Cyberwar, Cyberterror, Cybercrime & Cyberactivism (2nd Edition)

Cyberwar, Cyberterror, Cybercrime & Cyberactivism (2nd Edition): An in-depth guide to the role of standards in the cybersecurity environment

JULIE E. MEHAN
Copyright Date: 2014
Published by: IT Governance Publishing
Pages: 376
https://www.jstor.org/stable/j.ctt7zsxqq
  • Cite this Item
  • Book Info
    Cyberwar, Cyberterror, Cybercrime & Cyberactivism (2nd Edition)
    Book Description:

    Successful cyberattacks can damage your organisation, no matter who is behind themThe goals of the cyberterrorist, the cybercriminal, the cyberactivist and the state-sponsored hacker may not be the same - but the outcomes can be equally devastating. Each can cause serious challenges for your organisation, ranging from information theft and disruption of normal operations to loss of reputation or credibility.

    Cyber security is much more than technologyMany books on cybersecurity focus on technical responses to these threats. As important as this is, human fallibility and other known vulnerabilities will still allow hackers to easily break into a system that has not taken account of these factors.

    CyberWar, CyberTerror, CyberCrime and CyberActivismencourages cybersecurity professionals to take a wider view of what cybersecurity means, and to make the most of international standards and best practices to create a culture of cybersecurity awareness within their organizations that complements their technology-based defences.

    A cyber aware workforce equals better securityThis second edition takes a deep look at the changing threats in the cyber landscape, and includes an updated body of knowledge that describes how to acquire, develop, and sustain a secure information environment that goes beyond technology. This enables you to move towards a cyber aware organisational culture that is more robust and better able to deal with a wider range of threats. Related references, as well as recommendations for additional reading, are included at the end of each chapter making this a valuable resource for trainers, researchers and cybersecurity practitioners.

    Order this book today and see how international standards can boost your cyber defences

    eISBN: 978-1-84928-572-8
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 2-4)
  2. PREFACE
    (pp. 5-10)
    Julie E. Mehan
  3. ABOUT THE AUTHOR
    (pp. 11-12)
  4. Table of Contents
    (pp. 13-15)
  5. INTRODUCTION
    (pp. 16-22)

    For persons with knowledge of cybersecurity or security engineering, but not standards and best practices, this book introduces them to the discipline of international standards and best practices and points to references for further knowledge. It supplies the background needed to meaningfully recognize the topic a reference might cover and highlights the references which might be of interest.

    For those with a standards background, the book provides some essential insight into the current world of CyberWar, CyberTerror, CyberCrime and CyberActivism.

    This book cannot, of course, enumerate the knowledge needed in all possible fields in which secure information systems are essential....

  6. CHAPTER 1: TECHNOLOGY IS A DOUBLE-EDGED SWORD
    (pp. 23-38)

    Technology giveth and technology taketh away, and always in equal measure. A new technology sometimes creates more than it destroys. Sometimes, it destroys more than it creates. But it is never one-sided. (Postman, 1990)

    Despite Postman’s dire prediction, society has profited immensely from the development, implementation, and operation of new information technologies. Our lives have been enriched by the increased prosperity, expanded opportunity, and greater variety that advances in information technology provide. But technology can be a double-edged sword. Reconciling technology, privacy, and security to achieve a workable balance can be a daunting task. Organizations across the globe are...

  7. CHAPTER 2: CYBER ATTACK: IT’S A DANGEROUS WORLD FOR INFORMATION SYSTEMS
    (pp. 39-105)

    It doesn’t matter much, does it? If we lose some critical infrastructure, we’re still screwed. (Ryan Russell, Incident analyst at SecurityFocus. com

    In 1981, science fiction author Frederick Pohl published a novel entitledThe Cool War.It describes a future world in which war has been forbidden after the destruction of the oil supply in the Middle East. Despite this ban, however, nations continue to battle at lower levels of conflict. Workers are intentionally infected with virulent strains of flu, power supplies are sabotaged leading to regular power failures, and water supplies are drained. While these actions could not be...

  8. CHAPTER 3: THE HUMAN FACTOR: THE UNDERRATED THREAT
    (pp. 106-130)

    There is a vast selection of available security tools, including firewalls, intrusion detection systems, anti-virus solutions, and so much more. Each tool is designed to perform a very specific function, and using these tools provides one layer of protection for information systems. However, even the very best tools using the most advanced technology and the most secure algorithms cannot guarantee 100% system security. So, what is the weakest link in the security chain? The answer: people.

