Tabla de Contenidos: “…Chapter 2 With Power Comes Responsibility: Hewlett-Packard, Target, the Cops, and the NSA Deduce Your Secrets (ethics) 37 How do we safely harness a predictive machine that can foresee job resignation, pregnancy, and crime? …”

“…Les débats actuels concernant la neutralité des réseaux et la révélation par Edward Snowden des activités de surveillance de la NSA ne sont que la partie immergée de l’iceberg. …”

“…This book is not about protecting yourself from a targeted attack by the NSA; it's about armoring yourself against common hackers and mass surveillance. …”

“…This book is not about protecting yourself from a targeted attack by the NSA; it is about arming yourself against common hackers and mass surveillance. …”

Tabla de Contenidos: “…It Depends on the Context / Scott Charney, Microsoft -- Managing the Intensifying Connectivity of the IoT Era / Brian Talbert, Alaska Airlines -- Cyberspace : Making Some Sense of It All / Chris Inglis, Former NSA Deputy Director -- Authentication, Data Integrity, Nonrepudiation, Availability, and Confidentiality : The Five Pillars of Security / Mike McConnell, Former Director of National Intelligence -- Authentication and Models of Trust / Shannon Lietz, Intuit -- Patching : A Growing Challenge and a Needed Discipline / Chris Richter, Former VP of Global Security Services, CenturyLink -- Conquer or Be Conquered / Renee Tarun, Fortinet -- Fill the Skills Gap with an Environment of Continual Training / Chris McDaniels, CT Cubed, Inc. -- Employee Training is Key for Cybersecurity / Mo Katibeh, AT&T -- Training is a Mindset / Dave Rankin, Verisign -- Cryptography : The Backbone of Cybersecurity / Taher Elgamal, Salesforce -- Cryptography : The Good, the Bad, and the Future / Dan Boneh, Stanford -- Managing Access in Challenging Environments / Erik Devine, Riverside Health -- A Systematic Approach to Access Control / George Do, Equinix -- Successful Segmentation Isn't Separation : It's Collaboration / Colin Anderson, Levi Strauss & Co. -- Why We Need to Segment Networks / Hussein Syed, RWJBarnabas Health -- Visibility : Identifying Pathogens, Risk Factors, and Symptoms of Cyberattacks / Michael Chertoff, Former Secretary, Department of Homeland Security -- 20/20 Insight : Redefining Visibility to Stop Modern Cybercrime Syndicates / Tim Crothers, Target -- The Challenge of Visibility / Daniel Hooper, PIMCO -- In and Out of the Shadows : The Visibility That Inspection Enables is Not Confined to Technology Alone / Ed Amoroso, TAG Cyber -- The Fundamental Importance of Inspection / Michael Johnson, Capital One -- Preparation, Response, and Recovery / Thad Allen, Booz Allen Hamilton -- Cyber Event Recovery / Simon Lambe, Royal Mail -- Shift Your Mindset to Manage Complexity / Michael Daniel, Cyber Threat Alliance -- Seven Steps to Reducing Complexity / Jay Gonzales, Samsung -- Don't Panic! …”

Tabla de Contenidos: “…HIPAA Security RuleHIPAA Privacy Rule; HITECH Breach Reporting; OMB requirements for each agency; References; Chapter 4 - Federal RMF Requirements; Federal civilian agencies; DOD - DIACAP - RMF for DOD IT; IC - ICD 503; FedRAMP; NIST Cybersecurity Framework; References; Chapter 5 - Risk Management Framework; Step 1 - categorization; Step 2 - selection; Step 3 - implementation; Step 4 - assessment; Step 5 - authorization; Step 6 - monitoring; Continuous Monitoring for Current Systems; Chapter 6 - Roles and Responsibilities; Organizational roles; White House; Congress; OMB; NIST; CNSS; NSA…”

“…—Marvin Schaefer, Former Chief Scientist, National Computer Security Center, NSA This highly anticipated book fully introduces the theory and practice of computer security. …”

