{"product_id":"you-can-stop-stupid-9781119621980","title":"You CAN Stop Stupid","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eStopping Losses from Accidental and Malicious Actions\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAround the world, users cost organizations billions of dollars due to simple errors and malicious actions. They believe that there is some deficiency in the users. In response, organizations believe that they have to improve their awareness efforts and making more secure users. This is like saying that coalmines should get healthier canaries. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that. It takes a holistic approach to assessing risk combined with technical defenses and countermeasures layered with a security culture and continuous improvement. Only with this kind of defense in depth can organizations hope to prevent the worst of the cybersecurity breaches and other user-initiated losses. \u003cbr\u003e \u003cbr\u003e Using lessons from tested and proven disciplines like military kill-chain analys\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eForword xiii\u003c\/p\u003e \u003cp\u003eIntroduction xxvii\u003c\/p\u003e \u003cp\u003e\u003cb\u003eI Stopping Stupid is Your Job 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 Failure: The Most Common Option 3\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eHistory is Not on the Users’ Side 4\u003c\/p\u003e \u003cp\u003eToday’s Common Approach 6\u003c\/p\u003e \u003cp\u003eOperational and Security Awareness 6\u003c\/p\u003e \u003cp\u003eTechnology 7\u003c\/p\u003e \u003cp\u003eGovernance 8\u003c\/p\u003e \u003cp\u003eWe Propose a Strategy, Not Tactics 9\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Users Are Part of the System 11\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Users’ Role in the System 11\u003c\/p\u003e \u003cp\u003eUsers Aren’t Perfect 13\u003c\/p\u003e \u003cp\u003e“Users” Refers to Anyone in Any Function 13\u003c\/p\u003e \u003cp\u003eMalice is an Option 14\u003c\/p\u003e \u003cp\u003eWhat You Should Expect from Users 15\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 What is User-Initiated Loss? 17\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eProcesses 18\u003c\/p\u003e \u003cp\u003eCulture 20\u003c\/p\u003e \u003cp\u003ePhysical Losses 22\u003c\/p\u003e \u003cp\u003eCrime 24\u003c\/p\u003e \u003cp\u003eUser Malice 25\u003c\/p\u003e \u003cp\u003eSocial Engineering 27\u003c\/p\u003e \u003cp\u003eUser Error 28\u003c\/p\u003e \u003cp\u003eInadequate Training 29\u003c\/p\u003e \u003cp\u003eTechnology Implementation 30\u003c\/p\u003e \u003cp\u003eDesign and Maintenance 31\u003c\/p\u003e \u003cp\u003eUser Enablement 32\u003c\/p\u003e \u003cp\u003eShadow IT 33\u003c\/p\u003e \u003cp\u003eConfusing Interfaces 35\u003c\/p\u003e \u003cp\u003eUIL is Pervasive 35\u003c\/p\u003e \u003cp\u003e\u003cb\u003eII Foundational Concepts 37\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Risk Management 39\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDeath by 1,000 Cuts 40\u003c\/p\u003e \u003cp\u003eThe Risk Equation 41\u003c\/p\u003e \u003cp\u003eValue 43\u003c\/p\u003e \u003cp\u003eThreats 47\u003c\/p\u003e \u003cp\u003eVulnerabilities 48\u003c\/p\u003e \u003cp\u003eCountermeasures 54\u003c\/p\u003e \u003cp\u003eRisk Optimization 60\u003c\/p\u003e \u003cp\u003eRisk and User-Initiated Loss 63\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 The Problems with Awareness Efforts 65\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eAwareness Programs Can Be Extremely Valuable 65\u003c\/p\u003e \u003cp\u003eCheck-the-Box Mentality 66\u003c\/p\u003e \u003cp\u003eTraining vs Awareness 68\u003c\/p\u003e \u003cp\u003eThe Compliance Budget 68\u003c\/p\u003e \u003cp\u003eShoulds vs Musts 70\u003c\/p\u003e \u003cp\u003eWhen It’s Okay to Blame the User 72\u003c\/p\u003e \u003cp\u003eAwareness Programs Do Not Always Translate into Practice 74\u003c\/p\u003e \u003cp\u003eStructural Failings of Awareness Programs 75\u003c\/p\u003e \u003cp\u003eFurther Considerations 77\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Protection, Detection, and Reaction 79\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eConceptual Overview 80\u003c\/p\u003e \u003cp\u003eProtection 81\u003c\/p\u003e \u003cp\u003eDetection 82\u003c\/p\u003e \u003cp\u003eReaction 84\u003c\/p\u003e \u003cp\u003eMitigating a Loss in Progress 86\u003c\/p\u003e \u003cp\u003eMitigating Future Incidents 87\u003c\/p\u003e \u003cp\u003ePutting It All Together 88\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Lessons from Safety Science 89\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Limitations of Old-School Safety Science 91\u003c\/p\u003e \u003cp\u003eMost UIL Prevention Programs Are Old-School 93\u003c\/p\u003e \u003cp\u003eThe New School of Safety Science 94\u003c\/p\u003e \u003cp\u003ePutting Safety Science to Use 96\u003c\/p\u003e \u003cp\u003eSafety Culture 97\u003c\/p\u003e \u003cp\u003eThe Need to Not Remove All Errors 98\u003c\/p\u003e \u003cp\u003eWhen to Blame Users 100\u003c\/p\u003e \u003cp\u003eWe Need to Learn from Safety Science 100\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Applied Behavioral Science 103\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe ABCs of Behavioral Science 105\u003c\/p\u003e \u003cp\u003eAntecedents 106\u003c\/p\u003e \u003cp\u003eBehaviors 111\u003c\/p\u003e \u003cp\u003eConsequences 112\u003c\/p\u003e \u003cp\u003eEngineering Behavior vs Influencing Behavior 120\u003c\/p\u003e \u003cp\u003e\u003cb\u003e9 Security Culture and Behavior 123\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eABCs of Culture 125\u003c\/p\u003e \u003cp\u003eTypes of Cultures 127\u003c\/p\u003e \u003cp\u003eSubcultures 130\u003c\/p\u003e \u003cp\u003eWhat is Your Culture? 132\u003c\/p\u003e \u003cp\u003eImproving Culture 133\u003c\/p\u003e \u003cp\u003eDetermining a Finite Set of Behaviors to Improve 134\u003c\/p\u003e \u003cp\u003eBehavioral Change Strategies 135\u003c\/p\u003e \u003cp\u003eTraditional Project Management 137\u003c\/p\u003e \u003cp\u003eChange Management 137\u003c\/p\u003e \u003cp\u003eIs Culture Your Ally? 138\u003c\/p\u003e \u003cp\u003e\u003cb\u003e10 User Metrics 141\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Importance of Metrics 141\u003c\/p\u003e \u003cp\u003eThe Hidden Cost of Awareness 142\u003c\/p\u003e \u003cp\u003eTypes of Awareness Metrics 143\u003c\/p\u003e \u003cp\u003eCompliance Metrics 144\u003c\/p\u003e \u003cp\u003eEngagement