    People are involved in the development and implementation of security tools, they use the information infrastructure, and they develop and field the applications used...

  9. CHAPTER 4: TRANSITION FROM AN ENVIRONMENT OF ‘FUD’ TO A STANDARDS-BASED ENVIRONMENT
    (pp. 131-133)

    Thus far, this text has centered on establishing a picture of a cyber threat environment. Clearly, cybersecurity has emerged as a discipline focused on countering this boundary-less threat for each nation or organization around the globe. At the same time, creating a successful cyberdefence has become increasingly more complex. Cybersecurity based solely on exclusion or isolation is no longer possible in a world where demand for services and access to information services is ever increasing. Organizations must practice cybersecurity by inclusion, allowing customers, citizens, employees, and business partners the levels of access and information system based services they demand.

    It’s...

  10. CHAPTER 5: ESTABLISHING A CULTURE OF CYBERSECURITY
    (pp. 134-147)

    It is necessary to create a change in attitudes which change the organizational culture. The cultural change is the realization that IT security is critical because a security failure has potentially adverse consequences for everyone. Therefore, IT security is everyone’s job (US National Institute of Standards and Technology).

    When thinking about the term organizational culture, what is the first thing that pops into your mind? Most will respond with something like: ‘It’s how we do things around here.’ That may be true, but it only begins to address the implications of culture.

    In many ways, organizational culture is like personality...

  11. CHAPTER 6: INCREASING INTERNATIONALISM: GOVERNANCE, LAWS, AND ETHICS
    (pp. 148-161)

    We have all been witness to the rise of trans-nationalism in the commercial world and an increase in the free circulation of goods, people, and ideas regardless of national borders. The world of information systems presents the same evolution. Services, networks, information infrastructures, hardware architectures, and application development are occurring in recognition of a world of increasingly nomadic users, mobile components, modular computer software and hardware, outsourced applications, and fluidly exchangeable information. Large digital infrastructures are being deployed as a result of the success of the Internet. An internationally interdependent and interconnected Web provides ubiquitous access and communication.

    This growing...

  12. CHAPTER 7: STANDARDS: WHAT ARE THEY AND WHY SHOULD WE CARE?
    (pp. 162-176)

    The International Organization for Standardization (ISO) defines standards as:

    Documented agreements containing technical specification or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose. (ISO, 2002b)

    With the realization that we face an uncertain security environment, it follows that our security structures must reevaluate their strategies, organization, and processes. In order to be effective, the major security issues that need to be resolved are trust and interoperability, and trust is a complicated issue. First, there is no single acceptable definition of trust....

  13. CHAPTER 8: FROM REACTION TO PROACTION: APPLYING STANDARDS IN AN ENVIRONMENT OF CHANGE AND DANGER
    (pp. 177-314)

    In security parlance, there are essentially two approaches – reactive and proactive. And there is constant debate amongst cybersecurity professionals as to whether proactive security or reactive security is better or is a balance between the two the correct approach. In the reactive approach, those responsible for cybersecurity add security countermeasures on an as-needed basis, typically in response to a given cybersecurity event or incident. ‘We’re in a situation in which we’re basically always putting patches on security and always cleaning up after databases have been hacked into,’ said Stephen Wicker², professor of electrical and computer engineering. ‘The world doesn’t have...

  14. CHAPTER 9: CONCLUSION: WHERE DO WE GO FROM HERE?
    (pp. 315-318)

    If you were looking for a comprehensive manual on how to create an enterprise cybersecurity program, you were likely disappointed in this text.

    There are many other, extremely well written publications that address cybersecurity program specifics. Rather, the intent here was to provide a roadmap for thinking about cybersecurity and the establishment of a successful cybersecurity program through the prism of national and international standards, regulations, guidelines, and best practices and view these as a means to navigate the treacherous waters of an unpredictable cybersecurity environment.

    As part of the conclusion, it might be useful to review a cybersecurity roadmap...

  15. APPENDIX 1: GAP ANALYSIS AREAS OF INTEREST
    (pp. 319-321)
  16. APPENDIX 2: STANDARDS CROSSWALK
    (pp. 322-326)
  17. DEFINITIONS
    (pp. 327-327)
  18. ACRONYMS
    (pp. 328-328)
  19. INDEX
    (pp. 329-348)
  20. ITG RESOURCES
    (pp. 349-352)