Tabla de Contenidos: “…-- Characteristics of APTs -- Infamous examples of APTs -- APT28 (Fancy Bear) - the Russian cyber espionage -- APT29 (Cozy Bear) - the persistent intruder -- Lazarus Group - the multifaceted threat -- Equation Group - the cyber-espionage arm of the NSA -- Tailored Access Operations - the cyber arsenal of the NSA -- TTPs used by APTs -- Persistence via AppInit_DLLs -- Persistence by accessibility features -- Persistence by alternate data streams -- Summary -- Chapter 15: Malware Source Code Leaks -- Understanding malware source code leaks -- The Zeus banking Trojan -- Carberp -- Carbanak -- Other famous malware source code leaks -- The impact of source code leaks on the malware development landscape -- Zeus -- Carberp -- Carbanak -- Practical example -- Significant examples of malware source code leaks -- Summary -- Chapter 16: Ransomware and Modern Threats -- Introduction to ransomware and modern threats -- Analysis of ransomware techniques -- Conti -- Hello Kitty -- Case studies of notorious ransomware and modern threats -- Case study one: WannaCry ransomware attack -- Case study two: NotPetya ransomware attack -- Case study three: GandCrab ransomware -- Case study four: Ryuk ransomware -- Modern threats -- Practical example -- Mitigation and recovery strategies -- Summary -- Index -- Other Books You May Enjoy…”

Tabla de Contenidos: “…Organizational ResponsibilitiesOffice of Management and Budget (OMB); National Institute of Standards and Technology (NIST); Department of Defense (DoD); Office of the Director of National Intelligence (ODNI); Department of Homeland Security (DHS); National Security Agency (NSA); General Services Administration (GSA); Government Accountability Office (GAO); Congress; Executive Office of the President; Relevant Source Material; Summary; References; 3 Thinking About Risk; Understanding Risk; Key Concepts; Measuring Risk; Certainty, Uncertainty, and Probability; Assurance; Types of Risk…”

Tabla de Contenidos: “…Cover; Title Page; Copyright Page; Dedication; Contents; About the Authors; Acknowledgments; Introduction; Chapter 1 - Digital Reconnaissance and Surveillance; Digital Reconnaissance and Surveillance; Art and History of Spying; Threat of Digital Reconnaissance and Surveillance; Threat Landscape; Why Spy?; NSA and Edward Snowden; Public Trust; Cybercrime; Why Spy? …”

Tabla de Contenidos: “…Table of Contents; Foreword; About Bob Ayers; Preface; Overview; Recognized Assessment Standards; NSA IAM; CESG CHECK; PCI Data Security Standards; Other Assessment Standards and Associations; Hacking Defined; Organization; Audience; Mirror Site for Tools Mentioned in This Book; Using Code Examples; Conventions Used in This Book; Comments and Questions; Acknowledgments; Guest Authors Featured in This Book; Network Security Assessment; The Business Benefits; IP: The Foundation of the Internet; Classifying Internet-Based Attackers; Assessment Service Definitions…”

“…En enero de 2013, Laura Poitras comenzó a recibir correos electrónicos cifrados firmados por un tal "Citizenfour", que le aseguraba tener pruebas de los programas de vigilancia ilegales dirigidos por la NSA en colaboración con otras agencias de inteligencia en todo el mundo. …”
+información

Tabla de Contenidos: “…Risk Management and Patching -- Building a Patch Management Program -- People -- Process -- Technology -- Summary -- Chapter 3 Secure Configuration -- Regulations, Frameworks, and Laws -- NSA and CISA Top Ten Cybersecurity Misconfigurations -- Default Configurations of Software and Applications -- Improper Separation of User/Administrator Privilege -- Insufficient Internal Network Monitoring -- Lack of Network Segmentation -- Poor Patch Management -- Bypass of System Access Controls -- Weak or Misconfigured Multifactor Authentication Methods -- Lack of Phishing-Resistant MFA -- Insufficient Access Control Lists on Network Shares and Services -- Poor Credential Hygiene -- Unrestricted Code Execution -- Mitigations -- Default Configurations of Software Applications -- Improper Separation of User/Administration Privilege -- Insufficient Network Monitoring -- Poor Patch Management -- Wrapping up the CIS Misconfigurations Guidance -- CIS Benchmarks -- DISA Security Technical Implementation Guides -- Summary -- Chapter 4 Continuous Vulnerability Management -- CIS Control 7-Continuous Vulnerability Management -- Establish and Maintain a Vulnerability Management Process -- Establish and Maintain a Remediation Process -- Perform Automated Operating System Patch Management -- Perform Automated Application Patch Management -- Perform Automated Vulnerability Scans of Internal Enterprise Assets -- Perform Automated Vulnerability Scans of Externally Exposed Enterprise Assets -- Remediate Detected Vulnerabilities -- Continuous Monitoring Practices -- Summary -- Chapter 5 Vulnerability Scoring and Software Identification -- Common Vulnerability Scoring System -- CVSS 4.0 at a Glance -- Base Metrics -- Exploitability Metrics -- Threat Metrics -- Environmental Metrics -- Supplemental Metrics -- Qualitative Severity Rating Scale -- Vector String…”

