Cybersecurity First Principles
A Reboot of Strategy and Tactics
1st Edition
Published on 31. March 2023
400 pages
978-1-394-17339-6 (ISBN)
Description
The first expert discussion of the foundations of cybersecurity
In Cybersecurity First Principles, Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. The author convincingly lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.
In the book, you'll explore:
* Infosec history from the 1960s until the early 2020s and why it has largely failed
* What the infosec community should be trying to achieve instead
* The arguments for the absolute and atomic cybersecurity first principle
* The strategies and tactics to adopt that will have the greatest impact in pursuing the ultimate first principle
* Case studies through a first principle lens of the 2015 OPM hack, the 2016 DNC Hack, the 2019 Colonial Pipeline hack, and the Netflix Chaos Monkey resilience program
* A top to bottom explanation of how to calculate cyber risk for two different kinds of companies
This book is perfect for cybersecurity professionals at all levels: business executives and senior security professionals, mid-level practitioner veterans, newbies coming out of school as well as career-changers seeking better career opportunities, teachers, and students.
In Cybersecurity First Principles, Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. The author convincingly lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.
In the book, you'll explore:
* Infosec history from the 1960s until the early 2020s and why it has largely failed
* What the infosec community should be trying to achieve instead
* The arguments for the absolute and atomic cybersecurity first principle
* The strategies and tactics to adopt that will have the greatest impact in pursuing the ultimate first principle
* Case studies through a first principle lens of the 2015 OPM hack, the 2016 DNC Hack, the 2019 Colonial Pipeline hack, and the Netflix Chaos Monkey resilience program
* A top to bottom explanation of how to calculate cyber risk for two different kinds of companies
This book is perfect for cybersecurity professionals at all levels: business executives and senior security professionals, mid-level practitioner veterans, newbies coming out of school as well as career-changers seeking better career opportunities, teachers, and students.
More details
Other editions
Additional editions
Book
06/2023
1st Edition
Wiley
€30.50
Shipment within 15-20 days
Content
- Cover
- Title Page
- Copyright Page
- About the Author
- About The Technical Editors
- Acknowledgments
- Contents
- Contents
- Who We Are
- Foreword
- Introduction
- Who Is This Book For?
- What the Book Covers
- Writing Conventions
- Cybersecurity
- Cybersecurity Professionals
- Organizations
- The Cybersecurity Canon Project
- Rick's War Stories
- Book Website
- Road Map
- Chapter 1 First Principles
- Overview
- What Are First Principles?
- Prior Research on Cybersecurity First Principles
- What Is the Atomic Cybersecurity First Principle?
- Is CIA an Absolute First Principle?
- Is Patching an Absolute First Principle?
- Is Preventing Malware an Absolute First Principle?
- Is Incident Response an Absolute First Principle?
- Is Adherence to Security Frameworks an Absolute First Principle?
- Is Adherence to Compliance Regulations an Absolute First Principle?
- The Atomic Cybersecurity First Principle
- Conclusion
- Chapter 2 Strategies
- Overview
- Strategies vs. Tactics
- What Are the Essential Strategies Required for a First Principle Infosec Program?
- Zero Trust Strategy Overview
- Intrusion Kill Chain Prevention Strategy Overview
- Resilience Strategy Overview
- Risk Forecasting Strategy Overview
- Automation Strategy Overview
- Conclusion
- Chpater 3 Zero Trust
- Overview
- The Use Case for Zero Trust: Edward Snowden
- Zero Trust: Overhyped in the Market but. . .
- Cyber Hygiene, Defense in Depth, and Perimeter Defense: Zero Trust Before We Had Zero Trust
- Zero Trust Is Born
- Zero Trust Is a Philosophy, Not a Product
- Meat-and-Potatoes Zero Trust
- Logical and Micro Segmentation
- Vulnerability Management: A Zero Trust Tactic
- Vulnerability Management as an Intelligence Task
- Software Bill of Materials: A Zero Trust Tactic
- Automobile Manufacturing Is Similar to DevOps
- Commercial Code Is Open-Source Code
- Software Supply Chain and Cybersecurity First Principles
- Pertinent SBOM Standards
- Presidential Directive
- Three Tools for Supply-ChainRisk Reduction
- A Bright Future for SBOMs
- Identity Management: A Tactic for Zero Trust
- IAM: IGA and PIM and PAM, Oh My!
- Single Sign-On: A Zero Trust Tactic
- OAuth Process
- SAML Process
- Two-Factor Authentication: A Tactic for Zero Trust
- Types of Two-Factor Authentication
- SMS Verification
- Email Verification
- Authenticator Soft Tokens (Like Google Authenticator, ID.me, Blizzard's Battlenet, and LastPass)
- Push Authentication (from Google, Apple, Microsoft, and Twitter)
- Universal 2nd Factor Authentication
- How Secure Is Two Factor Authentication?
