Verfügbarkeit: Cybersecurity myths and misconceptions

Cybersecurity myths and misconceptions: avoiding the hazards and pitfalls that derail us

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Spafford, Eugene Howard 1956- (VerfasserIn), Dykstra, Josiah (VerfasserIn), Metcalf, Leigh (VerfasserIn)
Weitere Verfasser:	Spafford, Pattie (IllustratorIn)
Format:	Buch
Sprache:	English
Veröffentlicht:	Boston Addison-Wesley [2023]
Online-Zugang:	Inhaltstext Inhaltsverzeichnis
Beschreibung:	xxxv,380 Seiten Illustrationen 23.2 cm x 17.8 cm, 700 g
ISBN:	0137929234 9780137929238

Internformat

MARC


LEADER	00000nam a22000008c 4500
001	BV049484786
003	DE-604
005	20240130
007	t
008	240103s2023 xxua\|\|\| \|\|\|\| 00\|\|\| eng d
015			\|a 23,N26 \|2 dnb
016	7		\|a 1293908193 \|2 DE-101
020			\|a 0137929234 \|9 0-13-792923-4
020			\|a 9780137929238 \|c : EUR 37.44 (DE) (freier Preis), EUR 37.44 (AT) (freier Preis), CHF 45.20 (freier Preis) \|9 978-0-13-792923-8
024	3		\|a 9780137929238
035			\|a (OCoLC)1374342086
035			\|a (DE-599)DNB1293908193
040			\|a DE-604 \|b ger \|e rda
041	0		\|a eng
044			\|a xxu \|c US
049			\|a DE-473
084			\|a ST 277 \|0 (DE-625)143643: \|2 rvk
084			\|8 1\p \|a 004 \|2 23sdnb
100	1		\|a Spafford, Eugene Howard \|d 1956- \|e Verfasser \|0 (DE-588)1213745993 \|4 aut
245	1	0	\|a Cybersecurity myths and misconceptions \|b avoiding the hazards and pitfalls that derail us \|c Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra ; illustrations by Pattie Spafford
264		1	\|a Boston \|b Addison-Wesley \|c [2023]
300			\|a xxxv,380 Seiten \|b Illustrationen \|c 23.2 cm x 17.8 cm, 700 g
336			\|b txt \|2 rdacontent
337			\|b n \|2 rdamedia
338			\|b nc \|2 rdacarrier
700	1		\|a Dykstra, Josiah \|e Verfasser \|0 (DE-588)1082430811 \|4 aut
700	1		\|a Metcalf, Leigh \|e Verfasser \|4 aut
700	1		\|a Spafford, Pattie \|4 ill
776	0	8	\|i Erscheint auch als \|n Online-Ausgabe \|z 9780137929115
856	4	2	\|m X:MVB \|q text/html \|u http://deposit.dnb.de/cgi-bin/dokserv?id=4ee162eb481247bda030ed6c1c67b81f&prov=M&dok_var=1&dok_ext=htm \|3 Inhaltstext
856	4	2	\|m Digitalisierung UB Bamberg - ADAM Catalogue Enrichment \|q application/pdf \|u http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=034830192&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA \|3 Inhaltsverzeichnis
999			\|a oai:aleph.bib-bvb.de:BVB01-034830192
883	1		\|8 1\p \|a vlb \|d 20230625 \|q DE-101 \|u https://d-nb.info/provenance/plan#vlb

Datensatz im Suchindex

_version_	1804186278331154432
adam_text	Contents at a Glance Foreword by Vint Cerf................................................................................................. xxlii Introduction................................................................................................................ xxiv Part I General Issues 1 Chapter 1: What is Cybersecurity?........................................................................ 2 Chapter 2: What Is the Internet?.............................................................................. 36 Part 11 Human Issues Chapter 3: 55 Faulty Assumptions and Magical Thinking......................................... 56 Chapter 4: Fallacies and Misunderstandings....................................................... 88 Chapter 5: Cognitive Biases.................................................................................. 110 Chapter 6: Perverse Incentives and the Cobra Effect......................................... 130 Chapter 7: Problems and Solutions.................................................................... 140 Part III Contextual Issues 161 Chapters: Pitfalls of Analogies and Abstractions............................................... 162 Chapters·. Legal Issues....................................................................................... 180 Chapter 10: Tool Myths and Misconceptions...................................................... 198 Chapter 11: Vulnerabilities..................................................................................... 214 Chapter 12: Malware............................................................................................. 244 Chapter 13: Digital Forensics and Incident Response......................................... 266 Part IV Data Issues 287 Chapter 14: Lies, Damn Lies, and Statistics.......................................................... 288 Chapter 15: Illustrations, Visualizations, and Delusions......................................... 312 Chapter 16: Finding Hope....................................................................................... 326 Appendix: Short Background Explanations............................................................ 336 Acronyms.................................................................................................................. 344 Index........................................................................................................................ 350 Contents at a Glance Table of Contents Foreword by Vint Cert xxiii Introduction xxiv Acknowledgments xxxiii About the Authors xxxiv Part I General Issues Chapter 1 : What Is Cybersecurity? 1 2 Everyone Knows What “Cybersecurity” Means............................................................ 2 We Can Measure How Secure Our Systems Are.......................................................... 5 Trust and Risk............................................................................................. 8 Threats......................................................................................................... 9 Security Policy........................................................................................... 10 And So........................................................................................................ 11 The Primary Goal of Cybersecurity Is Security........................................................... 11 Cybersecurity Is About Obvious Risks....................................................................... 12 Sharing More Cyber Threat Intel Will Make Things Better......................................... 14 What Matters to You Matters to Everyone Else......................................................... 16 Product X Will Make You Secure................................................................................. 