ebook img

Solving Cyber Risk Protecting Your Company and Society PDF

384 Pages·2018·2.741 MB·English
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Solving Cyber Risk Protecting Your Company and Society

(cid:2) TrimSize:6inx9in Coburn490937 ffirs.tex V1-10/27/2018 7:22am Pagei Solving Cyber Risk (cid:2) (cid:2) (cid:2) (cid:2) TrimSize:6inx9in Coburn490937 ffirs.tex V1-10/27/2018 7:22am Pageii Founded in 1807, John Wiley & Sons is the oldest independent publishing company in the United States. With offices in North America, Europe, Australia, and Asia, Wiley is globally committed to developing and marketing print and electronic products and services for our customers’ professionalandpersonalknowledgeandunderstanding. TheWileyFinanceseriescontainsbookswrittenspecificallyforfinance and investment professionals as well as sophisticated individual investors andtheirfinancialadvisors.Booktopicsrangefromportfoliomanagement toe-commerce,riskmanagement,financialengineering,valuationandfinan- cialinstrumentanalysis,aswellasmuchmore. Foralistofavailabletitles,visitourwebsiteatwww.wileyfinance.com. (cid:2) (cid:2) (cid:2) (cid:2) TrimSize:6inx9in Coburn490937 ffirs.tex V1-10/27/2018 7:22am Pageiii Solving Cyber Risk Protecting your company and society (cid:2) ANDREW COBURN (cid:2) ÉIREANN LEVERETT GORDON WOO (cid:2) (cid:2) TrimSize:6inx9in Coburn490937 ffirs.tex V1-10/27/2018 7:22am Pageiv Copyright©2019AndrewCoburn,ÉireannLeverett,andGordonWoo. PublishedbyJohnWiley&Sons,Inc.,Hoboken,NewJersey. PublishedsimultaneouslyinCanada. Nopartofthispublicationmaybereproduced,storedinaretrievalsystem,ortransmittedin anyformorbyanymeans,electronic,mechanical,photocopying,recording,scanning,or otherwise,exceptaspermittedunderSection107or108ofthe1976UnitedStatesCopyright Act,withouteitherthepriorwrittenpermissionofthePublisher,orauthorizationthrough paymentoftheappropriateper-copyfeetotheCopyrightClearanceCenter,Inc.,222 RosewoodDrive,Danvers,MA01923,(978)750-8400,fax(978)646-8600,orontheWeb atwww.copyright.com.RequeststothePublisherforpermissionshouldbeaddressedtothe PermissionsDepartment,JohnWiley&Sons,Inc.,111RiverStreet,Hoboken,NJ07030, (201)748-6011,fax(201)748-6008,oronlineathttp://www.wiley.com/go/permissions. LimitofLiability/DisclaimerofWarranty:Whilethepublisherandauthorhaveusedtheirbest effortsinpreparingthisbook,theymakenorepresentationsorwarrantieswithrespecttothe accuracyorcompletenessofthecontentsofthisbookandspecificallydisclaimanyimplied warrantiesofmerchantabilityorfitnessforaparticularpurpose.Nowarrantymaybecreated orextendedbysalesrepresentativesorwrittensalesmaterials.Theadviceandstrategies containedhereinmaynotbesuitableforyoursituation.Youshouldconsultwitha professionalwhereappropriate.Neitherthepublishernorauthorshallbeliableforanyloss ofprofitoranyothercommercialdamages,includingbutnotlimitedtospecial,incidental, consequential,orotherdamages. Forgeneralinformationonourotherproductsandservicesorfortechnicalsupport,please contactourCustomerCareDepartmentwithintheUnitedStatesat(800)762-2974,outside (cid:2) (cid:2) theUnitedStatesat(317)572-3993,orfax(317)572-4002. Wileypublishesinavarietyofprintandelectronicformatsandbyprint-on-demand.Some materialincludedwithstandardprintversionsofthisbookmaynotbeincludedine-booksor inprint-on-demand.IfthisbookreferstomediasuchasaCDorDVDthatisnotincludedin theversionyoupurchased,youmaydownloadthismaterialathttp://booksupport.wiley.com. FormoreinformationaboutWileyproducts,visitwww.wiley.com. LibraryofCongressCataloging-in-PublicationData Names:Coburn,Andrew(AndrewW.),author.|Leverett,Eireann,author. |Woo,G.,author. Title:Solvingcyberrisk:protectingyourcompanyandsociety/Andrew Coburn,EireannLeverett,GordonWoo. Description:Hoboken,NewJersey:JohnWiley&Sons,Inc.,[2019]|Series: Wileyfinanceseries|Includesbibliographicalreferencesandindex.| Identifiers:LCCN2018035611(print)|LCCN2018037247(ebook)|ISBN 9781119490913(AdobePDF)|ISBN9781119490920(ePub)|ISBN9781119490937 (hardcover)|ISBN9781119490913(ePDF) Subjects:LCSH:Computersecurity.