Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn't the user the weakest link?
In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derail security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.
Features -
1. Read over 175 common misconceptions held by users, leaders, and cybersecurity professionals, along with tips for how to avoid them.
2. Learn the pros and cons of analogies, misconceptions about security tools, and pitfalls of faulty assumptions.
3. What really is the weakest link? When aren't "best practices" best? Discover how others understand cybersecurity and improve the effectiveness of cybersecurity decisions as a user, a developer, a researcher, or a leader.
4. Get a high-level exposure to why statistics and figures may mislead as well as enlighten.
5. Develop skills to identify new myths as they emerge, strategies to avoid future pitfalls, and techniques to help mitigate them.
About the Author
Eugene H. Spafford is one of the most senior academics in the field of cybersecurity. During his 40-plus years in computing—including 35 years as a faculty member at Purdue University, where he founded CERIAS, the Center for Education and Research in Information Assurance and Security— Spaf (as he is widely known) has worked on issues in privacy, public policy, law enforcement, intelligence, software engineering, education, social networks, operating systems, and cybersecurity. He has developed fundamental technologies in intrusion detection, incident response, firewalls, integrity management, and forensic investigation. Dr. Spafford is a Fellow of the American Academy of Arts and Sciences (AAA&S), the Association for the Advancement of Science (AAAS), the ACM, the IEEE, and the (ISC)2; a Distinguished Fellow of the ISSA; and a member of the Cyber Security Hall of Fame—the only person to ever hold all these distinctions. In 2012, he was named as one of Purdue’s inaugural Morrill Professors—the university’s highest award for the combination of scholarship, teaching, and service. In 2016, he received the State of Indiana’s highest civilian honor by being named a Sagamore of the Wabash. More information may be found at https://ceri.as/spaf-bio.
Leigh Metcalf is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute’s cybersecurity (CERT) division. CERT is composed of a diverse group of researchers, software engineers, and security analysts who are developing cutting-edge information and training to improve the practice of cybersecurity. Before joining CERT, Leigh spent more than 10 years in industry working as a systems engineer, architect, and security specialist. Dr. Metcalf has presented research at numerous conferences. She is the co-author (with William Casey) of the book Cybersecurity and Applied Mathematics (Syngress, 2016) as well as the co-author (with Jonathan Spring) of the book Using Science in Cybersecurity (World Scientific, 2021). She is also the Co-Editor-in-Chief (with Arun Lakhotia) of the ACM journal Digital Threats. Research and Practice (DTRAP).
Josiah Dykstra is a seasoned cybersecurity practitioner, researcher, author, and speaker. He is a senior leader in the Cybersecurity Collaboration Center at the National Security Agency (NSA) and the owner of Designer Security, LLC. Dr. Dykstra holds a Ph.D. in computer science and previously served as a cyber operator and researcher. He is interested in cybersecurity science, especially where humans intersect with technology. He has studied stress in hacking, action bias in incident response, and the economics of knowing when sharing threat intelligence is more work than it is worth. Dr. Dykstra is a frequent author and speaker, including Black Hat and RSA Conference. He received the CyberCorps. Scholarship for Service (SFS) fellowship and is one of six people in the SFS Hall of Fame. In 2017, he received the Presidential Early Career Award for Scientists and Engineers (PECASE) from then President Barack Obama. Dr. Dykstra is a Fellow of the American Academy of Forensic Sciences and a Distinguished Member of the Association for Computing Machinery (ACM). He is the author of numerous research papers and the book Essential Cybersecurity Science (O’Reilly Media, 2016). More information may be found at https.//josiahdykstra.com. Pattie Spafford is a freelance artist, writer, and equestrienne. She holds a Ph.D. in art education. This Dr. Spafford has over 25 years of experience in K–12, college education, and community and museum art programs. Her current major research project integrates geography, art, and horses. Pattie maintains an active studio practice with bead embroidery and ink drawing as her preferred media. Pattie’s programs have received awards from national, state, and local arts agencies throughout her career, including the National Endowment for the Arts, the Louisiana Board of Regents, a NAHRO National A.
Contents –
Part I. General Issues –
1. What Is Cybersecurity? 2. What Is the Internet?
Part II. Human Issues –
3. Faulty Assumptions and Magical Thinking 4. Fallacies and Misunderstandings 5. Cognitive Biases 6. Perverse Incentives and the Cobra Effect 7. Problems and Solutions
Part III. Contextual Issues –
8. Pitfalls of Analogies and Abstractions 9. Legal Issues 10. Tool Myths and Misconceptions 11. Vulnerabilities 12. Malware 13. Digital Forensics and Incident Response
Part IV. Data Issues –
14. Lies, Damn Lies, and Statistics 15. Illustrations, Visualizations, and Delusions 16. Finding Hope
Loading...