17 Macs Are Safer Than PCs, Linux Is Safer Than Windows......................................... 18 Open Source Software Is More Secure Than Closed Source Software...................... 19 Technology X Will Make You Secure.......................................................................... 20 Process X Will Make You Secure................................................................................ 21 Færie Dust Can Make Old Ideas Magically Revolutionary......................................... 22 Passwords Should Be Changed Often...................................................................... 23 Believe and Fear Every Hacking Demo You See...................................................... 26 Cyber Offense Is Easier Than Defense...................................................................... 27 Operational Technology (ОТ) Is Not Vulnerable........................................................ 29 Breaking Systems Is the Best Way to Establish Yourself........................................... 30 X Table of Contents Because You Can, You Should................................................................................... 30 Better Security Means Worse Privacy........................................................................ 32 Further Reading........................................................................................................... 33 36 Chapter 2: What Is the Internet? Everyone Knows What the “Internet” Means............................................................ 36 An IP Address Identifies a Unique Machine.............................................................. 37 The Internet Is Managed and Controlled by a Central Body..................................... 39 The Internet Is Largely Static..................................................................................... 40 Your Network Is Static................................................................................................. 41 You Know Your Crown Jewels and Where They Are............................. 43 Email Is Private.......................................................................................................... 43 Cryptocurrency Is Untraceable................................................................................. 44 Everything Can Be Fixed with Blockchain.................................................................. 46 The Internet Is Like an Iceberg................................................................................... 46 The Dark Web Is Only for Criminal Activity............................................. 47 Activity on the Dark Web Is Untraceable................................................ 47 A VPN Makes You Anonymous.................................................................................. 48 A Firewall Is Enough................................................................................................... 49 Further Reading.......................................................................................................... 51 Part II Human Issues 55 Chapter 3: Faulty Assumptions and Magical Thinking 56 Humans Will Behave Rationally, So Blame the User!................................................ 57 We Know Everything We Need to Know About Cybersecurity Problems................. 62 Compliance Equals (Complete) Security.................................................................... 63 Authentication Provides Confidentiality...................................................................... 65 I Can Never Be Secure, So Why Bother?.................................................................. 65 I Am Too Small/lnsignificant to Be a Target................................................................ 66 Table of Contents xi Everybody Is Out to Get Me................................................................................................ 69 I Engage Only with Trusted Websites, So My Data Is Safe from a Breach.................. 71 Security by Obscurity Is Reasonably Secure.................................................................... 72 The Illusions of Visibility and Control.................................................................................. 74 Five 9’s Is the Key to Cybersecurity.................................................................................... 76 Everybody Has Top-of-the-Line Technology..................................................................... 78 We Can Predict Future Threats.......................................................................................... 80 Security People Control Security Outcomes...................................................................... 81 All Bad Outcomes Are the Result of a Bad Decision....................................................... 82 More Security Is Always Better........................................................................................... 84 Best Practices Are Always Best.......................................................................................... 85 Because It Is Online It Must Be True/Correct................................................................... 86 Further Reading..................................................................................................................... 87 Chapter 4: Fallacies and Misunderstandings 88 The False Cause Fallacy: Correlation Is Causation......................................................... 89 Absence of Evidence Is Evidence of Absence................................................................. 92 The Straw Hacker Fallacy.................................................................................................... 94 Ad Hominem Fallacy............................................................................................................. 95 Hasty Generalization Fallacy.............................................................................................. 96 Regression Fallacy............................................................................................................... 97 Base Rate Fallacy................................................................................................................ Gambler s Fallacy.............................................................................................................. 