Metrics 145\u003c\/p\u003e \u003cp\u003eBehavioral Improvement 147\u003c\/p\u003e \u003cp\u003eTangible ROI 149\u003c\/p\u003e \u003cp\u003eIntangible Benefits 149\u003c\/p\u003e \u003cp\u003eDay 0 Metrics 150\u003c\/p\u003e \u003cp\u003eDeserve More 151\u003c\/p\u003e \u003cp\u003e\u003cb\u003e11 The Kill Chain 153\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eKill Chain Principles 154\u003c\/p\u003e \u003cp\u003eThe Military Kill Chain 154\u003c\/p\u003e \u003cp\u003eThe Cyber Kill Chain and Defense in Depth 155\u003c\/p\u003e \u003cp\u003eDeconstructing the Cyber Kill Chain 157\u003c\/p\u003e \u003cp\u003ePhishing Kill Chain Example 159\u003c\/p\u003e \u003cp\u003eOther Models and Frameworks 162\u003c\/p\u003e \u003cp\u003eApplying Kill Chains to UIL 164\u003c\/p\u003e \u003cp\u003e\u003cb\u003e12 Total Quality Management Revisited 167\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eTQM: In Search of Excellence 168\u003c\/p\u003e \u003cp\u003eExponential Increase in Errors 169\u003c\/p\u003e \u003cp\u003ePrinciples of TQM 171\u003c\/p\u003e \u003cp\u003eWhat Makes TQM Fail? 172\u003c\/p\u003e \u003cp\u003eOther Frameworks 174\u003c\/p\u003e \u003cp\u003eProduct Improvement and Management 177\u003c\/p\u003e \u003cp\u003eKill Chain for Process Improvement 178\u003c\/p\u003e \u003cp\u003eCOVID-19 Remote Workforce Process Activated 178\u003c\/p\u003e \u003cp\u003eApplying Quality Principles 179\u003c\/p\u003e \u003cp\u003e\u003cb\u003eIII Counter measures 181\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e13 Governance 183\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eDefining the Scope of Governance for Our Purposes 184\u003c\/p\u003e \u003cp\u003eOperational Security or Loss Mitigation 185\u003c\/p\u003e \u003cp\u003ePhysical Security 186\u003c\/p\u003e \u003cp\u003ePersonnel Security 186\u003c\/p\u003e \u003cp\u003eTraditional Governance 187\u003c\/p\u003e \u003cp\u003ePolicies, Procedures, and Guidelines 188\u003c\/p\u003e \u003cp\u003eIn the Workplace 190\u003c\/p\u003e \u003cp\u003eSecurity and the Business 191\u003c\/p\u003e \u003cp\u003eAnalyzing Processes 192\u003c\/p\u003e \u003cp\u003eGrandma’s House 194\u003c\/p\u003e \u003cp\u003e\u003cb\u003e14 Technical Countermeasures 197\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003ePersonnel Countermeasures 199\u003c\/p\u003e \u003cp\u003eBackground Checks 200\u003c\/p\u003e \u003cp\u003eContinuous Monitoring 201\u003c\/p\u003e \u003cp\u003eEmployee Management Systems 201\u003c\/p\u003e \u003cp\u003eMisuse and Abuse Detection 202\u003c\/p\u003e \u003cp\u003eData Leak Prevention 203\u003c\/p\u003e \u003cp\u003ePhysical Countermeasures 203\u003c\/p\u003e \u003cp\u003eAccess Control Systems 203\u003c\/p\u003e \u003cp\u003eSurveillance and Safety Systems 204\u003c\/p\u003e \u003cp\u003ePoint-of-Sale Systems 206\u003c\/p\u003e \u003cp\u003eInventory Systems and Supply Chains 207\u003c\/p\u003e \u003cp\u003eComputer Tracking Systems 207\u003c\/p\u003e \u003cp\u003eOperational Countermeasures 208\u003c\/p\u003e \u003cp\u003eAccounting Systems 209\u003c\/p\u003e \u003cp\u003eCustomer Relationship Management 210\u003c\/p\u003e \u003cp\u003eOperational Technology 210\u003c\/p\u003e \u003cp\u003eWorkflow Management 211\u003c\/p\u003e \u003cp\u003eCybersecurity Countermeasures 212\u003c\/p\u003e \u003cp\u003eThe 20 CIS Controls and Resources 212\u003c\/p\u003e \u003cp\u003eAnti-malware Software 213\u003c\/p\u003e \u003cp\u003eWhitelisting 214\u003c\/p\u003e \u003cp\u003eFirewalls 214\u003c\/p\u003e \u003cp\u003eIntrusion Detection\/Prevention Systems 215\u003c\/p\u003e \u003cp\u003eManaged Security Services 215\u003c\/p\u003e \u003cp\u003eBackups 215\u003c\/p\u003e \u003cp\u003eSecure Configurations 216\u003c\/p\u003e \u003cp\u003eAutomated Patching 216\u003c\/p\u003e \u003cp\u003eVulnerability Management Tools 217\u003c\/p\u003e \u003cp\u003eBehavioral Analytics 217\u003c\/p\u003e \u003cp\u003eData Leak Prevention 218\u003c\/p\u003e \u003cp\u003eWeb Content Filters\/Application Firewalls 218\u003c\/p\u003e \u003cp\u003eWireless and Remote Security 219\u003c\/p\u003e \u003cp\u003eMobile Device Management 219\u003c\/p\u003e \u003cp\u003eMultifactor Authentication 220\u003c\/p\u003e \u003cp\u003eSingle Sign-On 221\u003c\/p\u003e \u003cp\u003eEncryption 221\u003c\/p\u003e \u003cp\u003eNothing is Perfect 223\u003c\/p\u003e \u003cp\u003ePutting It All Together 223\u003c\/p\u003e \u003cp\u003e\u003cb\u003e15 Creating Effective Awareness Programs 225\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat is Effective Awareness? 226\u003c\/p\u003e \u003cp\u003eGovernance as the Focus 227\u003c\/p\u003e \u003cp\u003eWhere Awareness Strategically Fits in the Organization 229\u003c\/p\u003e \u003cp\u003eThe Goal of Awareness Programs 230\u003c\/p\u003e \u003cp\u003eChanging Culture 231\u003c\/p\u003e \u003cp\u003eDefining Subcultures 232\u003c\/p\u003e \u003cp\u003eInterdepartmental Cooperation 233\u003c\/p\u003e \u003cp\u003eThe Core of All Awareness Efforts 234\u003c\/p\u003e \u003cp\u003eProcess 235\u003c\/p\u003e \u003cp\u003eBusiness Drivers 237\u003c\/p\u003e \u003cp\u003eCulture and Communication Tools 238\u003c\/p\u003e \u003cp\u003ePutting It Together 245\u003c\/p\u003e \u003cp\u003eMetrics 246\u003c\/p\u003e \u003cp\u003eGamification 246\u003c\/p\u003e \u003cp\u003eGamification Criteria 247\u003c\/p\u003e \u003cp\u003eStructuring Gamification 248\u003c\/p\u003e \u003cp\u003eGamification is Not for Everyone 248\u003c\/p\u003e \u003cp\u003eGetting Management’s Support 249\u003c\/p\u003e \u003cp\u003eAwareness Programs for Management 249\u003c\/p\u003e \u003cp\u003eDemonstrate Clear Business Value 250\u003c\/p\u003e \u003cp\u003eEnforcement 250\u003c\/p\u003e \u003cp\u003eExperiment 251\u003c\/p\u003e \u003cp\u003e\u003cb\u003eIV Applying Boom 253\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003e\u003cb\u003e16 Start with Boom 255\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhat Are the Actions That Initiate UIL? 257\u003c\/p\u003e \u003cp\u003eStart with a List 257\u003c\/p\u003e \u003cp\u003eOrder the List 258\u003c\/p\u003e \u003cp\u003eMetrics 259\u003c\/p\u003e \u003cp\u003eGovernance 260\u003c\/p\u003e \u003cp\u003eUser Experience 261\u003c\/p\u003e \u003cp\u003ePrevention and Detection 262\u003c\/p\u003e \u003cp\u003eAwareness 263\u003c\/p\u003e \u003cp\u003eFeeding the Cycle 263\u003c\/p\u003e \u003cp\u003eStopping Boom 264\u003c\/p\u003e \u003cp\u003e\u003cb\u003e17 Right of Boom 265\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eRepeat as Necessary 266\u003c\/p\u003e \u003cp\u003eWhat Does Loss Initiation Look Like? 267\u003c\/p\u003e \u003cp\u003eWhat Are the Potential Losses? 