- Table View
- List View
Cybercrime and Cyber Warfare
by Igor BernikIn order to enable general understanding and to foster the implementation of necessary support measures in organizations, this book describes the fundamental and conceptual aspects of cyberspace abuse. These aspects are logically and reasonably discussed in the fields related to cybercrime and cyberwarfare. The book illustrates differences between the two fields, perpetrators’ activities, as well as the methods of investigating and fighting against attacks committed by perpetrators operating in cyberspace. The first chapter focuses on the understanding of cybercrime, i.e. the perpetrators, their motives and their organizations. Tools for implementing attacks are also briefly mentioned, however this book is not technical and does not intend to instruct readers about the technical aspects of cybercrime, but rather focuses on managerial views of cybercrime. Other sections of this chapter deal with the protection against attacks, fear, investigation and the cost of cybercrime. Relevant legislation and legal bodies, which are used in cybercrime, are briefly described at the end of the chapter. The second chapter deals with cyberwarfare and explains the difference between classic cybercrime and operations taking place in the modern inter-connected world. It tackles the following questions: who is committing cyberwarfare; who are the victims and who are the perpetrators? Countries which have an important role in cyberwarfare around the world, and the significant efforts being made to combat cyberwarfare on national and international levels, are mentioned. The common points of cybercrime and cyberwarfare, the methods used to protect against them and the vision of the future of cybercrime and cyberwarfare are briefly described at the end of the book. Contents 1. Cybercrime. 2. Cyberwarfare. About the Authors Igor Bernik is Vice Dean for Academic Affairs and Head of the Information Security Lab at the University of Maribor, Slovenia. He has written and contributed towards over 150 scientific articles and conference papers, and co-authored 4 books. His current research interests concern information/cybersecurity, cybercrime, cyberwarfare and cyberterrorism.
Cybercrime and Cybersecurity
by Paul A. WattersThe field of cybersecurity and cybercrime is a critical and rapidly evolving area of study. As our society becomes more and more reliant on technology, the risks of cybercrime increase. This book provides a comprehensive introduction to the field, covering both cybercrime and cybersecurity. The book starts by providing an overview of common threats and the risk management view of cybercrime. It explores the different types of threats, such as hacking, malware, phishing, and social engineering, and the various ways in which they can impact individuals, businesses, and society at large. It also introduces the concept of risk management and the different approaches that can be used to manage cyber risks, such as risk avoidance, mitigation, transfer, and acceptance. From there, the book delves into the three key areas of cybersecurity: people, process, and technology. It explores the role of people in cybersecurity, including staffing, psychological profiling, role sensitivity, awareness, training, and education. It also examines the importance of process, including strategy and governance, policy, configuration management, and physical security. Finally, the book explores the critical role of technology, including system security, identification and authentication, authorisation and access control, and cryptography. The book is designed to be accessible to a wide range of readers, from first-year students studying cybercrime and cybersecurity for the first time to seasoned professionals who need to better understand the purpose of cybersecurity programmes and controls. It is written in a clear and concise manner, with each chapter building on the previous one to provide a comprehensive overview of the field. Overall, this book is an essential resource for anyone interested in the field of cybersecurity and cybercrime. It provides a critical introduction to the key concepts, theories, and practices in the field, and is sure to be a valuable reference for years to come.
Cybercrime and Cybersecurity in the Global South
by Nir KshetriIntegrating theories from a wide range of disciplines, Nir Kshetri compares the patterns, characteristics and processes of cybercrime activities in major regions and economies in the Global South such as China, India, the former Second World economies, Latin America and the Caribbean, Sub-Saharan Africa and Middle East and North Africa.
