• Complain

Mowbray - Cybersecurity

Here you can read online Mowbray - Cybersecurity full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2013, publisher: Wiley, genre: Romance novel. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Mowbray Cybersecurity

Cybersecurity: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Cybersecurity" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Mowbray: author's other books


Who wrote Cybersecurity? Find out the surname, the name of the author of the book and a list of all author's works by series.

Cybersecurity — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Cybersecurity" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Part I
Cyber Network Security Concepts

In This Part

  • Chapter 1: Executive Summary
  • Chapter 2: The Problems: Cyber Antipatterns
  • Chapter 3: Cybersecurity Architecture
Chapter 1
Executive Summary

Effective cybersecurity is a critical capability for the defense and preservation of civil society. Cyber crime is one of the worlds largest and fastest-growing categories of crime. Cyber criminals are responsible for more than $1 trillion USD in stolen funds and other assets, with crime in some segments growing 300 percent per year. Cyber espionage is epidemic and pervasive; even the worlds smartest companies and government institutions have terabytes of intellectual property and financial assets being lost annually via the Internet. Concealed malicious actors even threaten our electrical power grids, global financial systems, air traffic control systems, telecommunications systems, healthcare systems, and nuclear power plants.

Chances are good that your current organization is being attacked right now: cyber criminals, civilian/military cyber warriors, and global competitors are deeply entrenched in your network. If you have information worth stealing, it is likely that the attackers are on your internal network, exfiltrating data from your end users, and controlling key administrative nodes. If organizations dont change the way they are defending themselves, personal identifying information, bank account and credit card numbers, and intellectual property that defines competitive advantage will continue to be stolen.

The threat is to all civil society. If cyber attackers scrambled all the data on Wall Street and Bond Street, wiping out all investments and retirement accounts based in the U.S. and U.K., the consequences are unthinkable. (And this scenario is a real possibility.) The goal of this book is to lay the foundation for solving this critical problem in earnest.

U.S. government policy experts are quite concerned about the strategic gap in cyber skills, claiming that in 2008 the U.S. had only 1,000 world-class cyber experts but would require 20,000 to 30,000 to adequately handle cyberspace offense and defense. I believe that estimate is quite low. There are 25,000,000 business establishments that need cyber defenses in the U.S. alone, according to the census bureau. Certainly, hundreds of thousands of technologists with the kinds of skills and education presented in this book will be needed to fully defend civil society.

Why Start with Antipatterns?

To successfully make a change, the first step is to admit you have a problem. The civilized world is in a dire predicament regarding cyber threats. Solving cybersecurity issues requires radical new ways of thinking, and, paradoxically, a return to first principles and common sensein other words, ruthless pragmatism.

Antipatterns employ psychological frameworks for solving problems whose causes involve habitual mistakes. Antipatterns require a mind shift from the dispassionate mindsets of mathematics and engineering into the judgmental milieu of enterprise architecture and organizational change.


NOTE Some people have criticized antipatterns as being anti-intellectual. Antipatterns are a way of thinking clearly about habitual causes, serious problems, and effective solutions.

Antipatterns have been summarized by the quip, Technology is not the problempeople are the problem. But, changing peoples minds is very difficult. So, you need powerful psychology to do that.


NOTE The classic paradigm of organizational change is: You send your people out on a rickety bridge toward a pot of gold and then start a fire behind them so they can never go back to old ways.

Antipatterns have ancient roots in governance, law enforcement, religion, and public administration. In a perverse sense, antipatterns are an adult form of name-calling used to control society. We invent pejorative names and make public examples of miscreants to prevent other people from misbehaving.

For the sake of clear definition, here are a few examples of modern-day social antipatterns used in general society: liberal (lily livered), racist (bigot), terrorist (violent extremist), convict (felon, violent offender), street criminal (thug, gang banger), drug addict (junkie), corrupt politician (crook), and all terms for sex criminals. Words have baggage. Even the term hacker has antipattern connotations.

Although this book does not emphasize the name-calling aspect of antipatterns, the goal is the same: to clearly articulate habitual mistakes (in IT) and then rapidly transition the discussion toward pragmatic solutions.

In this chapter, a basic form of antipattern is introduced. Basic antipatterns include two parts: (1) a description of the antipattern problem, and (2) a description of an improved solution, called a refactored solution . In some cases in this chapter, I present the antipattern without the refactored solution. Chapter 2 introduces the full antipatterns template.

Security Architecture

The cybersecurity crisis is a fundamental failure of architecture. Many of the networked technologies we depend upon daily have no effective security whatsoever. (See the "Networks Always Play by the Rules" antipattern in Chapter 2). The architecture of the Internet and the vast majority of deployed software create significant opportunities for malicious exploitation.

It is worth stating that if infrastructure and software technologies were engineered properly, they would be built to withstand known and manage unknown risks, and they would be significantly more secure than current-day technologies.

Chapter 3 introduces the Zachman Framework for Enterprise Architecture and applies it to securing enterprises. The Zachman Framework is a powerful intellectual tool that enables complex organizations to describe themselves, including their mission, business, and information technology (IT) assets. With this self-knowledge comes awareness of risks and mitigations, and ways of engineering security into solutions from inception. The Zachman Framework serves as an overarching structure that organizes the problem-solving patterns catalog in Chapter 3.

The following sections begin the discussion of cybersecurity antipatterns, including some of the most significant cybersecurity challenges, including education. Antipatterns can be construed as cynical depictions of the current state of practice. Negativity and cynicism are not the goal; there are many solutions and patterns for success.

Antipattern: Signature-Based Malware Detection versus Polymorphic Threats

The conventional wisdom is that all systems with up-to-date antivirus signatures will be safe. However, many popular antivirus solutions are nearly obsolete, with many missing the majority of new malware. Current signature-based antivirus engines miss 30 percent to 70 percent of malicious code, and nearly 100 percent of zero day infections, which, by definition, are unreported exploits.

Malicious signature growth is exploding from 5 new ones per day in 2000 to 1,500 per day in 2007 and more than 15,000 per day in 2009, according to Symantec (from a 2010 conference briefing on reputational anti-malware), which is an average of 200 percent to 300 percent cumulative growth per year. Malware variability has grown so rapidly that signature-based detection is rapidly becoming obsolete.


NOTE Each security industry vendor has its own sensor network for gathering and monitoring malware. Kaspersky Labs has seen flat growth in malware signatures since 2008, while other vendors imply exponential growth. Somewhere in the middle lies the truth.
Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Cybersecurity»

Look at similar books to Cybersecurity. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Cybersecurity»

Discussion, reviews of the book Cybersecurity and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.