Название: Cybersecurity First Principles: A Reboot of Strategy and Tactics Автор: Rick Howard Издательство: Wiley Год: 2023 Страниц: 401 Язык: английский Формат: pdf (true) Размер: 10.1 MB
Since the 1970s, infosec practitioners have been incrementally improving the overall security landscape without ever taking a moment to consider if they were going in the right strategic direction in the first place. The author makes the case that they weren't. The general direction wasn't wrong per se, but the thought leaders in the space never got to the root of the problem. Retracing the footsteps of scientific thought leaders like Descartes and Elon Musk, this book makes the case for the ultimate cybersecurity first principle and outlines the strategies and tactics necessary to pursue it.
In 2022, IT and security professionals use terms such as DevOps, DevSecOps, and site reliability engineering to describe philosophies and best practices around rapid software development and infrastructure as code. And yet, the infosec community has been slow to adopt the ideas. In an Internet world where data is king, security practitioners still rely on tools and semimanual processes to get the work done. Some of the tools like security orchestration, automation and response (SOAR) and security information and event management (SIEM) are quite good, but they are half measures. They haven’t allowed the infosec community to embrace the infrastructure-as-code models. It’s one thing to collect telemetry from the security stack and to automatically parse the data to remove the noise from the signal.
I use the term cybersecurity as a catchall for the work that practioners do. Over the years, the community has adopted many synonyms that have the same meaning. Here are just a few:
• Digital security • IT security • Information technology (IT) security • Information security (infosec)
A reboot of infosec strategy and tactics, this book explains: - Why a first principle approach is necessary - Five strategies that emerge because of it: Zero Trust, Intrusion Kill Chain Prevention, Resilience, Automation and Risk Forecasting - Hands-on tactics to achieve each strategy
Who Is This Book For? The first group consists of security executives. These are my peers, colleagues, and the people who work for them in the cybersecurity industry supporting the commercial sector, government circles (both policy and technical), and academia. With this first principles notion, my intent is to challenge how these network defender veterans think about cybersecurity. The second group consists of the newbies coming into the field. These would be young and fresh- faced college graduates, government civil servants transitioning into the commercial sector, and career changers who are tired of what they have been doing and look to cybersecurity to be more interesting and lucrative. The last group will consist of teachers and students at the elementary through graduate levels. Within the cybersecurity discipline there exist numerous, valuable, and fascinating by-waters of study that many students and educators feel are loosely connected and, because of the volume, quickly become overwhelming.
Скачать Cybersecurity First Principles: A Reboot of Strategy and Tactics