Cybercrime and Cybersecurity in the Global South: Concepts, Strategies and Frameworks for Greater Resilience
by Corlane Barclay Kweku-Muata Osei-Bryson Charlette DonaldsThe Global South is recognized as one of the fastest growing regions in terms of Internet population as well as the region that accounts for the majority of Internet users. However, It cannot be overlooked that with increasing connectivity to and dependence on Internet-based platforms and services, so too is the potential increased for information and cybersecurity threats and attacks. Further, it has long been established that micro, small, and medium enterprises (MSMEs) play a key role in national economies, serving as important drivers of economic growth in Global South economies. Yet, little is known about information security, cybersecurity and cybercrime issues and strategies contextualized to these developing economies and MSMEs. Cybercrime and Cybersecurity in the Global South: Concepts, Strategies and Frameworks for Greater Resilience examines the prevalence, nature, trends and impacts of cyber-related incidents on Global South economies. It further explores cybersecurity challenges, potential threats, and risks likely faced by MSMEs and governments of the Global South. A major thrust of this book is to offer tools, techniques, and legislative frameworks that can improve the information, data, and cybersecurity posture of Global South governments and MSMEs. It also provides evidence-based best practices and strategies relevant to the business community and general Information Communication Technology (ICT) users in combating and preventing cyber-related incidents. Also examined in this book are case studies and experiences of the Global South economies that can be used to enhance students’ learning experience. Another important feature of this book is that it outlines a research agenda to advance the scholarship of information and cybersecurity in the Global South. Features: Cybercrime in the Caribbean Privacy and security management Cybersecurity compliance behaviour Developing solutions for managing cybersecurity risks Designing an effective cybersecurity programme in the organization for improved resilience The cybersecurity capability maturity model for sustainable security advantage Cyber hygiene practices for MSMEs A cybercrime classification ontology
Cybercrime and Digital Deviance
by Roderick S. Graham 'Shawn K. SmithCybercrime and Digital Deviance, Second Edition, combines insights from sociology, criminology, psychology, and cybersecurity to explore cybercrimes such as hacking, identity theft, and romance scams, along with forms of digital deviance such as pornography addiction, trolling, and “canceling” people for perceived violations of norms.Other issues are explored including cybercrime investigations, nation-state cybercrime, the use of algorithms in policing, cybervictimization, and expanded discussion of the theories used to explain cybercrime. Graham and Smith conceptualize the online space as a distinct environment for social interaction, framing their work with assumptions informed by their respective work in urban sociology and spatial criminology, and offering an engaging entry point for understanding what may appear to be a technologically complex course of study. The authors apply a modified version of a typology developed by David Wall: cybertrespass, cyberfraud, cyberviolence, and cyberpornography. This typology is simple enough for students just beginning their inquiry into cybercrime, while its use of legal categories of trespassing, fraud, violent crimes against persons, and moral transgressions provides a solid foundation for deeper study. In this edition each chapter includes a new “Current Events and Critical Thinking” section, using concepts from the chapter to explore a specific event or topic like the effect of disinformation on social cohesion and politics.Taken together, Graham and Smith’s application of a digital environment and Wall’s cybercrime typology makes this an ideal upper-level text for students in sociology and criminal justice. It is also an ideal introductory text for students within the emerging disciplines of cybercrime and cybersecurity.
Cybercrime and Digital Deviance
by Roderick Graham 'Shawn SmithCybercrime and Digital Deviance is a work that combines insights from sociology, criminology, and computer science to explore cybercrimes such as hacking and romance scams, along with forms of cyberdeviance such as pornography addiction, trolling, and flaming. Other issues are explored including cybercrime investigations, organized cybercrime, the use of algorithms in policing, cybervictimization, and the theories used to explain cybercrime. Graham and Smith make a conceptual distinction between a terrestrial, physical environment and a single digital environment produced through networked computers. Conceptualizing the online space as a distinct environment for social interaction links this text with assumptions made in the fields of urban sociology or rural criminology. Students in sociology and criminology will have a familiar entry point for understanding what may appear to be a technologically complex course of study. The authors organize all forms of cybercrime and cyberdeviance by applying a typology developed by David Wall: cybertrespass, cyberdeception, cyberviolence, and cyberpornography. This typology is simple enough for students just beginning their inquiry into cybercrime. Because it is based on legal categories of trespassing, fraud, violent crimes against persons, and moral transgressions it provides a solid foundation for deeper study. Taken together, Graham and Smith’s application of a digital environment and Wall’s cybercrime typology makes this an ideal upper level text for students in sociology and criminal justice. It is also an ideal introductory text for students within the emerging disciplines of cybercrime and cybersecurity.
