Sahinoglu - Cyber-risk informatics: engineering evaluation with data science

1. Chapter 01
2. Chapter 02
3. Chapter 03
4. Chapter 04
5. Chapter 05
6. Chapter 06
7. Chapter 07
8. Chapter 08
9. Chapter 09
10. Chapter 10

1. Preface
2. Chapter 01
3. Chapter 02
4. Chapter 03
5. Chapter 04
6. Chapter 05
7. Chapter 06
8. Chapter 07
9. Chapter 08
10. Chapter 09
11. Chapter 10

This book is accompanied by a companion website:

www.wiley.com/go/sahinoglu/informatics

The website includes:

• Solutions manual available to students
• PowerPoint slides available to instructors

MEHMET SAHINOGLU, PH.D.

Auburn University at Montgomery

Copyright 2016 by John Wiley & Sons, Inc. All rights reserved

Published by John Wiley & Sons, Inc., Hoboken, New Jersey
Published simultaneously in Canada

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials.The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data

Names: Sahinoglu, Mehmet, 1951 author.
Title: Cyber-risk informatics : engineering evaluation with data science / Mehmet Sahinoglu.
Description: Hoboken, New Jersey : John Wiley & Sons, 2016. | Includes bibliographical references and index. | Description based on print version record and CIP data provided by publisher; resource not viewed.

Identifiers: LCCN 2015036259 (print) | LCCN 2015032749 (ebook) | ISBN 9781119087526 (Adobe PDF) | ISBN 9781119087533 (ePub) | ISBN 9781119087519 (cloth)
Subjects: LCSH: Cyber intelligence (Computer security) | Computer systemsReliability. | Computer softwareReliability. | Computer networksSecurity measuresData processing. | Risk assessmentStatistical methods.
Classification: LCC QA76.9.A25 (print) | LCC QA76.9.A25 S2497 2016 (ebook) | DDC 005.8dc23
LC record available at http://lccn.loc.gov/2015036259

The multifaceted nature of network security reminds one of the ancient fable, the parable of The Blind Men and the Elephant, where the blind men (or security risk researchers today) are touching the elephant (or network security) to understand what it really is or isnt, because they have never encountered an elephant before. One man touches the elephants tusk, and the other its side, while another touches its tail and yet another its trunk. When they reunite to discuss their findings, they cannot agree what the elephant looks like; such as one thought the trunk was a snake, and the other imagined a tree branch, and so it goes. Much the same happens when it comes to cyber-risk assessment and management. Network security is such a complex, multifaceted topic that cyber-risk specialists are like the veritable blind men grasping at parts and unable to understand the elephant completely. This books intent is to provide a timely remedy to that symbolic elephantine metaphors puzzle by providing a holistic-theoretical and philosophical as well as practical, user-friendly and useful, and application-oriented within a well-grounded holistic approach to network security risk assessment, such that those blind men will no longer be so unfamiliar with the elephant! The universal message here is not seeking total security (a perfect knowledge of the elephant by seeing it, never to happen for the blind men), however focusing on managing the insecurity (understanding the elephant in the best manner that the blind men could), which is what this pioneering textbook is all about.