98 100 Fallacies of Anomalies...................................................................................................... 100 Ignorance of Black Swans................................................................................................ 101 Conjunction and Disjunction Fallacies.............................................................................. 103 Valence Effect.................................................................................................................... 104 Endowment Effect.............................................................................................................. 104 xii Table of Contents Sunk Cost Fallacy.................................................................................................... 105 Bonus Fallacies........................................................................................................ 107 External Appeals................................................................................... 107 Questionable Evidence......................................................................... 107 The Loaded Question........................................................................... 108 False Choices....................................................................................... 108 71/ Quoque............................................................................................. 108 Overloading the Question...................................................................... 109 Further Reading........................................................................................................ 109 Chapter 5: Cognitive Biases 110 Action Bias................................................................................................................ 112 Omission Bias.......................................................................................................... 113 Survivorship Bias...................................................................................................... 115 Confirmation Bias.................................................................................................... 116 Choice Affirmation Bias........................................................................................... 117 Hindsight Bias.......................................................................................................... 117 Availability Bias........................................................................................................ 119 Social Proof.............................................................................................................. 121 Overconfidence Bias................................................................................................. 122 Zero Risk Bias.......................................................................................................... 123 Frequency Bias........................................................................................................ 124 Bonus Biases............................................................................................................ 125 Outcome Bias....................................................................................... 125 Discounting Bias................................................................................... 125 Locality Bias........................................................................................... 125 Denomination Bias............................................................................... 126 Denial or Ostrich Bias........................................................................... 126 Aura or Halo Bias................................................................................. 126 Table of Contents Legal Code Supersedes Computer Code.................................................................. 186 Laws Can Simply Be Converted to Computer Code............................ 187 Legislators/Regulators/Courts Know Enough About Technology to Regulate It....................................................................................... 188 Laws and Courts Unduly Constrain Developers.................................... 189 Law Enforcement Will Never Respond to Cyber Crimes.......................................... 191 You Can Always Hide Information by Suing................................................................ 193 Suing to Suppress a Breach Is a Good Idea.............................................................. 194 Terms and Conditions Are Meaningless................................................................... 194 The Law Is on My Side, So I Do Not Need to Worry................................................ 195 Further Reading.......................................................................................................... 196 Chapter 10: Tool Myths and Misconceptions 198 The More Tools, The Better ....................................................................................... 199 Every New Threat Needs a New Tool.................................................... 200 Default Configurations Are Always Secure............................................................... 201 A Tool Can Stop All Bad Things................................................................................. 203 Intent Can Be Determined from Tools....................................................................... 205 Security Tools Are Inherently Secure and Trustworthy.............................................. 207 Nothing Found Means All Is Well............................................................................... 209 Nothing Found by the Scanners Means We Are Secure........................ 209 No Alarms Means We Are Secure......................................................... 210 No Vulnerability Reports Means No Vulnerabilities .................................. 212 Further Reading......................................................................................................... 212 Chapter 11 : Vulnerabilities 214 We Know Everything There Is to Know About Vulnerabilities................................. 215 Vulnerabilities Are Sparse.......................................................................................... 