Cybercrime and Information Technology: The Computer Network Infrastructure and Computer Security, Cybersecurity Laws, Internet of Things (IoT), and Mobile Devices
by Alex AlexandrouCybercrime and Information Technology: Theory and Practice—The Computer Network Infostructure and Computer Security, Cybersecurity Laws, Internet of Things (IoT), and Mobile Devices is an introductory text addressing current technology, trends, and security issues. While many books on the market cover investigations, forensic recovery, and presentation of evidence, and others explain computer and network security, this book explores both, explaining the essential principles governing computers, wireless and mobile devices, the Internet of Things, cloud systems, and their significant vulnerabilities. Only with this knowledge can students truly appreciate the security challenges and opportunities for cybercrime that cannot be uncovered, investigated, and adjudicated unless they are understood. The legal portion of the book is an overview of the legal system in the United States, including cyberlaw standards, and regulations affecting cybercrime. This section includes cases in progress that are shaping and developing legal precedents. As is often the case, new technologies require new statues and regulations—something the law is often slow to move on given the current speed in which technology advances. Key Features: Provides a strong foundation of cybercrime knowledge along with the core concepts of networking, computer security, Internet of Things (IoTs), and mobile devices. Addresses legal statutes and precedents fundamental to understanding investigative and forensic issues relative to evidence collection and preservation. Identifies the new security challenges of emerging technologies including mobile devices, cloud computing, Software-as-a-Service (SaaS), VMware, and the Internet of Things. Strengthens student understanding of the fundamentals of computer and network security, concepts that are often glossed over in many textbooks, and includes the study of cybercrime as critical forward-looking cybersecurity challenges. Cybercrime and Information Technology is a welcome addition to the literature, particularly for those professors seeking a more hands-on, forward-looking approach to technology and trends. Coverage is applicable to all forensic science courses in computer science and forensic programs, particularly those housed in criminal justice departments emphasizing digital evidence and investigation processes. The textbook is appropriate for courses in the Computer Forensics and Criminal Justice curriculum, and is relevant to those studying Security Administration, Public Administrations, Police Studies, Business Administration, Computer Science, and Information Systems. An Instructor’s Manual with Test Bank and chapter PowerPoint slides is available to qualified professors for use in classroom instruction.
Cybercrime and the Law: An Analysis of Legal Governance in Europe
by Filip RadoniewiczThis book provides a comprehensive and synthetic analysis of the legal acts of the Council of Europe and the European Union affecting regulation of cybercrime in EU countries. Technical aspects relating to cybercrime are also discussed. The work explains core ideas, including background, nomenclature, a definition of computer crime and a history of its criminalisation. It examines the Council of Europe’s Convention on Cybercrime, the first international law act governing the subject, and the additional Protocol to the Convention on Cybercrime, dealing with the criminalisation of computer-generated racist and xenophobic acts. The volume discusses European Union regulations, including applicable European Union laws on cybercrime such as the Council Framework Decision 2005/222/JHA and Directive 2013/40/EU on attacks against information systems, and Directive 2011/93/EU on Combating the Sexual Abuse and Sexual Exploitation of Children and Child Pornography. Finally, the work explores issues of cyberterrorism including the dissemination of terrorist content online. The book will be a valuable resource for academics, researchers and policy-makers working in the areas of criminal law, IT law, EU law and cyber security.
Cybercrime in Asia: Policing, Technological Environment, and Cyber-Governance in China and Vietnam (SpringerBriefs in Cybersecurity)
by Laurie Yiu-Chung LauThis work examines the most pressing and contentious issues in cybercrime currently facing the China and Vietnam, and how best to tackle them. The text sets the context for how blocs of nations (including the least ready, the most ready, and those occupying a central position in terms of cybercrime readiness) react to the evolving challenges of cybercrime, with a focus on prevention and control. In this way, the work discusses why certain blocs of nations in the Asia-Pacific region are not at an optimal level of cybercrime readiness despite the rapid pace of technological advancement in this region, and how such nations can become regional leaders in cybercrime readiness.
