Making Sense of Cybersecurity 1st Edition Thomas Kranz 161729800X 978-1617298004

Making Sense of Cybersecurity 1st Edition Thomas Kranz – Ebook Instant Download/Delivery ISBN(s): 9781617298004, 161729800X

Product details:
• ISBN 10: 161729800X
• ISBN 13: 9781617298004
• Author: Thomas Kranz

In Making Sense of Cybersecurity you will learn how to:

    1. Develop and incrementally improve your own cybersecurity strategy
    2. Detect rogue WiFi networks and safely browse on public WiFi
    3.Protect against physical attacks utilizing USB devices or building access cards
    4.Use the OODA loop and a hacker mindset to plan out your own attacks
    5.Connect to and browse the Dark Web
    6.Apply threat models to build, measure, and improve your defenses
    7. Respond to a detected cyber attack and work through a security breach

Go behind the headlines of famous attacks and learn lessons from real-world breaches that author Tom Kranz has personally helped to clean up. Making Sense of Cybersecurity is full of clear-headed advice and examples that will help you identify risks in your organization and choose the right path to apply the important security concepts. You’ll learn the three pillars of a successful security strategy and how to create and apply threat models that will iteratively improve your organization’s readiness.

Table of contents

1. inside front cover
2. Making Sense of Cybersecurity
3. Copyright
4. dedication
5. contents
6. front matter
7. foreword
8. preface
9. acknowledgments
10. about this book
11. Who should read this book
12. How this book is organized: A roadmap
13. liveBook discussion forum
14. about the author
15. about the cover illustration
16. 1 Cybersecurity and hackers
17. 1.1 Cybersecurity: How it has evolved
18. 1.2 Why should you care about cybersecurity?
19. 1.3 Who is the ideal reader for this book?
20. 1.4 How does hacking—and defending—work?
21. 1.5 What will you learn in this book?
22. 1.6 What we won’t cover
23. 1.6.1 Denial-of-service attacks
24. 1.6.2 Encryption
25. 1.7 What tools do you need to get started?
26. Summary
27. 2 Cybersecurity: Everyone’s problem
28. 2.1 Keeping it simple
29. 2.2 Impacts of a security breach
30. 2.3 Objectives of a cybersecurity strategy
31. 2.3.1 Applying what we’ve learned so far
32. 2.4 Supporting our strategy: Building a patching policy
33. 2.4.1 CVEs are used to coordinate all information around a specific bug, and a CVSS score is used to rate how serious it is
34. 2.4.2 Building a patching policy
35. 2.5 A culture of security
36. 2.6 How ready are you?
37. Summary
38. Part 1
39. 3 Understanding hackers
40. 3.1 Who are the hackers?
41. 3.1.1 Black hat
42. 3.1.2 Grey hat
43. 3.1.3 White hat
44. 3.2 Where do they come from?
45. 3.2.1 Black hat hacker: Alberto Gonzalez
46. 3.2.2 Grey hat hacker: Sabu and the Anonymous collective
47. 3.2.3 White hat hacker: Mudge
48. 3.2.4 The hacker mindset
49. 3.3 What are hackers capable of?
50. 3.3.1 The bad guys: Black hats
51. 3.3.2 The middle ground: Grey hats
52. 3.3.3 The good guys: White hats
53. 3.4 Working through a real-life problem: How do hackers think?
54. 3.4.1 Breaking a financial services website
55. 3.4.2 Combining the hacker mindset with the OODA loop
56. Summary
57. 4 External attacks
58. 4.1 How do hackers get in?
59. 4.1.1 Home setup
60. 4.1.2 Corporate network
61. 4.2 Data injection attacks
62. 4.2.1 SQLi
63. 4.2.2 Cross-site scripting
64. 4.3 Malware: Viruses, Trojans, and ransomware
65. 4.3.1 Viruses
66. 4.3.2 Trojans
67. 4.3.3 Ransomware
68. 4.3.4 Protection
69. 4.4 Dodgy Wi-Fi
70. 4.4.1 Defenses
71. 4.5 Mobile phones, SMS, and 5G
72. 4.5.1 Malware
73. 4.5.2 IMEI cloning
74. 4.5.3 SMS spoofing
75. 4.5.4 Problems with 5G
76. 4.5.5 Keeping safe
77. Summary
78. 5 Tricking our way in: Social engineering
79. 5.1 The weakest link: People
80. 5.2 Malicious USB
81. 5.2.1 USB devices with malware
82. 5.2.2 BadUSB: USB devices that attack your laptop and phone
83. 5.2.3 Evil maid attacks
84. 5.3 Targeted attacks: Phishing
85. 5.4 Credential theft and passwords
86. 5.4.1 Store passwords more securely
87. 5.4.2 Make it easier to use unique, complex passwords
88. 5.4.3 Stop relying on just a password to protect your accounts