218 Attackers Are Getting More Proficient....................................................................... 218 xvi Table of Contents Zero-Day Vulnerabilities Are Most Important.......................................................... 219 Zero-Days Are the Scariest .................................................................. 219 Zero-Days Mean Persistence................................................................ 222 All Attacks Hinge on a Vulnerability......................................................................... 223 Exploits and Proofs of Concept Are Bad.................................................................. 226 Vulnerabilities Happen Only in Complex Code........................................................ 228 First Movers Should Sacrifice Security.................................................................... 230 Patches Are Always Perfect and Available.............................................................. 231 Defenses Might Become Security Vulnerabilities with Time................................... 236 All Vulnerabilities Can Be Fixed............................................................................... 237 Scoring Vulnerabilities Is Easy and Well Understood.............................................. 239 Because You Can, You Should—Vulnerabilities Edition........................................... 240 Vulnerability Names Reflect Their Importance........................................................ 241 Further Reading........................................................................................................ 242 Chapter 12: Malware 244 Using a Sandbox Will Tell Me Everything I Need to Know....................................... 246 Reverse Engineering Will Tell Me Everything I Need to Know................................. 249 Malware and Geography Are/Are Not Related........................................................ 251 I Can Always Determine Who Made the Malware and Attacked Me..................... 253 Malware Is Always a Complex Program That Is Difficult to Understand............... 254 Free Malware Protection Is Good Enough.............................................................. 256 Only Shady Websites Will Infect Me........................................................................ 257 Because You Can, You Should—Malware Edition.................................................. 258 Ransomware Is an Entirely New Kind of Malware.................................................. 259 Signed Software Is Always Trustworthy.................................................................. 261 Malware Names Reflect Their Importance.............................................................. 263 Further Reading......................................................................................................... 264 Table of Contents xvii Chapter 13: Digital Forensics and Incident Response 266 Movies and Television Reflect the Reality of Cyber................................................. 267 Incidents Are Discovered as Soon as They Occur................................................... 269 Incidents Are Discrete and Independent................................................................... 270 Every Incident Is the Same Severity ......................................................................... 271 Standard Incident Response Techniques Can Deal with Ransomware.................... 272 Incident Responders Can Flip a Few Switches and Magically Everything Is Fixed......................................................................................................................... 273 Attacks Are Always Attributable.................................................................................. 276 Attribution Is Essential............................................................................................... 278 Most Attacks/Exfiltration of Data Originate from Outside the Organization............ 280 The Trojan Horse Defense Is Dead.............................................................................. 281 Endpoint Data Is Sufficient for Incident Detection................................................... 282 Recovering from an Event Is a Simple and Linear Process..................................... 284 Further Reading.......................................................................................................... 285 Part IV Data Issues Chapter 14: Lies, Damn Lies, and Statistics 287 288 Luck Prevents Cyber Attacks.................................................................................... 289 The Numbers Speak for Themselves......................................................................... 290 Probability Is Certainty.............................................................................................. 290 Statistics Are Laws.................................................................................................... 293 We Need Context.................................................................................. 294 Forecasting an Inference with Statistics............................................... 295 Correlation Implies Causation.................................................................297 Errors in Classification Are Insignificant............................................... 301 Data Is Not Important to Statistics.............................................................................. 303 xviii Table of Contents Artificial Intelligence and Machine Learning Can Solve All Cybersecurity Problems........................................................................................... 306 Further Reading........................................................................................................ 310 Chapter 15: Illustrations, Visualizations, and Delusions 312 Visualizations and Dashboards Are Inherently and Universally Helpful................. 313 Cybersecurity Data Is Easy to Visualize.................................................................. 319 Visualizing Internet Geolocation Is Useful............................................. 320 Visualizing IPs and Ports Is Clear and Understandable....................... 323 Further Reading........................................................................................................ 