Cybercrime in Social Media: Theory and Solutions
by Asis Kumar Tripathy Pradeep Kumar RoyThis reference text presents the important components for grasping the potential of social computing with an emphasis on concerns, challenges, and benefits of the social platform in depth. Features: Detailed discussion on social-cyber issues, including hate speech, cyberbullying, and others Discusses usefulness of social platforms for societal needs Includes framework to address the social issues with their implementations Covers fake news and rumor detection models Describes sentimental analysis of social posts with advanced learning techniques The book is ideal for undergraduate, postgraduate, and research students who want to learn about the issues, challenges, and solutions of social platforms in depth.
Cybercrime, Digital Forensics and Jurisdiction (Studies in Computational Intelligence #593)
by Mohamed Chawki Ashraf Darwish Mohammad Ayoub Khan Sapna TyagiThe purpose of law is to prevent the society from harm by declaring what conduct is criminal, and prescribing the punishment to be imposed for such conduct. The pervasiveness of the internet and its anonymous nature make cyberspace a lawless frontier where anarchy prevails. Historically, economic value has been assigned to visible and tangible assets. With the increasing appreciation that intangible data disseminated through an intangible medium can possess economic value, cybercrime is also being recognized as an economic asset. The Cybercrime, Digital Forensics and Jurisdiction disseminate knowledge for everyone involved with understanding and preventing cybercrime - business entities, private citizens, and government agencies. The book is firmly rooted in the law demonstrating that a viable strategy to confront cybercrime must be international in scope.
Cybercrimes: A Multidisciplinary Analysis
by Sumit Ghosh Elliot TurriniDesigned to serve as a reference work for practitioners, academics, and scholars worldwide, this book is the first of its kind to explain complex cybercrimes from the perspectives of multiple disciplines (computer science, law, economics, psychology, etc.) and scientifically analyze their impact on individuals, society, and nations holistically and comprehensively. In particular, the book shows: How multiple disciplines concurrently bring out the complex, subtle, and elusive nature of cybercrimes How cybercrimes will affect every human endeavor, at the level of individuals, societies, and nations How to legislate proactive cyberlaws, building on a fundamental grasp of computers and networking, and stop reacting to every new cyberattack How conventional laws and traditional thinking fall short in protecting us from cybercrimes How we may be able to transform the destructive potential of cybercrimes into amazing innovations in cyberspace that can lead to explosive technological growth and prosperity
Cybercryptography: Applicable Cryptography for Cyberspace Security
by Song Y. YanThis book provides the basic theory, techniques, and algorithms of modern cryptography that are applicable to network and cyberspace security. It consists of the following nine main chapters: Chapter 1 provides the basic concepts and ideas of cyberspace and cyberspace security, Chapters 2 and 3 provide an introduction to mathematical and computational preliminaries, respectively. Chapters 4 discusses the basic ideas and system of secret-key cryptography, whereas Chapters 5, 6, and 7 discuss the basic ideas and systems of public-key cryptography based on integer factorization, discrete logarithms, and elliptic curves, respectively. Quantum-safe cryptography is presented in Chapter 8 and offensive cryptography, particularly cryptovirology, is covered in Chapter 9. This book can be used as a secondary text for final-year undergraduate students and first-year postgraduate students for courses in Computer, Network, and Cyberspace Security. Researchers and practitioners working in cyberspace security and network security will also find this book useful as a reference.
Cyberculture Theorists: Manuel Castells and Donna Haraway (Routledge Critical Thinkers)
by David BellThis book surveys a ‘cluster’ of works that seek to explore the cultures of cyberspace, the Internet and the information society. It introduces key ideas, and includes detailed discussion of the work of two key thinkers in this area, Manuel Castells and Donna Haraway, as well as outlining the development of cyberculture studies as a field. To do this, the book also explores selected ‘moments’ in this development, from the early 1990s, when cyberspace and cyberculture were only just beginning to come together as ideas, up to the present day, when the field of cyberculture studies has grown and bloomed, producing innovative theoretical and empirical work from a diversity of standpoints. Key topics include: life on the screen network society space of flows cyborg methods. Cyberculture Theorists is the ideal starting point for anyone wanting to understand how to theorise cyberculture in all its myriad forms.
