MFA Access Control Solutions & Protection | Enterprise Password Management | Access Smart

Archive for Book Reviews

“The Secure CEO” Book

How to Protect Your Computer Systems, Your Company, and Your Job

“The Secure CEO: How to Protect Your Computer Systems, Your Company, and Your Job” Packs Plain-English Security Solutions for Executives

The Secure CEO: Data security begins with network access authenticationViruses… hackers… malware… identity theft… security breaches… it’s enough to make any CEO’s head spin. In order to remain  competitive and profitable these days, it’s absolutely imperative that you—and  your organization—take control of your IT issues before they take control of  you!

In his new book The Secure CEO, Vital Systems Security Review expert Mike Foster combines  his considerable Internet technology experience with his innate understanding  of the latest business and security technologies. The result is The Secure CEO, the definitive IT  handbook for CEOs and key executives. And best of all, it’s written in easy-to-follow  “plain english” that readers can understand, regardless of their technological  background.

Foster’s premise is that although CEOs may think their networks and company  information are safe from prying eyes, more often than not they are not. In his  book Foster asks critical questions key executives need to consider, such as:

  • Are you sure  your network isn’t running illegal programs that have been remotely installed  by criminals in other countries without your knowledge?
  • Is your IT  team so under-trained or over-whelmed that daily “fires” keep them from  performing critical security tasks?
  • Are unclear  communication and negative personality types adversely affecting your IT  department?

The  Secure CEO gives you the bottom line answers you need to effectively  analyze your current use of Internet technology. Readers will uncover strategies  to minimize IT security breaches, tactics for keeping their companies safer,  and proven “best practices” to implement to help keep systems secure in the  future.

IT security has never been a more  important business concern. Get The Secure CEO and share its timely information with your entire IT team, key  managers, and other top executives. Cut through the confusion and intimidation  and harness the power of technology for your company’s advantage. The Secure CEO by Mike Foster will help  you protect your computer systems, your company, and your job!

 

Cyber Warfare: Chapter 7.

Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld.

Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…

Chapter 7: Psychological Weapons. Cyber Warfare Techniques Tactics and Tools for Security Practitioners - Book review by Dovell Bonnett of Access Smart.com

Psychological weapons are another tool used in cyber warfare. It is designed to leverage the frailties of people (often refered to as “wetware” by  hackers) to ultimately gain access into computers, networks or infrastructure. While the military may call it PSY OPS, law enforcement uses the term “con artists” and cyber attackers call it “social engineering” it is all the same thing: the use of psychology to manipulate an individual’s beliefs, frailties and motivations in such a way as to knowingly or unknowingly convey valuable information. The authors again do a great job of comparing military operations with civilian ones, I am only going to focus on those that are pertinent to businesses. Read More→

Cyber Warfare: Chapter 6

Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld.

Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…

Chapter 6: Physical Weapons. Cyber Warfare Techniques Tactics and Tools for Security Practitioners - Book review by Dovell Bonnett of Access Smart.com

Chapter 6 it’s all about physical weapons. A key point is how both the physical and logical worlds are tied together in cyberspace. Computers and networks need buildings, utilities, electricity, cooling, etc. to operate. But it is also true that software and applications are what run and manage this infrastructure. These two worlds have a symbiotic relationship. Therefore, the strategy in cyber warfare, as in conventional, is understanding all aspects of a system and determining where are the vulnerabilities.

Read More→

Cyber Warfare: Chapter 5

Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld

Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…

Chapter 5: Logical Weapons.Cyber Warfare Techniques Tactics and Tools for Security Practitioners - Book review by Dovell Bonnett of Access Smart.com

This chapter is chocked full of valuable information. Instead of going through the details of all the tools discussed, I think that startling insight into the defense of these attack tools is more important. I do, however, strongly suggest your read this chapter to get a better perspective on the types and capabilities of the available logical access weapons.

The weapons or tools available to cyber warriors are vast and many are free and open sourced. The non-government and non-military attackers are using common or customized tools. At times the same tools used to investigate an attack are also the same tools used to attack. While many may believe that the government and military warriors have highly specialized tools, the authors suggest that they are using some of the same commercially available tools.

Read More→

Cyber Warfare: Chapter 4

Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners by J. Andress and S. Winterfeld

Cyber warfare is real. That’s why each Friday I will post a review on this book: Cyber Warfare: Techniques, Tactics and Tools for Security Practitioners, and today I am sharing what I am reading in…

Chapter 4: Cyber Warriors.Cyber Warfare Techniques Tactics and Tools for Security Practitioners - Book review by Dovell Bonnett of Access Smart.com

Understanding who the cyber warriors are and their level of training is just as important as the techniques they use. Chapter 4 starts off with defining that there are two types of warriors: Those with no training (most of the current warriors) and those that are now getting trained. The scary part is that because cyber conflicts are becoming more prevalent and invasive, more specialists are needed.

The new cyber warrior will receive certifications (either from vendors and/or organizations) in 1) “general information security”, 2) “penetration testing” and 3) “forensics”. The most prestigious certificates will come out of the Certified Information Systems Security Professionals (CISSP®) but certificates from SysAdmin, Audit, SANS, GIAC and ISACA will also be required for cyber security jobs.

Cyber warriors are typically well-educated but formal education is usually not enough. Master degrees in computer science, engineering, information technology, etc. are required but so are practical knowledge and industry certificates. Today the main source of cyber warfare education is still from the military with National Security Agency (NSA) Center of Academic Excellence (CAE) oversight. After all the formal education is done, these warriors must constantly keep up with the latest attacks and computer technology changes by attending conferences, following blogs, etc. throughout the year. Finally, why experience is important in cyber warfare is that many attackers approach problems from non-conventional ways that are often dismissed or discounted in formal educational environments.

Cyber warriors are quite different from the traditional warrior. Stamina and physical agility is replaced by problem-solving skills, maturity and intelligence. Thus, age and physical conditioning has diminishing importance. The physical conditioning taught in a traditional boot camp is not necessary for cyber warriors. Most cyber warriors like isolation, sitting by their computers for hours and their non-traditional activities to clear their heads. If there was a boot camp, I wonder if the physical training would require the ability to bench press a 6-pack of Mountain Dew.

Just about every developed nation has or is developing cyber-warriors, but they are not the only ones. Corporations and organized crime have their warriors too. Because of the high demand for cyber warriors (for legal or illegal activities) it seems that somebody is willing to look the other way of past indiscretions in order to hire a cyber-warrior. Many times the black-hat hackers who have been caught are then recruited by law enforcement agencies to help find and defend against other attackers. Equally surprising that law abiding crackers (or white hat hackers) could slip over to the dark side for a chance for more money and notoriety.

CONCLUSION:

The number and the sophistication of cyber warfare is going to increase. New warriors are being trained every day. In a recent article about cyber-crimes the FBI predicted that 2012 will be worse than 2011 which was worse than 2010. This should not be a surprise since gaining the knowledge and experience can be done from the comfort of one’s own kitchen table or bedroom desk.