324 Chapter 16: Finding Hope 326 Creating a Less Myth-Prone World.......................................................................... 328 The Critical Value of Documentation........................................................................ 329 Meta-Myths and Recommendations....................................................................... 331 Meta-Myths........................................................................................... 332 Meta Recommendations..........................................................................333 Avoiding Other and Future Traps............................................................................. 334 Parting Thoughts........................................................................................................ 334 Appendix: Short Background Explanations 336 Acronyms 344 Index 350 Table of Contents xix One Upmanship........................................................................................................ 126 Anchoring Bias........................................................................................................ 126 Priming..................................................................................................................... ^ Knowledge Bias....................................................................................................... 127 Status Quo Bias....................................................................................................... 127 Ism Biases........................................................................................................... 127 Self-Serving Bias.................................................................................................... 128 Further Reading.......................................................................................................................... 128 Chapter 6: Perverse Incentives and the Cobra Effect 130 The Goal of a Security Vendor Is to Keep You Secure..................................................... 131 Your Cybersecurity Decisions Affect Only You................................................................... 132 Bug Bounties Eliminate Bugs from the Offensive Market............................................... 134 Cyber Insurance Causes People to Take Less Risk.......................................................... 135 Fines and Penalties Cause People to Take Less Risk..................................................... 136 Attacking Back Would Help Stop Cyber Crime................................................................. 137 Innovation Increases Security and Privacy Incidents....................................................... 138 Further Reading.......................................................................................................................... 139 Chapter 7: Problems and Solutions 140 Failure Is Not an Option in Cybersecurity............................................................................ 141 Every Problem Has a Solution................................................................................................. 142 We Can Solve All Our Problems with Big Data............................................ 144 There Is One, and Only One, Correct Solution............................................ 146 Everyone Should Solve a Given Cybersecurity Problem in the Same Way.............................................................................................. 147 Anecdotes Are Good Leads for Cybersecurity Solutions.............................................. 147 Detecting More “Bad Stuff’ Means the New Thing Is an Improvement..................... 148 Every Security Process Should Be Automated................................................................... 149 xiv Table of Contents Professional Certifications Are Useless.................................................................... 151 To Work in Cybersecurity Does (Not) Require a College Degree in Computing..................................................................................... 151 Cybersecurity Certifications Are (Not) Valuable................................... 154 There Is a Shortage of Cybersecurity Talent......................................... 155 There Is a Disconnect Between Study and Practice........................... 156 Further Reading.......................................................................................................... 158 Part III Contextual Issues 161 Chapter 8: Pitfalls of Analogies and Abstractions 162 Cybersecurity Is Like the Physical World................................................................. 165 Cybersecurity Is Like Defending a Castle............................................. 166 Digital Theft Is Like Physical Theft.......................................................... 167 Users Are the “Weakest Link”.............................................................. 167 Cybersecurity Is Like Medicine and Biology............................................................ 170 Cybersecurity Is Like Fighting a War........................................................................ 172 “Cyber Pearl Harbor ........................................................................... 173 Cyber Weapons..................................................................................... 173 Cyber Terrorism..................................................................................... 174 Cybersecurity Law Is Analogous to Physical-World Law......................................... 175 Tips for Analogies and Abstractions........................................................................ 175 Further Reading......................................................................................................... 178 180 Chapter 9: Legal Issues Cybersecurity Law Is Analogous to Physical-World Law......................................... 181 Your Laws Do Not Apply to Me Where IAm........................................................... 182 That Violates My First Amendment Rights!.............................................................. 184 Ignorance of the Law............................................................................ 184 Jurisdictional Differences...................................................................... 185 Table of Contents XV