Cyberdanger: Understanding and Guarding Against Cybercrime
by Eddy WillemsThis book describes the key cybercrime threats facing individuals, businesses, and organizations in our online world. The author first explains malware and its origins; he describes the extensive underground economy and the various attacks that cybercriminals have developed, including malware, spam, and hacking; he offers constructive advice on countermeasures for individuals and organizations; and he discusses the related topics of cyberespionage, cyberwarfare, hacktivism, and anti-malware organizations, and appropriate roles for the state and the media. The author has worked in the security industry for decades, and he brings a wealth of experience and expertise. In particular he offers insights about the human factor, the people involved on both sides and their styles and motivations. He writes in an accessible, often humorous way about real-world cases in industry, and his collaborations with police and government agencies worldwide, and the text features interviews with leading industry experts. The book is important reading for all professionals engaged with securing information, people, and enterprises. It’s also a valuable introduction for the general reader who wants to learn about cybersecurity.
Cyberdefense: The Next Generation (International Series in Operations Research & Management Science #342)
by Marcus Matthias KeuppThis book analyzes cyberdefense from a novel and interdisciplinary perspective, offering solutions for problems that have long impeded a more efficient defense. It explains why cyberdefense organized and performed by humans is too slow, too cumbersome, and too ineffective. Combining the analytical capabilities of experts in operations research and management, international security studies, economics, risk analysis, and defense management, the volume addresses these problems of current cyberdefense. The authors present suggestions for the next generation of cyberdefense, explaining why the future defense must focus on speeding up responses, why a single response may not be enough, and why effectiveness requires foresight.This makes the book a must-read for scholars, researchers, intelligence analysts, homeland security staff, and professionals who are interested in learning more about the issues of current cyberdefense, as well as solutions for the next generation of cyberdefense.
Cyberdeterrence and Cyberwar
by Martin C. LibickiCyberspace, where information--and hence serious value--is stored and manipulated, is a tempting target. An attacker could be a person, group, or state and may disrupt or corrupt the systems from which cyberspace is built. When states are involved, it is tempting to compare fights to warfare, but there are important differences. The author addresses these differences and ways the United States protect itself in the face of attack.
Cyberdipendenza
by Juan Moisés de la Serna Sara CaceffoLa tecnologia è ogni giorno più presente nelle nostre vite. Questo comporta un evidente progresso, ma anche un pericolo, specialmente fra i più giovani, che possono cadere nella cosiddetta cyberdipendenza . Questa si è convertita in una realtà del giorno d'oggi, un problema di salute che non esisteva affatto appena una decina di anni fa, e che ogni giorno provoca nuove vittime, sempre più giovani. Sebbene le conseguenze a lungo termine siano ancora sconosciute, alcuni studi rivelano che il fenomeno riguarda un 30% dei giovani che usano Internet quotidianamente, presupponendo così che un giovane su tre sia a rischio di sviluppare una dipendenza di tipo comportamentale. Nonostante alcuni paesi stiano iniziando ad adottare misure per prevenire il problema, altri ancora non percepiscono la gravità della situazione, di qui segue la necessità di divulgare i risultati delle ultime indagini in tema e dare visibilità a un problema sociale che richiede misure tanto preventive quanto terapeutiche.
