|
|
|||
|
||||
OverviewIt's been 50 years since the discipline of cybersecurity originated, but users and developers still spread and succumb to many of the same pitfalls in design and practice. The same mistakes keep getting repeated, people keep getting misled, and cybersecurity remains far from optimal. In Cyber Myths, three cybersecurity pioneers don't just deliver the first comprehensive collection of false folk wisdom that derails security from the frontlines to the boardroom: they offer expert practical advice for avoiding or overcoming each myth. Whatever your cybersecurity role or experience, Eugene Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout, you'll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses. Full Product DetailsAuthor: Eugene Spafford , Leigh Metcalf , Josiah DykstraPublisher: Pearson Education (US) Imprint: Addison Wesley Dimensions: Width: 17.80cm , Height: 2.20cm , Length: 23.20cm Weight: 0.700kg ISBN: 9780137929238ISBN 10: 0137929234 Pages: 416 Publication Date: 02 March 2023 Audience: Professional and scholarly , Professional & Vocational Format: Paperback Publisher's Status: Active Availability: Not yet available This item is yet to be released. You can pre-order this item and we will dispatch it to you upon its release. Table of Contents1. What is Cybersecurity? 2. What is the Internet? 3. Faulty Assumptions and Magical Thinking 4. Logical Fallacies 5. Cognitive Biases 6. Cobra Effect 7. Problems and Solutions 8. Negative Results are Still Results 9. Pitfalls of Analogies 10. Vulnerabilities 11. Malware 12. Digital Forensics & Incident Response 13. StatisticsReviewsMany security leaders are traditionally in charge of correcting misconceptions just as much as they are in charge of building up solid security practices. We have plenty of resources on practices--but this book is the crucial guide to that essential myth busting. --Phil Venables, CISO, Google Cloud I'm writing this on my phone, over Wi-Fi, in an airplane on my way to Black Hat, one of the world's largest security conferences. The fact that I'm able to do this at all shows how much we've really learned about cybersecurity over the decades. Now it's all collected in one place for everyone to share. Thank the wise authors, and most importantly: GET OFF THEIR LAWN. --Wendy Nather, Head of Advisory CISOs, Cisco This book is astounding. A true tour de force--which I have never said about any other book. Inverting the viewpoint is a stroke of genius. This is going to be on my grabbable-at-any-time shelf. What I learned, recalled, and was refreshed on with technically astute agnosticism cannot be measured; just appreciated as a profound historical compilation of security practice and theory. Bravo! --Winn Schwartaul, Founder and Chief Visionary Officer, The Security Awareness Company I am happy to endorse the central idea of this book--that cybersecurity is rife with myths that are themselves part of the problem. The brain wants to understand, the world grows ever more complicated, and the sum of the two is myth-making. As the authors say, even if some understanding is true at some time, with enough change what was true becomes a myth soon enough. As such, an acquired immunity to myths is a valuable skill for the cybersecurity practitioner if no other. The paramount goal of all security engineering is No Silent Failure, but myths perpetuate if not create silent failure. Why? Because a state of security is the absence of unmitigable surprise and you cannot mitigate what you don't know is going on. Myths blind us to reality. Ignorance of them is not bliss. This book is a vaccine. --Dan Geer, CISO, In-Q-Tel This is a fun read for all levels. I like their rapid fire delivery and the general light they cast on so many diverse myths. This book will change the cybersecurity industry for the better. --Michael Sikorski, Author of Practical Malware Analysis & CTO, Unit 42 at Palo Alto Networks """Many security leaders are traditionally in charge of correcting misconceptions just as much as they are in charge of building up solid security practices. We have plenty of resources on practices--but this book is the crucial guide to that essential myth busting."" --Phil Venables, CISO, Google Cloud ""I'm writing this on my phone, over Wi-Fi, in an airplane on my way to Black Hat, one of the world's largest security conferences. The fact that I'm able to do this at all shows how much we've really learned about cybersecurity over the decades. Now it's all collected in one place for everyone to share. Thank the wise authors, and most importantly: GET OFF THEIR LAWN."" --Wendy Nather, Head of Advisory CISOs, Cisco ""This book is astounding. A true tour de force--which I have never said about any other book. Inverting the viewpoint is a stroke of genius. This is going to be on my grabbable-at-any-time shelf. What I learned, recalled, and was refreshed on with technically astute agnosticism cannot be measured; just appreciated as a profound historical compilation of security practice and theory. Bravo!"" --Winn Schwartaul, Founder and Chief Visionary Officer, The Security Awareness Company ""I am happy to endorse the central idea of this book--that cybersecurity is rife with myths that are themselves part of the problem. The brain wants to understand, the world grows ever more complicated, and the sum of the two is myth-making. As the authors say, even if some understanding is true at some time, with enough change what was true becomes a myth soon enough. As such, an acquired immunity to myths is a valuable skill for the cybersecurity practitioner if no other. The paramount goal of all security engineering is No Silent Failure, but myths perpetuate if not create silent failure. Why? Because a state of security is the absence of unmitigable surprise and you cannot mitigate what you don't know is going on. Myths blind us to reality. Ignorance of them is not bliss. This book is a vaccine."" --Dan Geer, CISO, In-Q-Tel ""This is a fun read for all levels. I like their rapid fire delivery and the general light they cast on so many diverse myths. This book will change the cybersecurity industry for the better."" --Michael Sikorski, Author of Practical Malware Analysis & CTO, Unit 42 at Palo Alto Networks" Author InformationEugene H. Spafford, PhD, is a professor in Computer Science at Purdue University. In his 35-year career, Spaf has been honored with every major award in cybersecurity. Leigh Metcalf, PhD, is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute's cybersecurity-focused CERT® division. Josiah Dykstra, PhD, is a cybersecurity practitioner, researcher, author, and speaker. He is the owner of Designer Security and has worked at the US National Security Agency for 18 years. Tab Content 6Author Website:Countries AvailableAll regions |