adam_txt	Contents at a Glance Foreword by Vint Cerf. xxlii Introduction. xxiv Part I General Issues 1 Chapter 1: What is Cybersecurity?. 2 Chapter 2: What Is the Internet?. 36 Part 11 Human Issues Chapter 3: 55 Faulty Assumptions and Magical Thinking. 56 Chapter 4: Fallacies and Misunderstandings. 88 Chapter 5: Cognitive Biases. 110 Chapter 6: Perverse Incentives and the Cobra Effect. 130 Chapter 7: Problems and Solutions. 140 Part III Contextual Issues 161 Chapters: Pitfalls of Analogies and Abstractions. 162 Chapters·. Legal Issues. 180 Chapter 10: Tool Myths and Misconceptions. 198 Chapter 11: Vulnerabilities. 214 Chapter 12: Malware. 244 Chapter 13: Digital Forensics and Incident Response. 266 Part IV Data Issues 287 Chapter 14: Lies, Damn Lies, and Statistics. 288 Chapter 15: Illustrations, Visualizations, and Delusions. 312 Chapter 16: Finding Hope. 326 Appendix: Short Background Explanations. 336 Acronyms. 344 Index. 350 Contents at a Glance Table of Contents Foreword by Vint Cert xxiii Introduction xxiv Acknowledgments xxxiii About the Authors xxxiv Part I General Issues Chapter 1 : What Is Cybersecurity? 1 2 Everyone Knows What “Cybersecurity” Means. 2 We Can Measure How Secure Our Systems Are. 5 Trust and Risk. 8 Threats. 9 Security Policy. 10 And So. 11 The Primary Goal of Cybersecurity Is Security. 11 Cybersecurity Is About Obvious Risks. 12 Sharing More Cyber Threat Intel Will Make Things Better. 14 What Matters to You Matters to Everyone Else. 16 Product X Will Make You Secure. 17 Macs Are Safer Than PCs, Linux Is Safer Than Windows. 18 Open Source Software Is More Secure Than Closed Source Software. 19 Technology X Will Make You Secure. 20 Process X Will Make You Secure. 21 Færie Dust Can Make Old Ideas Magically Revolutionary. 22 Passwords Should Be Changed Often. 23 Believe and Fear Every Hacking Demo You See. 26 Cyber Offense Is Easier Than Defense. 27 Operational Technology (ОТ) Is Not Vulnerable. 29 Breaking Systems Is the Best Way to Establish Yourself. 30 X Table of Contents Because You Can, You Should. 30 Better Security Means Worse Privacy. 32 Further Reading. 33 36 Chapter 2: What Is the Internet? Everyone Knows What the “Internet” Means. 36 An IP Address Identifies a Unique Machine. 37 The Internet Is Managed and Controlled by a Central Body. 39 The Internet Is Largely Static. 40 Your Network Is Static. 41 You Know Your Crown Jewels and Where They Are. 43 Email Is Private. 43 Cryptocurrency Is Untraceable. 44 Everything Can Be Fixed with Blockchain. 46 The Internet Is Like an Iceberg. 46 The Dark Web Is Only for Criminal Activity. 47 Activity on the Dark Web Is Untraceable. 47 A VPN Makes You Anonymous. 48 A Firewall Is Enough. 49 Further Reading. 51 Part II Human Issues 55 Chapter 3: Faulty Assumptions and Magical Thinking 56 Humans Will Behave Rationally, So Blame the User!. 57 We Know Everything We Need to Know About Cybersecurity Problems. 62 Compliance Equals (Complete) Security. 63 Authentication Provides Confidentiality. 65 I Can Never Be Secure, So Why Bother?. 65 I Am Too Small/lnsignificant to Be a Target. 66 Table of Contents xi Everybody Is Out to Get Me. 69 I Engage Only with Trusted Websites, So My Data Is Safe from a Breach. 71 Security by Obscurity Is Reasonably Secure. 72 The Illusions of Visibility and Control. 74 Five 9’s Is the Key to Cybersecurity. 76 Everybody Has Top-of-the-Line Technology. 78 We Can Predict Future Threats. 80 Security People Control Security Outcomes. 81 All Bad Outcomes Are the Result of a Bad Decision. 82 More Security Is Always Better. 84 Best Practices Are Always Best. 85 Because It Is Online It Must Be True/Correct. 86 Further Reading. 87 Chapter 4: Fallacies and Misunderstandings 88 The False Cause Fallacy: Correlation Is Causation. 89 Absence of Evidence Is Evidence of Absence. 92 The Straw Hacker Fallacy. 94 Ad Hominem Fallacy. 95 Hasty Generalization Fallacy. 96 Regression Fallacy. 97 Base Rate Fallacy. Gambler's Fallacy. 98 100 Fallacies of Anomalies. 100 Ignorance of Black Swans. 101 Conjunction and Disjunction Fallacies. 103 Valence Effect. 104 Endowment Effect. 104 xii Table of Contents Sunk Cost Fallacy. 105 Bonus Fallacies. 107 External Appeals. 107 Questionable Evidence. 107 The Loaded Question. 108 False Choices. 108 71/ Quoque. 108 Overloading the Question. 109 Further Reading. 109 Chapter 5: Cognitive Biases 110 Action Bias. 112 Omission Bias. 113 Survivorship Bias. 115 Confirmation Bias. 116 Choice Affirmation Bias. 117 Hindsight Bias. 117 Availability Bias. 119 Social Proof. 121 Overconfidence Bias. 122 Zero Risk Bias. 123 Frequency Bias. 124 Bonus Biases. 125 Outcome Bias. 125 Discounting Bias. 125 Locality Bias. 125 Denomination Bias. 126 Denial or Ostrich Bias. 126 Aura or Halo Bias. 126 Table of Contents Legal Code Supersedes Computer Code. 186 Laws Can Simply Be Converted to Computer Code. 187 Legislators/Regulators/Courts Know Enough About Technology to Regulate It. 188 Laws and Courts Unduly Constrain Developers. 189 Law Enforcement Will Never Respond to Cyber Crimes. 191 You Can Always Hide Information by Suing. 193 Suing to Suppress a Breach Is a Good Idea. 194 Terms and Conditions Are Meaningless. 194 The Law Is on My Side, So I Do Not Need to Worry. 195 Further Reading. 196 Chapter 10: Tool Myths and Misconceptions 198 The More Tools, The Better . 199 Every New Threat Needs a New Tool. 200 Default Configurations Are Always Secure. 201 A Tool Can Stop All Bad Things. 203 Intent Can Be Determined from Tools. 205 Security Tools Are Inherently Secure and Trustworthy. 207 Nothing Found Means All Is Well. 209 Nothing Found by the Scanners Means We Are Secure. 209 No Alarms Means We Are Secure. 210 No Vulnerability Reports Means No Vulnerabilities . 212 Further Reading. 212 Chapter 11 : Vulnerabilities 214 We Know Everything There Is to Know About Vulnerabilities. 215 Vulnerabilities Are Sparse. 218 Attackers Are Getting More Proficient. 218 xvi Table of Contents Zero-Day Vulnerabilities Are Most Important. 219 Zero-Days Are the Scariest . 219 Zero-Days Mean Persistence. 222 All Attacks Hinge on a Vulnerability. 223 Exploits and Proofs of Concept Are Bad. 226 Vulnerabilities Happen Only in Complex Code. 228 First Movers Should Sacrifice Security. 230 Patches Are Always Perfect and Available. 231 Defenses Might Become Security Vulnerabilities with Time. 236 All Vulnerabilities Can Be Fixed. 