Joanna F. DeFranco - What Every Engineer Should Know About Cyber Security and Digital Forensics

Most organizations place a high priority on keeping data secure, but not every organization invests in training its engineers or employees in understanding the security risks involved when using or developing technology. Designed for the non-security professional, What Every Engineer Should Know About Cyber Security and Digital Forensics is an overview of the field of cyber security.

The Second Edition updates content to address the most recent cyber security concerns and introduces new topics such as business changes and outsourcing. It includes new cyber security risks such as Internet of Things and Distributed Networks (i.e., blockchain) and adds new sections on strategy based on the OODA (observe-orient-decide-act) loop in the cycle. It also includes an entire chapter on tools used by the professionals in the field. Exploring the cyber security topics that every engineer should understand, the book discusses network and personal data security, cloud and mobile computing, preparing for an incident and incident response, evidence handling, internet usage, law and compliance, and security forensic certifications. Application of the concepts is demonstrated through short case studies of real-world incidents chronologically delineating related events. The book also discusses certifications and reference manuals in the areas of cyber security and digital forensics.

By mastering the principles in this volume, engineering professionals will not only better understand how to mitigate the risk of security incidents and keep their data secure, but also understand how to break into this expanding profession.

Series Editor

Phillip A. Laplante

Pennsylvania State University

What Every Engineer Should Know about Excel, Second Edition

J.P. Holman and Blake K. Holman

Technical Writing: A Practical Guide for Engineers, Scientists, and Nontechnical Professionals, Second Edition

Phillip A. Laplante

What Every Engineer Should Know About the Internet of Things

Joanna F. DeFranco and Mohamad Kassab

What Every Engineer Should Know about Software Engineering

Phillip A. Laplante and Mohamad Kassab

What Every Engineer Should Know About Cyber Security and Digital Forensics

Joanna F. DeFranco and Bob Maley

For more information about this series, please visit: www.routledge.com/What-Every-Engineer-Should-Know/book-series/CRCWEESK

Second Edition

Joanna F. DeFranco and Bob Maley

Second edition published 2023

by CRC Press

6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742

and by CRC Press

4 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN

CRC Press is an imprint of Taylor & Francis Group, LLC

2023 Joanna F. DeFranco and Bob Maley

First edition published by CRC Press 2014

Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.

For permission to photocopy or use material electronically from this work, access

Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe.

ISBN: 978-1-032-14601-0 (hbk)

ISBN: 978-1-032-15665-1 (pbk)

ISBN: 978-1-003-24522-3 (ebk)

DOI: 10.1201/9781003245223

Typeset in Times

by codeMantra

What every engineer should know amounts to a bewildering array of knowledge. Regardless of the areas of expertise, engineering intersects with all the fields that constitute modern enterprises. The engineer discovers soon after graduation that the range of subjects covered in the engineering curriculum omits many of the most important problems encountered in the line of daily practiceproblems concerning new technology, business, law, and related technical fields.

With this series of concise, easy-to-understand volumes, every engineer now has within reach a compact set of primers on important subjects such as patents, contracts, software, business communication, management science, and risk analysis, as well as more specific topics such as embedded systems design. These are books that require only a lay knowledge to understand properly, and no engineer can afford to remain uniformed of the fields involved.

Long gone are the days where the security of your critical data could be protected by security guards, cipher locks, and an ID badge worn by all employees. As the computing paradigm is continually changing with shared resources, new technology and mobility, firewalls and anti-virus software are also not enough to protect critical assets.

This book will cover topics that range from the processes and practices that facilitate the protection from attacks, destruction, and unauthorized access of our private information and critical assets to the processes and practices that enable an effective response if and when the attacks, destruction, and unauthorized access occur. This book will provide information on those topics via real situations, case law, and the latest processes and standards from the most reliable sources. The goal is not for you to become a fully trained security or digital forensic expert (although we will explain how to accomplish that), but to provide accurate and sufficient information to pique your interest and to springboard you onto the right path if this is an area you wish to understand and/or pursue. If youre not aiming to be the next security professional at your company, this book can assist you in understanding the importance of security in your organization whether you are designing software, have access to personal data, or manage the day-to-day activities in your office, because we all need to take a part in protecting those critical assets. In any case, we are hoping this book will give you a new appreciation for the world of cyber security and digital forensics.

There are three main goals of this book. The first goal is to introduce the cyber security topics every engineer should understand. It is important to understand these topics, as most engineers work for organizations that need their data secure, and unfortunately not every organization invests in training their employees to understand how to reduce the risk of security incidents. It is a well-known fact that the weakest link in any system is the user. Just ask any hacker. The second goal is demonstrating the application of the security concepts presented. This will be accomplished by presenting case studies of real-world incidents. The final goal is to provide information on certifications in the area of cyber security and digital forensics for the reader who wants to take advantage of the vast and growing opportunities in this field.