Philosophy of cybersecurity
This is a book for everyone - a wide audience. Experts, academic lecturers, as well as students of technical fields such as computer science and social sciences will find the content interesting.
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Boca Raton, FL :
CRC Press
[2024]
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009825849706719 |
Tabla de Contenidos:
- Cover
- Half Title
- Endorsement Page
- Title Page
- Copyright Page
- Table of Contents
- Preface
- Authors
- Chapter 1: Introduction to the philosophy of cybersecurity
- 1.1 A few words about history
- 1.1.1 The history of viruses and malware
- 1.1.2 Interest groups and hacker groups
- 1.1.3 Why cybersecurity has become important
- 1.2 The gradual increase in the role and importance of cybersecurity
- 1.2.1 The problem of scale
- 1.3 The international and military dimension
- 1.4 What is the philosophy of cybersecurity - how do we understand it?
- 1.5 Is cybersecurity achievable?
- 1.5.1 Confidentiality, integrity, and availability
- 1.5.2 For an ordinary user
- 1.5.3 Business use
- 1.5.4 State
- 1.5.5 The global problem
- 1.5.5.1 The problem of international stability
- 1.6 Important questions and a myth
- 1.6.1 The question of physical destruction
- 1.7 Is cybersecurity even achievable?
- Notes
- Chapter 2: Cyber threats and the necessary clarifications
- 2.1 Risk
- 2.2 Different types of risk
- 2.2.1 Artificial Intelligence and risk
- 2.2.2 Human rights
- 2.3 Briefly about cyberattacks
- 2.4 Kill chain - a useful thought model
- 2.4.1 Reconnaissance
- 2.4.2 Weaponization
- 2.4.3 Delivery
- 2.4.4 Exploitation
- 2.4.5 Installation
- 2.4.6 Command and control
- 2.4.7 Achieving goals
- 2.4.8 Kill chain - summary
- 2.5 The MITRE model
- 2.6 Social engineering and phishing
- 2.6.1 Masquerade in France using the "minister" method
- 2.7 Threat groups
- 2.7.1 Hacktivists
- 2.7.2 Cybercriminals
- 2.7.3 State groups, APT
- 2.7.4 Groups - synthesis
- 2.8 Cyber tools or cyberweapons?
- 2.8.1 Types of tools - a question of aims
- 2.8.1.1 Estonia (2007)
- 2.8.2 Exploit
- 2.9 CVE and security bug branding
- 2.9.1 20-year-old security vulnerabilities?
- 2.9.2 The economy of security bugs and exploits.
- 2.9.3 Frameworks and other tools
- 2.10 Ransomware
- 2.10.1 Data loss and ransom
- 2.10.2 Business model - money is the target
- 2.10.3 How to protect yourself - Rule 3-2-1
- 2.10.4 Geopolitical and legal problem - Corsairs of the twenty-first century ?
- Notes
- Chapter 3: Cybersecurity from the user's point of view
- 3.1 Cybersecurity as a problem of ordinary people
- 3.1.1 Digitization is progressing and what comes of it
- 3.1.2 Do we build dependencies ourselves?
- 3.1.3 Data center on fire - talking about hard luck!
- 3.2 You have to protect yourself - is it possible? HOW DO YOU DO IT?
- 3.2.1 Problems also for experts
- 3.2.2 Security is the increase in costs for attackers
- 3.2.3 Pay attention to what matters
- 3.2.3.1 The question of resources and scale
- 3.2.4 Risk modeling
- 3.2.5 What are the actual threats to us?
- 3.3 The Iron rules
- 3.3.1 Technology is for people
- 3.3.2 Vendors should take care of basic security - the importance of ecosystems
- 3.3.3 The risk surface
- 3.3.3.1 Mapping the ways of use
- 3.3.3.2 Identification of risk points and a selection of solutions
- 3.3.3.3 Legal requirements to the rescue?
- 3.3.4 Up-to-date software
- 3.3.5 The principle of limited trust in what appears on the screen
- 3.3.6 Verifying communication
- 3.3.7 Passwords
- 3.3.7.1 Good passwords
- 3.3.7.2 Breaking passwords is not that easy!
- 3.3.7.3 We don't change good passwords (unless there are good reasons for it)
- 3.3.7.4 Good passwords are long passwords
- 3.3.7.5 Passphrases - Diceware
- 3.3.8 Storing passwords
- 3.3.9 Two- or multi-factor authentication
- 3.3.9.1 Toward passwordless systems
- 3.3.10 Paranoia
- 3.3.11 Up-to-date knowledge
- 3.3.12 Web browser
- 3.3.12.1 Use different browsers
- 3.3.13 Different risks to different "drawers" (or "pigeon holes")
- 3.3.14 Safe e-mail.
- 3.3.14.1 Webmail
- 3.3.14.2 Is big safer?
- 3.3.15 Instant messaging
- 3.3.15.1 Encryption
- 3.3.16 Social media
- 3.3.17 Do we need a VPN? Probably not
- 3.3.17.1 Tor
- 3.3.18 Remember that the threat model depends on who you are and what you do
- 3.4 Are we always in danger and does someone always want to hack us?
- 3.4.1 Not all threats are technical
- 3.4.2 We may not have any influence on some problems
- 3.5 Antivirus software
- 3.6 User privacy - a broad topic
- 3.6.1 Settings
- 3.6.2 Not only bad people have something to hide
- 3.6.3 Smartphone - the center of life
- 3.6.4 What do they know about us?