Cyberemotions: Collective Emotions in Cyberspace (Understanding Complex Systems)
by Janusz A. HolystThis is the first monograph of its kind introduces the reader to fundamental definitions, key concepts and case studies addressing the following *What are emotions? How do they emerge, and how are *How can we *What are *When do emotions and *How can we model emotions and their changes? *What role do emotions play in online Edited and authored by leading scientists in the field, this book serves as an introduction and reference resource for researchers working on applications of complex systems methods in the social sciences, as well for social scientists, psychologists, online-community experts and computer scientists. This book provides an excellent overview of the current state-of-art in research on collective emotional interactions mediated by the Internet. This fascinating interdisciplinary research field is shown from perspectives of social scientists, physicists, as well as specialists in data mining and information technology. The book introduces a reader in social phenomena occurring in cyberspace, algorithms needed for automatic sentiment detection and data driven modeling of emotional patterns observed in on-line groups. H. Eugene Stanley, Professor, Boston University We are what we communicate: communicare ergo sum! With the explosive hyper exponential growth of the internet suddenly new ways of communication are emerging that give rise to a digital 'Homo empathicus', each of us suddenly being able to share thoughts and feelings with millions if not billions of others. This book is a true treat, a timely milestone that gives us insight in the co-evolution of the way we interact with each other and the communication technology provided through this new seemingly endless flexible digital world. Prof. Holyst did a great job bringing together real experts in the field of cyber emotions, they give us a reflection of where we come from and, as important, they open up new vistas of where we are going. Peter M. A. Sloot, Professor, University of Amsterdam, the Netherlands, Nanyang University, Singapore The book Cyberemotions embraces the topic of emotion studies in cyberspace from a very rich spectrum of points of view and applications. It is particularly interesting reading the theoretical foundations underlying the concepts of Cyberemotions and how these concepts can be captured, modeled and implemented in real-time applications. Exploring collective emotions in online settings is extremely challenging and opens new directions of research. Catherine Pelachaud, Director of Research CNRS at LTCI, TELECOM ParisTech Logical machines give us a chance to analyze our often illogical behaviors, especially in the vast meadows of the cyberspace. In this important book, authors of different backgrounds present a wide and deep image, not only of methods of analyzing our emotional behavior online but also how the computers can help to break communicational walls the same technology had built. Rafał Rzepka, Professor, Hokkaido University
Cyberfeminism and Artificial Life
by Sarah KemberCyberfeminism and Artificial Life examines the construction, manipulation and re-definition of life in contemporary technoscientific culture. It takes a critical political view of the concept of life as information, tracing this through the new biology and the discourse of genomics as well as through the changing discipline of artificial life and its manifestation in art, language, literature, commerce and entertainment. From cloning to computer games, and incorporating an analysis of hardware, software and 'wetware', Sarah Kember extends current understanding by demonstrating the ways in which this relatively marginal field connects with, and connects up global networks of information systems.Ultimately, this book aims to re-focus concern on the ethics rather than on the 'nature' of life-as-it-could-be.
Cyberformalism: Histories of Linguistic Forms in the Digital Archive
by Daniel ShoreA groundbreaking study of how abstract linguistic signs circulate in literature, intellectual history, and popular culture.Linguistic forms are essential to meaning: like words, they make a semantic contribution to the things we say. We inherit them from past writers and speakers and fill them with different words to produce novel utterances. They shape us and the ways we interpret the world. Yet prevalent assumptions about language and the constraints of print-finding tools have kept linguistic forms and their histories hidden from view. Drawing on recent work in cognitive and construction grammar along with tools and methods developed by corpus and computational linguists, Daniel Shore’s Cyberformalism represents a new way forward for digital humanities scholars seeking to understand the textual past. Championing a qualitative approach to digital archives, Shore uses the abstract pattern-matching capacities of search engines to explore precisely those combinatory aspects of language—word order, syntax, categorization—discarded by the "bag of words" quantitative methods that are dominant in the digital humanities. While scholars across the humanities have long explored the histories of words and phrases, Shore argues that increasingly sophisticated search tools coupled with growing full-text digital archives make it newly possible to study the histories of linguistic forms. In so doing, Shore challenges a range of received metanarratives and complicates some of the most basic concepts of literary study. Touching on canonical works by Shakespeare, Milton, Wordsworth, and Kant, even as it takes the full diversity of digitized texts as its purview, Cyberformalism asks scholars of literature, history, and culture to revise nothing less than their understanding of the linguistic sign.