268\u003c\/p\u003e \u003cp\u003ePreventing the Loss 272\u003c\/p\u003e \u003cp\u003eCompiling Protective Countermeasures 273\u003c\/p\u003e \u003cp\u003eDetecting the Loss 274\u003c\/p\u003e \u003cp\u003eBefore, During, and After 275\u003c\/p\u003e \u003cp\u003eMitigating the Loss 276\u003c\/p\u003e \u003cp\u003eDetermining Where to Mitigate 277\u003c\/p\u003e \u003cp\u003eAvoiding Analysis Paralysis 278\u003c\/p\u003e \u003cp\u003eYour Last Line of Defense 278\u003c\/p\u003e \u003cp\u003e\u003cb\u003e18 Preventing Boom 279\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWhy Are We Here? 280\u003c\/p\u003e \u003cp\u003eReverse Engineering 281\u003c\/p\u003e \u003cp\u003eGovernance 283\u003c\/p\u003e \u003cp\u003eAwareness 284\u003c\/p\u003e \u003cp\u003eTechnology 285\u003c\/p\u003e \u003cp\u003eStep-by-Step 287\u003c\/p\u003e \u003cp\u003e\u003cb\u003e19 Determining the Most Effective Countermeasures 289\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eEarly Prevention vs Response 290\u003c\/p\u003e \u003cp\u003eStart with Governance 292\u003c\/p\u003e \u003cp\u003eUnderstand the Business Goal 293\u003c\/p\u003e \u003cp\u003eStart Left of Boom 294\u003c\/p\u003e \u003cp\u003eConsider Technology 295\u003c\/p\u003e \u003cp\u003ePrioritize Potential Loss 296\u003c\/p\u003e \u003cp\u003eDefine Governance Thoroughly 297\u003c\/p\u003e \u003cp\u003eMatrix Technical Countermeasures 299\u003c\/p\u003e \u003cp\u003eCreating the Matrix 300\u003c\/p\u003e \u003cp\u003eDefine Awareness 301\u003c\/p\u003e \u003cp\u003eIt’s Just a Start 302\u003c\/p\u003e \u003cp\u003e\u003cb\u003e20 Implementation Considerations 303\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eYou’ve Got Issues 304\u003c\/p\u003e \u003cp\u003eWeak Strategy 304\u003c\/p\u003e \u003cp\u003eResources, Culture, and Implementation 305\u003c\/p\u003e \u003cp\u003eLack of Ownership and Accountability 307\u003c\/p\u003e \u003cp\u003eOne Effort at a Time 308\u003c\/p\u003e \u003cp\u003eChange Management 308\u003c\/p\u003e \u003cp\u003eAdopting Changes 309\u003c\/p\u003e \u003cp\u003eGovernance, Again 314\u003c\/p\u003e \u003cp\u003eBusiness Case for a Human Security Officer 315\u003c\/p\u003e \u003cp\u003eIt Won’t Be Easy 316\u003c\/p\u003e \u003cp\u003e\u003cb\u003e21 If You Have Stupid Users, You Have a Stupid System 317\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eA User Should Never Surprise You 317\u003c\/p\u003e \u003cp\u003ePerform Some More Research 318\u003c\/p\u003e \u003cp\u003eStart Somewhere 319\u003c\/p\u003e \u003cp\u003eTake Day Zero Metrics 320\u003c\/p\u003e \u003cp\u003eUIL Mitigation is a Living Process 320\u003c\/p\u003e \u003cp\u003eGrow from Success 321\u003c\/p\u003e \u003cp\u003eThe Users Are Your Canary in the Mine 322\u003c\/p\u003e \u003cp\u003eIndex 325\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866406269271,"sku":"9781119621980","price":22.94,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119621980.jpg?v=1722278495","url":"https:\/\/bookcurl.com\/products\/you-can-stop-stupid-9781119621980","provider":"Book Curl","version":"1.0","type":"link"}