237 Scoring Vulnerabilities Is Easy and Well Understood. 239 Because You Can, You Should—Vulnerabilities Edition. 240 Vulnerability Names Reflect Their Importance. 241 Further Reading. 242 Chapter 12: Malware 244 Using a Sandbox Will Tell Me Everything I Need to Know. 246 Reverse Engineering Will Tell Me Everything I Need to Know. 249 Malware and Geography Are/Are Not Related. 251 I Can Always Determine Who Made the Malware and Attacked Me. 253 Malware Is Always a Complex Program That Is Difficult to Understand. 254 Free Malware Protection Is Good Enough. 256 Only Shady Websites Will Infect Me. 257 Because You Can, You Should—Malware Edition. 258 Ransomware Is an Entirely New Kind of Malware. 259 Signed Software Is Always Trustworthy. 261 Malware Names Reflect Their Importance. 263 Further Reading. 264 Table of Contents xvii Chapter 13: Digital Forensics and Incident Response 266 Movies and Television Reflect the Reality of Cyber. 267 Incidents Are Discovered as Soon as They Occur. 269 Incidents Are Discrete and Independent. 270 Every Incident Is the Same Severity . 271 Standard Incident Response Techniques Can Deal with Ransomware. 272 Incident Responders Can Flip a Few Switches and Magically Everything Is Fixed. 273 Attacks Are Always Attributable. 276 Attribution Is Essential. 278 Most Attacks/Exfiltration of Data Originate from Outside the Organization. 280 The Trojan Horse Defense Is Dead. 281 Endpoint Data Is Sufficient for Incident Detection. 282 Recovering from an Event Is a Simple and Linear Process. 284 Further Reading. 285 Part IV Data Issues Chapter 14: Lies, Damn Lies, and Statistics 287 288 Luck Prevents Cyber Attacks. 289 The Numbers Speak for Themselves. 290 Probability Is Certainty. 290 Statistics Are Laws. 293 We Need Context. 294 Forecasting an Inference with Statistics. 295 Correlation Implies Causation.297 Errors in Classification Are Insignificant. 301 Data Is Not Important to Statistics. 303 xviii Table of Contents Artificial Intelligence and Machine Learning Can Solve All Cybersecurity Problems. 306 Further Reading. 310 Chapter 15: Illustrations, Visualizations, and Delusions 312 Visualizations and Dashboards Are Inherently and Universally Helpful. 313 Cybersecurity Data Is Easy to Visualize. 319 Visualizing Internet Geolocation Is Useful. 320 Visualizing IPs and Ports Is Clear and Understandable. 323 Further Reading. 324 Chapter 16: Finding Hope 326 Creating a Less Myth-Prone World. 328 The Critical Value of Documentation. 329 Meta-Myths and Recommendations. 331 Meta-Myths. 332 Meta Recommendations.333 Avoiding Other and Future Traps. 334 Parting Thoughts. 334 Appendix: Short Background Explanations 336 Acronyms 344 Index 350 Table of Contents xix One Upmanship. 126 Anchoring Bias. 126 Priming. ^ Knowledge Bias. 127 Status Quo Bias. 127 "Ism" Biases. 127 Self-Serving Bias. 128 Further Reading. 128 Chapter 6: Perverse Incentives and the Cobra Effect 130 The Goal of a Security Vendor Is to Keep You Secure. 131 Your Cybersecurity Decisions Affect Only You. 132 Bug Bounties Eliminate Bugs from the Offensive Market. 134 Cyber Insurance Causes People to Take Less Risk. 135 Fines and Penalties Cause People to Take Less Risk. 136 Attacking Back Would Help Stop Cyber Crime. 137 Innovation Increases Security and Privacy Incidents. 138 Further Reading. 139 Chapter 7: Problems and Solutions 140 Failure Is Not an Option in Cybersecurity. 141 Every Problem Has a Solution. 142 We Can Solve All Our Problems with Big Data. 144 There Is One, and Only One, Correct Solution. 146 Everyone Should Solve a Given Cybersecurity Problem in the Same Way. 147 Anecdotes Are Good Leads for Cybersecurity Solutions. 147 Detecting More “Bad Stuff’ Means the New Thing Is an Improvement. 148 Every Security Process Should Be Automated. 149 xiv Table of Contents Professional Certifications Are Useless. 151 To Work in Cybersecurity Does (Not) Require a College Degree in Computing. 151 Cybersecurity Certifications Are (Not) Valuable. 154 There Is a Shortage of Cybersecurity Talent. 155 There Is a Disconnect Between Study and Practice. 156 Further Reading. 158 Part III Contextual Issues 161 Chapter 8: Pitfalls of Analogies and Abstractions 162 Cybersecurity Is Like the Physical World. 165 Cybersecurity Is Like Defending a Castle. 166 Digital Theft Is Like Physical Theft. 167 Users Are the “Weakest Link”. 167 Cybersecurity Is Like Medicine and Biology. 170 Cybersecurity Is Like Fighting a War. 172 “Cyber Pearl Harbor". 173 Cyber Weapons. 173 Cyber Terrorism. 174 Cybersecurity Law Is Analogous to Physical-World Law. 175 Tips for Analogies and Abstractions. 175 Further Reading. 178 180 Chapter 9: Legal Issues Cybersecurity Law Is Analogous to Physical-World Law. 181 Your Laws Do Not Apply to Me Where IAm. 182 That Violates My First Amendment Rights!. 184 Ignorance of the Law. 184 Jurisdictional Differences. 185 Table of Contents XV
any_adam_object	1
any_adam_object_boolean	1
author	Spafford, Eugene Howard 1956- Dykstra, Josiah Metcalf, Leigh
author2	Spafford, Pattie
author2_role	ill
author2_variant	p s ps
author_GND	(DE-588)1213745993 (DE-588)1082430811
author_facet	Spafford, Eugene Howard 1956- Dykstra, Josiah Metcalf, Leigh Spafford, Pattie
author_role	aut aut aut
author_sort	Spafford, Eugene Howard 1956-
author_variant	e h s eh ehs j d jd l m lm
building	Verbundindex
bvnumber	BV049484786
classification_rvk	ST 277
ctrlnum	(OCoLC)1374342086 (DE-599)DNB1293908193
discipline	Informatik
discipline_str_mv	Informatik
format	Book