Cybergefahr: Wie wir uns gegen Cyber-Crime und Online-Terror wehren können
by Eddy WillemsMan kann online wählen, Rechnungen bezahlen und Tickets kaufen - aber wie sicher ist das? Überall lauern Viren, Spam, Hackerangriffe und sogar Cyber-Spione. Wie kann man sich schützen und wie sollte man dem Phänomen Cyber-Crime begegnen? Der bekannte Security-Experte Eddy Willems gibt einen Überblick über Online-Gefahren und Möglichkeiten, sich vor ihnen zu schützen. Er erläutert spannend die Vergangenheit, Gegenwart und Zukunft des Cyber-Crime.
Cyberidentities: Canadian and European Presence in Cyberspace
by Leen D'HaenensThis innovative study explores diverse aspects of Canadian and European identity on the information highway and reaches beyond technical issues to confront and explore communication, culture and the culture of communication.
Cyberinsurance Policy: Rethinking Risk in an Age of Ransomware, Computer Fraud, Data Breaches, and Cyberattacks (Information Policy)
by Josephine WolffWhy cyberinsurance has not improved cybersecurity and what governments can do to make it a more effective tool for cyber risk management.As cybersecurity incidents—ranging from data breaches and denial-of-service attacks to computer fraud and ransomware—become more common, a cyberinsurance industry has emerged to provide coverage for any resulting liability, business interruption, extortion payments, regulatory fines, or repairs. In this book, Josephine Wolff offers the first comprehensive history of cyberinsurance, from the early &“Internet Security Liability&” policies in the late 1990s to the expansive coverage offered today. Drawing on legal records, government reports, cyberinsurance policies, and interviews with regulators and insurers, Wolff finds that cyberinsurance has not improved cybersecurity or reduced cyber risks. Wolff examines the development of cyberinsurance, comparing it to other insurance sectors, including car and flood insurance; explores legal disputes between insurers and policyholders about whether cyber-related losses were covered under policies designed for liability, crime, or property and casualty losses; and traces the trend toward standalone cyberinsurance policies and government efforts to regulate and promote the industry. Cyberinsurance, she argues, is ineffective at curbing cybersecurity losses because it normalizes the payment of online ransoms, whereas the goal of cybersecurity is the opposite—to disincentivize such payments to make ransomware less profitable. An industry built on modeling risk has found itself confronted by new technologies before the risks posed by those technologies can be fully understood.
Cyberjutsu: Cybersecurity for the Modern Ninja
by Ben McCartyLike Sun Tzu's Art of War for Modern Business, this book uses ancient ninja scrolls as the foundation for teaching readers about cyber-warfare, espionage and security.Cyberjutsu presents a practical cybersecurity field guide based on the techniques, tactics, and procedures (TTPs) of the ancient ninja. Author Ben McCarty, a cyber warfare specialist and former NSA developer, analyzes once-secret Japanese scrolls, drawing parallels to modern infosec concepts to provide unique insights on defensive and offensive security. He translates the training methodologies of Japan&’s most notorious covert agents—history&’s first advanced persistent threat (APT)—into highly effective practices for countering information warfare, espionage, supply-chain attacks, zero-day exploits, and more. Each chapter examines one TTP in detail—like assessing gaps in a target&’s defense, striking where the enemy is negligent, and mastering the art of invisibility—and explains what the concept can teach us about the current cybersecurity landscape. McCarty recommends in-depth mitigations and security controls, mapped to the NIST 800-53 standard, and a &“Castle Theory Thought Exercise&” that helps you apply the ancient lesson to protect your castle (network) from enemy ninja (cyber threat actors). You&’ll discover the effectiveness of ancient social engineering strategies and trap-based security controls; see why mapping your network like an adversary gives you the advantage; and apply lessons from old-world tools, like the &“ninja ladder,&” to prevent attacks. Topics also include: • Threat modeling, threat intelligence, and targeted controls • Countermeasures like network sensors, time-based controls, airgaps, and improved authentication protocols • Profiles of insider threats, and ways to recognize them in employees • Covert communication TTPs and their implications for malware command and control (C2) • Methods for detecting attackers, preventing supply-chain attacks, and defending against zero-day exploits In this book, you&’ll see the astonishing power of ninja information-gathering processes—and how adopting them just might be the key to innovating contemporary cybersecurity models.