcement, especially international law enforcement, which has already proven its worth in a number of high profile cases. Supply chain - the blockchain is well suited for keeping track of things movement across time and place. Health - keeping track of health trackers and personal health records could be done on a blockchain Government - in government there are also areas where blockchain may be useful Special purpose tokens Voting Identity Glossary Key concepts described

Read more less

Book SynopsisThis book will teach you the core concepts of blockchain technology in a concise manner through straightforward, concrete examples using a range of programming languages, including Python and Solidity. The 50 programs presented in this book are all you need to gain a firm understanding of blockchain and how to implement it. The book begins with an introduction to the fundamentals of blockchain technology, followed by a review of its types, framework, applications and challenges. Moving ahead, you will learn basic blockchain programming with hash functions, authentication code, and Merkle trees. You will then dive into the basics of bitcoin, including wallets, digital keys, transactions, digital signatures, and more. This is followed by a crash course on Ethereum programming, its network, and ecosystem. As you progress through the book, you will also learn about Hyperledger and put your newly-gained knowledge to work through case studies and example applications. After reading this boTable of ContentsChapter 1: Introduction to Blockchain.- Chapter 2: Essentials of Blockchain Programming.- Chapter 3: The Bitcoin.- Chapter 4: Ethereum Blockchain.- Chapter 5: Hyperledger.- Chapter 6: Case Studies using Blockchain.- Chapter 7: Beyond Blockchain.

Read more less

Book SynopsisDive into Bitcoin technology with this hands-on guide from one of the leading teachers on Bitcoin and Bitcoin programming. Author Jimmy Song shows Python programmers and developers how to program a Bitcoin library from scratch.

Read more less

Book SynopsisReady to dive into smart contract development for the blockchain? With this practical guide, experienced engineers and beginners alike will quickly learn the entire process for building smart contracts for Ethereum—the open source blockchain-based distributed computing platform.

Read more less

Book SynopsisThis detailed guide distills the complex, fast moving ideas behind blockchain into an easily digestible reference manual, showing what's really going on under the hood.

Read more less