fullrecord	<?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>01964nam a22004218c 4500</leader><controlfield tag="001">BV049484786</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="005">20240130 </controlfield><controlfield tag="007">t</controlfield><controlfield tag="008">240103s2023 xxua\|\|\| \|\|\|\| 00\|\|\| eng d</controlfield><datafield tag="015" ind1=" " ind2=" "><subfield code="a">23,N26</subfield><subfield code="2">dnb</subfield></datafield><datafield tag="016" ind1="7" ind2=" "><subfield code="a">1293908193</subfield><subfield code="2">DE-101</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">0137929234</subfield><subfield code="9">0-13-792923-4</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9780137929238</subfield><subfield code="c">: EUR 37.44 (DE) (freier Preis), EUR 37.44 (AT) (freier Preis), CHF 45.20 (freier Preis)</subfield><subfield code="9">978-0-13-792923-8</subfield></datafield><datafield tag="024" ind1="3" ind2=" "><subfield code="a">9780137929238</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1374342086</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)DNB1293908193</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="044" ind1=" " ind2=" "><subfield code="a">xxu</subfield><subfield code="c">US</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-473</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="a">ST 277</subfield><subfield code="0">(DE-625)143643:</subfield><subfield code="2">rvk</subfield></datafield><datafield tag="084" ind1=" " ind2=" "><subfield code="8">1\p</subfield><subfield code="a">004</subfield><subfield code="2">23sdnb</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Spafford, Eugene Howard</subfield><subfield code="d">1956-</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1213745993</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Cybersecurity myths and misconceptions</subfield><subfield code="b">avoiding the hazards and pitfalls that derail us</subfield><subfield code="c">Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra ; illustrations by Pattie Spafford</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Boston</subfield><subfield code="b">Addison-Wesley</subfield><subfield code="c">[2023]</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">xxxv,380 Seiten</subfield><subfield code="b">Illustrationen</subfield><subfield code="c">23.2 cm x 17.8 cm, 700 g</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">n</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">nc</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Dykstra, Josiah</subfield><subfield code="e">Verfasser</subfield><subfield code="0">(DE-588)1082430811</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Metcalf, Leigh</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Spafford, Pattie</subfield><subfield code="4">ill</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Online-Ausgabe</subfield><subfield code="z">9780137929115</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">X:MVB</subfield><subfield code="q">text/html</subfield><subfield code="u">http://deposit.dnb.de/cgi-bin/dokserv?id=4ee162eb481247bda030ed6c1c67b81f&prov=M&dok_var=1&dok_ext=htm</subfield><subfield code="3">Inhaltstext</subfield></datafield><datafield tag="856" ind1="4" ind2="2"><subfield code="m">Digitalisierung UB Bamberg - ADAM Catalogue Enrichment</subfield><subfield code="q">application/pdf</subfield><subfield code="u">http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=034830192&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA</subfield><subfield code="3">Inhaltsverzeichnis</subfield></datafield><datafield tag="999" ind1=" " ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-034830192</subfield></datafield><datafield tag="883" ind1="1" ind2=" "><subfield code="8">1\p</subfield><subfield code="a">vlb</subfield><subfield code="d">20230625</subfield><subfield code="q">DE-101</subfield><subfield code="u">https://d-nb.info/provenance/plan#vlb</subfield></datafield></record></collection>
id	DE-604.BV049484786
illustrated	Illustrated
index_date	2024-07-03T23:18:43Z
indexdate	2024-07-10T10:08:35Z
institution	BVB
isbn	0137929234 9780137929238
language	English
oai_aleph_id	oai:aleph.bib-bvb.de:BVB01-034830192
oclc_num	1374342086
open_access_boolean
owner	DE-473 DE-BY-UBG
owner_facet	DE-473 DE-BY-UBG
physical	xxxv,380 Seiten Illustrationen 23.2 cm x 17.8 cm, 700 g
publishDate	2023
publishDateSearch	2023
publishDateSort	2023
publisher	Addison-Wesley
record_format	marc
spelling	Spafford, Eugene Howard 1956- Verfasser (DE-588)1213745993 aut Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra ; illustrations by Pattie Spafford Boston Addison-Wesley [2023] xxxv,380 Seiten Illustrationen 23.2 cm x 17.8 cm, 700 g txt rdacontent n rdamedia nc rdacarrier Dykstra, Josiah Verfasser (DE-588)1082430811 aut Metcalf, Leigh Verfasser aut Spafford, Pattie ill Erscheint auch als Online-Ausgabe 9780137929115 X:MVB text/html http://deposit.dnb.de/cgi-bin/dokserv?id=4ee162eb481247bda030ed6c1c67b81f&prov=M&dok_var=1&dok_ext=htm Inhaltstext Digitalisierung UB Bamberg - ADAM Catalogue Enrichment application/pdf http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=034830192&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA Inhaltsverzeichnis 1\p vlb 20230625 DE-101 https://d-nb.info/provenance/plan#vlb
spellingShingle	Spafford, Eugene Howard 1956- Dykstra, Josiah Metcalf, Leigh Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us
title	Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us
title_auth	Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us
title_exact_search	Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us
title_exact_search_txtP	Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us
title_full	Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra ; illustrations by Pattie Spafford
title_fullStr	Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra ; illustrations by Pattie Spafford
title_full_unstemmed	Cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra ; illustrations by Pattie Spafford
title_short	Cybersecurity myths and misconceptions
title_sort	cybersecurity myths and misconceptions avoiding the hazards and pitfalls that derail us
title_sub	avoiding the hazards and pitfalls that derail us
url	http://deposit.dnb.de/cgi-bin/dokserv?id=4ee162eb481247bda030ed6c1c67b81f&prov=M&dok_var=1&dok_ext=htm http://bvbr.bib-bvb.de:8991/F?func=service&doc_library=BVB01&local_base=BVB01&doc_number=034830192&sequence=000001&line_number=0001&func_code=DB_RECORDS&service_type=MEDIA
work_keys_str_mv	AT spaffordeugenehoward cybersecuritymythsandmisconceptionsavoidingthehazardsandpitfallsthatderailus AT dykstrajosiah cybersecuritymythsandmisconceptionsavoidingthehazardsandpitfallsthatderailus AT metcalfleigh cybersecuritymythsandmisconceptionsavoidingthehazardsandpitfallsthatderailus AT spaffordpattie cybersecuritymythsandmisconceptionsavoidingthehazardsandpitfallsthatderailus

Verfügbarkeit

Es ist kein Print-Exemplar vorhanden.

Fernleihe Bestellen Achtung: Nicht im THWS-Bestand! Beschreibung

MARC

Datensatz im Suchindex

Es ist kein Print-Exemplar vorhanden.

Ähnliche Einträge