- 3.6.5 Privacy as a product feature and business advantage
- 3.6.6 Privacy versus technologies and standards
- Notes
- Chapter 4: Cybersecurity of healthcare infrastructure
- 4.1 The digitalization of healthcare is progressing
- 4.1.1 Digitalization and its issues
- 4.1.2 COVID-19 as a digital accelerator
- 4.2 Digitalization and cybersecurity risks
- 4.3 Risks and threats
- 4.3.1 Cyberattacks on hospitals
- 4.3.2 WannaCry ransomware as a driver of cybersecurity funding?
- 4.3.3 Cyberattacks on healthcare in Ireland in 2021
- 4.3.4 Other cyberattacks on healthcare centers
- 4.3.5 Will the insurer cover the losses?
- 4.3.6 Does cyber insurance make sense ?
- 4.3.7 Hospitals are not treating cybersecurity as a priority - and that is reasonable?
- 4.4 Digitalization of diagnostics and new vulnerabilities
- 4.4.1 Risks of implants
- 4.4.2 Data leaks or modification of diagnostics
- 4.4.3 Cyberattacks on the supply chain
- 4.5 Cybersecurity of medical devices
- 4.5.1 Targeted attack on a patient using an insulin pump
- 4.5.2 Targeted attack - battery drain
- 4.5.3 Attacks on medical devices - summary
- 4.6 How to secure a hospital
- 4.6.1 Hardware, software, licenses, updates….
- 4.6.2 What happens in the event of a large-scale cyberattack? Scenario of a systemic cyberattack
- 4.6.2.1 Segmentation, segregation, and isolation
- 4.7 Lethal effects
- 4.7.1 Bad design - Therac-25 system
- 4.7.2 Chasing sensation?
- 4.7.3 Careful with reports?
- 4.7.4 Why kill with a cyberattack ?
- 4.7.4.1 Is it easy to detect death due to a cyberattack?
- 4.8 Okay, but can a cyberattack kill?
- 4.8.1 Cyberattack scenario with lethal consequences - can such a logic bomb be detected?
- 4.8.2 Coordinated battery drain of a medical implant? A scenario
- Notes
- Chapter 5: Cybersecurity of critical infrastructure
- 5.1 Vulnerable part of the State
- 5.1.1 A different classification of cyberattacks
- 5.2 Examples of cyberattacks against critical infrastructure
- 5.2.1 Energy
- 5.2.1.1 Nuclear power plants
- 5.2.1.2 Cyberattacks on energy distribution in Ukraine
- 5.2.1.3 What happens when the power is switched off
- 5.2.1.4 An attempt to turn off the power under wartime conditions?
- 5.2.1.5 How to protect the system
- 5.2.1.6 Blackout as a result of a cyberattack? Scenarios
- 5.2.2 Scenario: Physical destruction of the transformer
- 5.2.2.1 Practical demonstration of physical damage
- 5.2.2.2 Skepticism about reports is recommended
- 5.2.3 Water treatment/sanitation systems
- 5.2.4 Gas and oil
- 5.2.4.1 Siberian pipeline - give it no credence
- 5.3 Securing critical infrastructure
- 5.4 Hacking physical elements
- 5.4.1 Ransomware for industrial systems and PLC worm
- 5.5 Physical effects
- 5.5.1 Stuxnet
- 5.5.2 German steel mill
- 5.6 Transportation systems
- 5.7 What do the States do about it?
- 5.7.1 Europe, USA
- 5.8 The key civilizational issue
- Notes
- Chapter 6: Cybersecurity of a State
- 6.1 What is the cybersecurity of a State?
- 6.1.1 Cybersecurity of citizens, or described more broadly.
- 6.2 Countries have already been hacked
- 6.2.1 Cyber operations against the U.S. political system (2016)
- 6.2.2 Elections, intelligence, and human nature
- 6.2.3 Intentional leaks and their effects
- 6.2.4 Cyber operations against the political system in France (2017)
- 6.2.5 Cyber-enabled information operations aimed at the electoral process
- 6.2.6 Hacking social media accounts - a preface to an information operation?
- 6.2.7 Professional cyber operations
- 6.2.8 Cyber operations and the situation at the Polish-Belarusian border in 2021
- 6.2.9 The case of Taiwan: Outreach and the man from nowhere
- 6.2.10 Attacks elsewhere
- 6.3 Electronic voting as a systemic vulnerability of a State
- 6.3.1 Transparency issues
- 6.3.2 Tread carefully with digitization
- 6.4 A general scenario - cyber-enabled information operation
- 6.5 How countries protect or defend themselves
- 6.5.1 EU GDPR, NIS - when it is worthwhile or necessary to act
- 6.5.2 CERTs and other institutions
- 6.6 Is it possible to secure the State?
- 6.6.1 Elections
- 6.6.2 Political parties
- 6.6.3 Cybersecurity of the electoral staff - a challenge
- 6.6.3.1 Personal issue
- 6.6.3.2 Headquarters/staff cybersecurity strategy
- 6.6.3.3 More about the human factor
- 6.6.3.4 Technical, cloud measures
- 6.6.3.5 Routine deletion of data
- 6.6.4 Cybersecurity as a PR problem
- 6.7 The necessity of a State cybersecurity strategy
- 6.8 Or maybe disconnect from the Internet?
- Notes
- Chapter 7: Cyberconflict and cyberwar
- 7.1 Rivalry and competition between the States
- 7.2 Cyberintelligence, cyberespionage…
- 7.3 Cyber police
- 7.4 Cyber army
- 7.4.1 Standard tools
- 7.4.2 Cyberattack is not an attack
- 7.4.3 Cyber operations
- 7.4.3.1 Defensive cyber operations
- 7.4.3.2 ISR operations
- 7.4.3.3 Offensive operations.
- 7.4.4 Proportions of different operations.