89. 5.5 Building access cards
90. Summary
91. 6 Internal attacks
92. 6.1 What happens after they get in?
93. 6.2 Gaining more control: Privilege escalation
94. 6.3 Data theft
95. 6.3.1 Advanced persistent threat
96. 6.3.2 Making money from stolen financial details
97. 6.3.3 Making money from ID theft
98. 6.4 Insider threats
99. 6.5 “Blast radius”: Limiting the damage
100. 6.5.1 AI, machine learning, behavioral analysis, and snake oil
101. 6.6 Building your castle: Defense in depth
102. 6.6.1 Perimeter security: Build a wall
103. 6.6.2 Zero trust: The attackers are everywhere
104. Summary
105. 7 The Dark Web: Where is stolen data traded?
106. 7.1 What is the Dark Web?
107. 7.1.1 TOR
108. 7.1.2 I2P
109. 7.1.3 Freenet
110. 7.2 How to access the Dark Web
111. 7.2.1 Precautions
112. 7.3 How is the Dark Web used?
113. 7.3.1 Illegal weapons
114. 7.3.2 Illegal drugs
115. 7.3.3 Hackers for hire
116. 7.3.4 Hacktivism
117. 7.3.5 Evading censorship
118. 7.3.6 Making money from stolen data
119. 7.3.7 Bitcoin
120. Summary
121. Part 2
122. 8 Understanding risk
123. 8.1 Issues vs. vulnerabilities vs. threats vs. risks
124. 8.2 How likely is a hack?
125. 8.3 How bad will it be?
126. 8.3.1 Common Vulnerability Scoring System
127. 8.3.2 CVE Vector
128. 8.3.3 Making things personal
129. 8.4 A simple model to measure risk
130. 8.5 How do I measure and communicate this?
131. 8.5.1 Page 1: Our security matrix
132. 8.5.2 Page 2: Our vulnerabilities
133. 8.5.3 Page 3: Our security roadmap
134. 8.5.4 Page 4: Information and actions
135. Summary
136. 9 Testing your systems
137. 9.1 How are vulnerabilities discovered?
138. 9.1.1 An attacker has exploited a vulnerability
139. 9.1.2 A stranger has found what they think is a vulnerability
140. 9.1.3 A vendor has released a security advisory
141. 9.2 Vulnerability management
142. 9.2.1 Vulnerability life cycle management
143. 9.2.2 Vulnerability scanning workflow
144. 9.3 Break your own stuff: Penetration testing
145. 9.3.1 Defining the scope
146. 9.3.2 Carrying out the test
147. 9.3.3 The report
148. 9.4 Getting expert help: Bug bounties
149. 9.5 Breaking in: Physical penetration testing
150. 9.5.1 Why is physical penetration testing not carried out?
151. 9.5.2 Why does physical penetration testing matter?
152. 9.5.3 What should a physical penetration test cover?
153. 9.6 Red teams and blue teams
154. 9.6.1 Red team
155. 9.6.2 Blue team
156. 9.6.3 Other “colors of the rainbow” teams
157. 9.6.4 Keeping your staff
158. Summary
159. 10 Inside the security operations center
160. 10.1 Know what’s happening: Logging and monitoring
161. 10.1.1 Logging
162. 10.1.2 Monitoring
163. 10.2 Dealing with attacks: Incident response
164. 10.3 Keeping track of everything: Security and Information Event Management
165. 10.4 Gaining intelligence: Data feeds
166. Summary
167. 11 Protecting the people
168. 11.1 Don’t play the blame game
169. 11.2 MFA
170. 11.3 Protecting from ransomware
171. 11.3.1 Make sure everyone has antimalware software installed
172. 11.3.2 Make it easy to install legitimate software
173. 11.3.3 Backups
174. 11.4 Education and support
175. 11.4.1 Regular email newsletters
176. 11.4.2 Lunchtime talks
177. 11.4.3 Security concierge or security champion
178. 11.4.4 Live exercises
179. Summary
180. 12 After the hack
181. 12.1 Responding to a breach
182. 12.1.1 Asset ownership
183. 12.1.2 Business continuity process
184. 12.1.3 Data/system restore
185. 12.1.4 PR/media communications
186. 12.1.5 Internal notification/communication groups
187. 12.1.6 Customer communications policy
188. 12.1.7 Cyber insurance policies
189. 12.1.8 Legal team involvement/advice
190. 12.1.9 Law enforcement engagement policy
191. 12.1.10 Country-specific data controller communications
192. 12.2 Where to get help?
193. 12.2.1 Cyber insurance providers
194. 12.2.2 Legal teams
195. 12.2.3 Law enforcement agencies
196. 12.2.4 Country-specific data controller organizations
197. 12.2.5 Hosting providers
198. 12.3 What to do next?
199. 12.4 Lessons learned

People also search

making sense of cybersecurity 1st

cyber security 101 for dummies

making sense of secondary science pdf

cyber security 101 pdf

cyber security 101 presentation