Your Search Results

      • Trusted Partner
        Humanities & Social Sciences
        May 2020

        Constructing cybersecurity

        Power, expertise and the internet security industry

        by Andrew Whiting

      • Computer security
        March 2010

        Assessing Information Security

        Strategies, Tactics, Logic and Framework

        by Andrew A. Vladimirov

        What do information security and the art of war have in common? The answer, this book argues, is a great deal. Although the authors have an expert technical knowledge of information security, they strongly believe that technical and procedural measures cannot offer a solution on their own. The human factor Information security is not painting by numbers. You can tick all the right boxes and acquire the latest technology, and you may fail all the same. This is because information security is ultimately a human problem, not a technical one. In the end, the threats to your information security come from human beings, not from machines. Although one problem you will face is simple human error, the major threat to your business information is from the criminal. Fight Cybercrime Cybercrime is on the move. It is in a state of constant evolution, capable of adapting both to developments in technology and to whatever security measures its targets have already put in place. It will seek out your weak points in order to exploit them for its own advantage. However, although the people who want to harm your business will try to take you by surprise, they are also bound to have weaknesses of their own. Because the activity of the cybercriminal is both deliberate and hostile, they can be compared to a military adversary. So if you want to defend yourself from cybercrime you can learn from military strategy. Leadership Fighting cybercrime is about more than bureaucracy and compliance. Your company's approach to information security has to be integrated with your overall business goals. The people at the top have to provide leadership, while the people at the bottom need to understand the company's information security policy and be able to show initiative when faced with an unexpected attack. If you want to take active steps to deter the cybercriminal, then this book is for you. It will help you plan the right strategy for defending your business from cybercrime. Strategy Business is an intensely competitive environment. This is why so many executives enjoy the insights that the classics of military strategy, such as Clausewitz and Sun Tzu, provide on how to win. The authors of this book have drawn on Clausewitz in order to interpret the detailed knowledge of information security they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

      • Network security

        21st Century Chinese Cyberwarfare

        by William T Hagestad

        Cyber security - A Government, organisational and Public Risk The 2010 National Security Strategy identified cyber attacks as one of the four highest-priority risks faced by the UK. President In the US, President Obama has declared cyber security as one of the most serious economic and national security challenges the US faces as a nation. While usually targeted on specific government or private sector organisations, cyber attacks can, and will, happen to anyone. At the lower level, attacks are more widespread and are initially automated and indiscriminate - any organisation with an Internet presence will be scanned, potentially targeted and attacked. Chinese Advanced Persistent Threats (APTs) There is an Advanced Persistent Threat (APT) posed by organised crime and state level entities, targeting large multi-national corporations and foreign governments, with the objective of stealing information or compromising information systems. The goal of an APT is not necessarily to bring a business down, but to stay embedded and suck information out of it at a slow, undetected pace. This is a major area of concern, in particular the number and severity of APTs coming out of China. The Chinese will use state sponsored 21st Century hacking technology to carry out a campaign of targeting and collecting intelligence against their chosen cyber targets, supporting the information necessary to become the next superpower. Understand China's cyber warfare 21st Century Chinese Cyber warfare draws from a combination of business, cultural, historical, linguistic and the author's personal experience to attempt to explain China to the uninitiated. The objective of the book is to raise awareness of the fact that the People's Republic of China is using a combination of their unique culture, language, and political will, known as Chinese Communism, to maintain their cultural heritage. This book is the first to gather the salient information regarding the use of cyber warfare doctrine by the People's Republic of China to promote its own hegemonistic, national self-interests and enforce its political, military and economic will on other nation states. The threat of Chinese Cyberwarfare can no longer be ignored. It is a clear and present danger to the experienced and innocent alike and will be economically, societally and culturally changing and damaging for the nations that are targeted. 21st Century Chinese Cyber warfare discusses: Statistics of the Chinese Cyber Threat. Chinese government cyber initiatives. Understanding the key motivators for government-sponsored cyber warfare. Commercial enterprises as a cyber threat vector. Nationalistic threads of Chinese hackers. And much, much more. Essential cyber security reading Those that will find benefit from the book include: law enforcement agencies, international information security professionals, IT professionals, military professionals, government policy makers and corporate management.

      • Computer security

        The Insider Threat

        Combatting the Enemy Within

        by Clive. Blackwell

        Is your vital business information vulnerable to an attack from within? Growing dependence on IT may mean your business is becoming increasingly vulnerable to a sinister and unpleasant threat: the threat from within. How exposed is your company to the risk of a malicious attack by a discontented or psychologically unbalanced employee? What precautions have you taken to ensure that your IT systems cannot be manipulated for purposes of insider fraud? What steps do you need to take to prevent your IT systems from falling prey to organized crime through someone who has been planted within your firm or someone who is being threatened or bribed? Product designs and customer lists are not only useful information to you. They are also valuable information for your competitors. Employees who move to another company, or decide to set up in business on their own, may attempt to take some of this information with them. How will you stop this from happening? In this book, Clive Blackwell gets you up to speed on the key security problems that businesses are now facing as a result of the insider threat. Benefits to business include: Protect your company from sabotage.With the right strategy in place, you can restrict the opportunities open to disgruntled employees to disrupt your business operations through your IT system. Prevent major fraud.By employing dual control mechanisms for authorising large transactions, and by investigating accounting anomalies, you can protect your business from insider fraud. Prevent information theft.Use least privilege rules to limit data access, and set up a proper system of data management. You need to ensure that your employees cannot sell or exploit your proprietary information for their own purposes if you want to protect your competitiveness. As Dr Blackwell comments, “Systematic defence is required, as no single method can protect against employees with legitimate access to organizational resources.”

      • Computer security

        Outsourcing IT

        A Governance Guide

        by Rupert. Kendrick

      • Data encryption

        Cyber Risks for Business Professionals

        A Management Guide

        by Rupert. Kendrick

      • Computer security

        The Definitive Guide to the C&A Transformation

        by Waylon Krush

        Learn more about establishing and maintaining a secure information environment... War is always a product of its age; and information systems are one of the primary drivers of war in the age of information.The tools and tactics used to fight the information war have evolved with advances in technology. So, it is no wonder that the tools and tactics needed to defend critical information systems must also evolve. Certification and Accreditation Process One of the tools in the defense toolkit is the process known as Certification and Accreditation (C&A). C&A stretches across the Department of Defense (DoD), the Office of the Director of National Intelligence (DNI), the Committee on National Security Systems (CNSS), the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB). It can be an extremely effective risk-based process in ensuring the implementation of the measures necessary to protect devices, systems and networks. It is therefore essential, for information security professionals to understand this huge and complex body of work, in order to establish and maintain a secure information environment. New C&A practices reduce redundant activity The new C&A practices will reduce redundant activity and unnecessary documentation, and will shorten the overall process that has historically affected DoD procurement. The new procedures will also ensure system certifications and accreditations accomplished by one agency are valid for all agencies. A comprehensive and authoritative guide to C&A This book is the first comprehensive manual to explain the current standards and best practices. The book provides all the information needed to recognize, implement and manage the relevant authorization requirements, and therefore to achieve compliance with federal, local and agency laws and policies. Each chapter not only provides a list of related references but also offers recommendations for additional reading. Ideal for security practitioners, system administrators, managers, standards developers, evaluators and testers, no other book provides such authoritative guidance on these emerging requirements.

      Subscribe to our

      newsletter