- The Future of Two-Factor Authentication
- Software-Defined Perimeter: A Tactic for Zero Trust
- Software-Defined Perimeter Becomes a New Model
- Why Zero Trust Projects Fail
- Conclusion
- Chapter 4 Intrusion Kill Chain Prevention
- Overview
- The Beginnings of a New Idea
- The Lockheed Martin Kill Chain Paper
- The Kill Chain Model
- Adversary Motivations: Cyber Warfare Morphing Into Low-Level Cyber Conflict
- The Lockheed Martin Cyber Kill Chain Is Great, but. . .
- Kill Chain Models
- The MITRE ATT&CK Framework
- The Department of Defense's Diamond Model
- Some Thoughts About Attribution
- How Many Active Adversary Playbooks Are There?
- The Adversary Intelligence Trifecta: Kill Chain, ATT&CK, and Diamond
- Security Operations Centers: A Tactic for Intrusion Kill Chain Prevention
- Orchestrating the Security Stack: An Intrusion Kill Chain Prevention Tactic
- Cyber Threat Intelligence: A Tactic for All First Principles Strategies but Primarily for Intrusion Kill Chain Prevention
- Cyber Threat Intelligence Operations As a Journey
- Red/Blue/Purple Team Operations: A Tactic for Intrusion Kill Chain Prevention
- Intelligence Sharing: A Tactic for Intrusion Kill Chain Prevention
- Conclusion
- Chapter 5 Resilience
- Overview
- What Is Resilience?
- Resilience Examples
- IT Resilience and Infosec Resilience
- Resilience vs. Resiliency Planning
- Herding the Cats: Responsibility Assignment Matrices
- How to Think About Resilience
- Crisis Handling: A Tactic for Resilience
- RSA Security: A Case Study in Crisis Communications
- Equifax: A Case Study in Crisis Communications
- Desired Outcomes
- Executives Are Busy: Exercise Them Efficiently
- Backups: A Tactic for Resilience
- Backups As a Strategy Against Ransomware
- Option 1: Centralized Backup Platforms for All Data Islands
- Option 2: One-Off Decentralized Backup Systems
- Option 3: DevOps (DevSecOps) for Each Application
- How Do You Get to Carnegie Hall? Practice
- Encryption: A Tactic for Resilience
- Data at Rest and Data in Motion
- The First Principle Encryption Tactic Is Recursive
- Incident Response: A Tactic for Resilience
- The NIST Guides on Cybersecurity and Incident Response
- The Technical Side of Incident Response
- Conclusion
- Chapter 6 Risk Forecasting
- Overview
- Superforecasting, Fermi Estimates, and Black Swans
- Superforecaster Superpowers
- People Don't Think in Terms of Probabilities but Should
- Is Osama Bin Laden in the Bunker?
- Fermi Estimates Are Good Enough
- Black Swans and Resilience
- Changing My Mind
- Bayes Rule: A Different Way to Think About Cybersecurity Risk
- Bayes' Theorem
- Using Bayes to Defeat the Germans in WWII
- Consider the Bayes Rule for Cybersecurity Risk Forecasting
- Risk Forecasting with the Bayes Rule: A Practical Example
- But Wait, What About Me?
- How Do You Incorporate This New Data?
- An Inside-Out Analysis: The First Principles
- An Inside-Out Analysis: The Contoso Corporation
- For the Contoso General View of the Business
- For the Contoso Technical Architecture
- For the Contoso Zero Trust Deployment
- For the Contoso Resilience Deployment
- For the Contoso Intrusion Kill Chain Deployment
- An Inside-Out Analysis: First Principle Strategies
- What Now? Are We Within the Risk Tolerance of the Business?
- Conclusion
- Chapter 7 Automation
- Overview
- Why Security Automation Is Essential
- Early History of Software Development Philosophies
- Agile Becomes the Challenger
- When Do We Start Thinking About Security?
- Coding the Infrastructure
- DevSecOps: An Essential Tactic for Automation
- What Happened to Security?
- DevSecOps on Track
- DevSecOps As a First Principle Strategy
- Final Thoughts About Automation As a Strategy
- Compliance: A First Principle Tactic That Cuts Across All Strategies
- Compliance Industry
- Two Compliance Categories: Ticket to Ride, Penalties, and Fines
- The Probability of Material Impact Due to Noncompliance
- Is Compliance a First Principle Tactic?
- Chaos Engineering for Automation and Resilience
- History of Chaos Engineering
- What Does Chaos Engineering Have to Do with Automation and Resilience?
- Conclusion
- Chapter 8 Summation
- Overview
- Zero Trust
- Intrusion Kill Chain Prevention
- Resilience
- Risk Forecasting
- Automation
- Conclusion
- Index
- EULA
