Releases
You CAN Stop Stupid
Stopping Losses from Accidental and Malicious Actions
Around the world, users cost organizations billions of dollars due to simple errors and malicious actions. They believe that there is some deficiency in the users. In response, organizations believe that they have to improve their awareness efforts and making more secure users. This is like saying that coalmines should get healthier canaries. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that. It takes a holistic approach to assessing risk combined with technical defenses and countermeasures layered with a security culture and continuous improvement. Only with this kind of defense in depth can organizations hope to prevent the worst of the cybersecurity breaches and other user-initiated losses.
Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, Ira Winkler and Dr. Tracy Celaya’s You CAN Stop Stupid provides a methodology to analyze potential losses and determine appropriate countermeasures to implement.
Business technology and security professionals will benefit from the information provided by these two well-known and influential cybersecurity speakers and experts.
Advanced Persistent Security
A Cyberwarfare Approach to Implementing Adaptive Enterprise Protection, Detection, and Reaction Strategies
Advanced Persistent Security covers secure network design and implementation, including authentication, authorization, data and access integrity, network monitoring, and risk assessment. Using such recent high profile cases as Target, Sony, and Home Depot, the book explores information security risks, identifies the common threats organizations face, and presents tactics on how to prioritize the right countermeasures.
The book discusses concepts such as malignant versus malicious threats, adversary mentality, motivation, the economics of cybercrime, the criminal infrastructure, dark webs, and the criminals organizations currently face.
Security Awareness for Dummies
Security Awareness For Dummies addresses the subject from that of a practitioner attempting to design and implement their own security awareness program. The book is extremely pragmatic and practical to allow for readers of any skill level to pick up the book and apply the material immediately, to either create or improve their own awareness programs.
It book will cover some of the fundamental scientific principles involved with creating awareness program, but only from the perspectives of providing guidance to ensuring the resulting programs are effective and providing a scientific foundation to the program target audience or to the authorities over the awareness manager.
This will not be a book about scientific theories, but a practical book that goes straight to “how” to implement the program. There is, however, some “why” and “what” type of information because it is important for the reader to understand why they are going through the efforts that they are, and being able to justify them to management.