Автор: Ishaani Priyadarshini (PhD), Chase Cotton (PhD, CISSP)
Издательство: Apple Academic Press, CRC Press
Год: 2022
Страниц: 435
Язык: английский
Формат: pdf (true)
Размер: 10.07 MB
This book is the first of its kind to introduce the integration of ethics, laws, risks, and policies in cyberspace. The book provides understanding of the ethical and legal aspects of cyberspace along with the risks involved. It also addresses current and proposed cyber policies, serving as a summary of the state of the art cyber laws in the United States. It also, importantly, incorporates various risk management and security strategies from a number of organizations.
Using easy-to-understand language and incorporating case studies, the authors begin with the consideration of ethics and law in cybersecurity and then go on to take into account risks and security policies. The section on risk covers identification, analysis, assessment, management, and remediation. The very important topic of cyber insurance is covered as well—its benefits, types, coverage, etc. The section on cybersecurity policy acquaints readers with the role of policies in cybersecurity and how they are being implemented by means of frameworks. The authors provide a policy overview followed by discussions of several popular cybersecurity frameworks, such as NIST, COBIT, PCI/DSS, ISO series, etc.
Cyber threats, or simply threats, are cybersecurity circumstances or events that are capable of causing harm by way of their outcome. A very common threat is a social-engineering or phishing attack in which an attacker installs a trojan and steals sensitive information from a user’s system, applications. Similarly, DDoS is yet another threat (distributed denial of service (DDOS). While DDoS-ing a site, an administrator can unintentionally leave information unprotected on a production system. This may lead to a data breach, or a storm flooding the ISP (internet service provider)’s data center. Cybersecurity threats are actualized by threat actors. These threat actors may be individuals or entities who have the potential to initiate a threat.
Cyber threats can also become increasingly perilous if they can leverage vulnerabilities for gaining access to systems, which are usually operating systems. Vulnerabilities may be thought of as weaknesses in a system that have the potential to make threat results conceivable and are possibly significantly riskier. A single vulnerability is enough to exploit a system. Consider a simple structured query language (SQL) Injection attack that could give an assailant full command over delicate information. An attacker can possibly chain several exploits together, to take advantage of more than one vulnerability. This will allow the attacker to gain more control. Instances of basic weaknesses are SQL injection, Cross-site Scripting, server misconfigurations, delicate information communicated in plaintext, and that is just the beginning.
Скачать Cybersecurity: Ethics, Legal, Risks, and Policies