|Dataprotection. Classification:LCCQA76.9.A25(ebook)|LCCQA76.9.A25C5772019(print)| DDC005.8—dc23 LCrecordavailableathttps://lccn.loc.gov/2018035611 CoverDesign:Wiley CoverImage:©iStock.com/scyther5 PrintedintheUnitedStatesofAmerica. 10987654321 (cid:2) (cid:2) TrimSize:6inx9in Coburn490937 ftoc.tex V1-10/27/2018 5:37pm Pagev Contents AbouttheAuthors ix Acknowledgments xi CHAPTER1 CountingtheCostsofCyberAttacks 1 1.1 AnatomyofaDataExfiltrationAttack 1 1.2 AModernScourge 7 1.3 CyberCatastrophes 12 1.4 SocietalCyberThreats 19 1.5 CyberRisk 21 1.6 HowMuchDoesCyberRiskCostOurSociety? 24 (cid:2) (cid:2) Endnotes 30 CHAPTER2 PreparingforCyberAttacks 33 2.1 CyberLossProcesses 33 2.2 DataExfiltration 34 2.3 ContagiousMalwareInfection 41 2.4 DenialofServiceAttacks 56 2.5 FinancialTheft 63 2.6 FailuresofCounterpartiesorSuppliers 68 Endnotes 78 CHAPTER3 CyberEntersthePhysicalWorld 81 3.1 ABriefHistoryofCyber-physicalInteractions 81 3.2 HackingAttacksonCyber-physicalSystems 83 3.3 ComponentsofCyber-physicalSystems 86 3.4 HowtoSubvertCyber-physicalSystems 88 v (cid:2) (cid:2) TrimSize:6inx9in Coburn490937 ftoc.tex V1-10/27/2018 5:37pm Pagevi vi CONTENTS 3.5 HowtoCauseDamageRemotely 91 3.6 UsingCompromisestoTakeControl 92 3.7 OperatingCompromisedSystems 93 3.8 ExpecttheUnexpected 95 3.9 SmartDevicesandtheInternetofThings 99 Endnotes 101 CHAPTER4 GhostsintheCode 103 4.1 AllSoftwareHasErrors 103 4.2 Vulnerabilities,Exploits,andZeroDays 104 4.3 CountingVulnerabilities 108 4.4 VulnerabilityManagement 113 4.5 InternationalCyberResponseandDefense 118 Endnotes 122 CHAPTER5 KnowYourEnemy 125 5.1 Hackers 125 5.2 TaxonomyofThreatActors 127 (cid:2) (cid:2) 5.3 TheInsiderThreat 143 5.4 ThreatActorsandCyberRisk 145 5.5 Hackonomics 147 Endnotes 151 CHAPTER6 MeasuringtheCyberThreat 153 6.1 MeasurementandManagement 153 6.2 CyberThreatMetrics 158 6.3 MeasuringtheThreatforanOrganization 162 6.4 TheLikelihoodofMajorCyberAttacks 170 Endnotes 182 CHAPTER7 Rules,Regulations,andLawEnforcement 183 7.1 CyberLaws 183 7.2 USCyberLaws 186 (cid:2) (cid:2) TrimSize:6inx9in Coburn490937 ftoc.tex V1-10/27/2018 5:37pm Pagevii Contents vii 7.3 EUGeneralDataProtectionRegulation(GDPR) 190 7.4 RegulationofCyberInsurance 192 7.5 AChangingLegalLandscape 194 7.6 ComplianceandLawEnforcement 196 7.7 LawEnforcementandCyberCrime 199 Endnotes 205 CHAPTER8 TheCyber-ResilientOrganization 207 8.1 ChangingApproachestoRiskManagement 207 8.2 IncidentResponseandCrisisManagement 208 8.3 ResilienceEngineering 212 8.4 AttributesofaCyber-resilientOrganization 214 8.5 IncidentResponsePlanning 218 8.6 ResilientSecuritySolutions 219 8.7 FinancialResilience 225 Endnotes 234 CHAPTER9 (cid:2) CyberInsurance 235 (cid:2) 9.1 BuyingCyberInsurance 235 9.2 TheCyberInsuranceMarket 244 9.3 CyberCatastropheRisk 248 9.4 ManagingPortfoliosofCyberInsurance 251 9.5 CyberInsuranceUnderwriting 258 9.6 CyberInsuranceandRiskManagement 263 Endnotes 264 CHAPTER10 SecurityEconomicsandStrategies 267 10.1 Cost-EffectivenessofSecurityEnhancements 267 10.2 CyberSecurityBudgets 271 10.3 SecurityStrategiesforSociety 276 10.4 StrategiesofCyberAttack 283 10.5 StrategiesofNationalCyberDefense 289 Endnotes 294 (cid:2) (cid:2) TrimSize:6inx9in Coburn490937 ftoc.tex V1-10/27/2018 5:37pm Pageviii viii CONTENTS CHAPTER11 TenCyberProblems 295 11.1 SettingProblems 295 1TheCanalSafetyDecisionProblem 298 2TheSoftwareDependencyProblem 300 3TheVulnerabilityInheritanceProblem 301 4TheVulnerabilityCountProblem 302 5TheMalwareOverlapProblem 303 6TheVulnerabilityLifespanProblem 304 7TheBinarySimilarityProblem 304 8TheVirusModificationProblem 306 9TheCyberCriminal’sDilemmaProblem 306 10TheSecurityVerificationProblem 307 Endnotes 308 CHAPTER12 CyberFuture 309 12.1 Cybergeddon 309 12.2 Cybertopia 315 (cid:2) 12.3 FutureTechnologyTrends 321 (cid:2) 12.4 GettingtheCyberRiskFutureWeWant 328 Endnotes 331 References 333 Index 355 (cid:2)

See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.