“…This groundbreaking book features more than 160 commentaries on recent events including the Boston Marathon bombing, the NSA's ubiquitous surveillance programs, Chinese cyber-attacks, the privacy of cloud computing, and how to hack the Papal election. …”

Tabla de Contenidos: “…-- The Path Ahead -- Summary -- Chapter 8 Existing and Emerging Government Guidance -- Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations -- Critical Software -- Security Measures for Critical Software -- Software Verification -- Threat Modeling -- Automated Testing -- Code-Based or Static Analysis and Dynamic Testing -- Review for Hard-Coded Secrets -- Run with Language-Provided Checks and Protection -- Black-Box Test Cases -- Code-Based Test Cases -- Historical Test Cases -- Fuzzing -- Web Application Scanning -- Check Included Software Components -- NIST's Secure Software Development Framework -- SSDF Details -- Prepare the Organization (PO) -- Protect the Software (PS) -- Produce Well-SecuredSoftware (PW) -- Respond to Vulnerabilities (RV) -- NSAs: Securing the Software Supply Chain Guidance Series -- Security Guidance for Software Developers -- Secure Product Criteria and Management -- Develop Secure Code -- Verify Third-PartyComponents -- Harden the Build Environment -- Deliver the Code -- NSA Appendices -- Recommended Practices Guide for Suppliers -- Prepare the Organization -- Protect the Software…”

Tabla de Contenidos: “…-- 7.6 Discussion -- References -- Chapter 8 Communications and the Internet -- 8.1 Early Years -- 8.1.1 The Natural Monopoly -- 8.1.2 The Communications Act of 1996 -- 8.2 Regulatory Structure -- 8.2.1 The Most Important Person in Modern History -- 8.2.2 The First (Modern) Critical Infrastructure -- 8.3 The Architecture of the Communications Sector -- 8.3.1 Physical Infrastructure -- 8.3.2 Wireless Networks -- 8.3.3 Extra-Terrestrial Communication -- 8.3.4 Land Earth Stations -- 8.3.5 Cellular Networks -- 8.3.6 Cell Phone Generations -- 8.3.7 Wi-Fi Technology -- 8.4 Risk and Resilience Analysis -- 8.4.1 Importance of Carrier Hotels -- 8.4.2 The Submarine Cable Network -- 8.4.3 HPM Threats -- 8.4.4 Cellular Network Threats -- 8.4.5 Physical Threats -- 8.5 The Monoculture Internet -- 8.5.1 The Internet Self-Organized -- 8.5.2 The Original Sins -- 8.5.2.1 The DNS -- 8.5.2.2 More Original Sin -- 8.5.3 The Hierarchical Internet -- 8.5.4 Too Many Open Ports -- 8.6 Internet Governance -- 8.6.1 IAB and IETF -- 8.6.2 ICANN Wars -- 8.6.3 ISOC -- 8.6.4 W3C -- 8.6.5 Internationalization -- 8.6.6 Regulation and Balkanization -- 8.6.6.1 Rise of Regulation -- 8.6.6.2 Criticality of the Internet -- 8.7 Green Communications -- 8.7.1 Solar Computing -- 8.7.2 Quantum Communications -- 8.7.3 Adiabatic Logic -- 8.8 Discussion -- References -- Chapter 9 Cyber Threats -- 9.1 Threat Surface -- 9.1.1 Script-kiddies -- 9.1.2 Black Hats -- 9.1.3 Weaponized Exploits -- 9.1.4 Ransomware and the NSA -- 9.2 Basic Vulnerabilities -- 9.2.1 The First Exploit -- 9.2.2 TCP/IP Flaws -- 9.2.3 Open Ports -- 9.2.4 Buffer Overflow Exploits -- 9.2.5 DDoS Attacks -- 9.2.6 Email Exploits -- 9.2.7 Flawed Application and System Software -- 9.2.8 Trojans, Worms, Viruses, and Keyloggers…”

“…But unlike the NSA, 8200 did not have an endless font of resources at its disposal...and, due to secrecy, it couldn't generally buy "off-the-shelf" as a matter of procedure. …”

“…Sari Stern Greene, CISSP, CRISC, CISM, NSA/IAM, is an information security practitioner, author, and entrepreneur. …”