Ira Winkler, Tracy Celaya Brown

You CAN Stop Stupid (eBook, ePUB)

Stopping Losses from Accidental and Malicious Actions

• Format: ePub

Produktbeschreibung

Stopping Losses from Accidental and Malicious Actions Around the world, users cost organizations billions of dollars due to simple errors and malicious actions. They believe that there is some deficiency in the users. In response, organizations believe that they have to improve their awareness efforts and making more secure users. This is like saying that coalmines should get healthier canaries. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that. It takes a holistic approach to assessing risk combined with technical defenses and countermeasures layered with a security culture and continuous improvement. Only with this kind of defense in depth can organizations hope to prevent the worst of the cybersecurity breaches and other user-initiated losses. Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, Ira Winkler and Dr. Tracy Celaya's You CAN Stop Stupid provides a methodology to analyze potential losses and determine appropriate countermeasures to implement. * Minimize business losses associated with user failings * Proactively plan to prevent and mitigate data breaches * Optimize your security spending * Cost justify your security and loss reduction efforts * Improve your organization's culture Business technology and security professionals will benefit from the information provided by these two well-known and influential cybersecurity speakers and experts.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: John Wiley & Sons
• Seitenzahl: 368
• Erscheinungstermin: 8. Dezember 2020
• Englisch
• ISBN-13: 9781119622048
• Artikelnr.: 60739483

Autorenporträt

Ira Winkler, CISSP, is President of Secure Mentem and is widely viewed as one of the world's most influential security professionals. Ira is the recipient of several prestigious industry awards, including being named "The Awareness Crusader" by CSO magazine in receiving their CSO COMPASS Award. Dr. Tracy Celaya Brown, CISSP, is President of Go Consulting International. She is a sought-after consultant in IT Security Program Management, Organizational Development, and Change Management.

Inhaltsangabe

Forword xiii

Introduction xxvii

I Stopping Stupid is Your Job 1

1 Failure: The Most Common Option 3

History is Not on the Users' Side 4

Today's Common Approach 6

Operational and Security Awareness 6

Technology 7

Governance 8

We Propose a Strategy, Not Tactics 9

2 Users Are Part of the System 11

Understanding Users' Role in the System 11

Users Aren't Perfect 13

"Users" Refers to Anyone in Any Function 13

Malice is an Option 14

What You Should Expect from Users 15

3 What is User-Initiated Loss? 17

Processes 18

Culture 20

Physical Losses 22

Crime 24

User Malice 25

Social Engineering 27

User Error 28

Inadequate Training 29

Technology Implementation 30

Design and Maintenance 31

User Enablement 32

Shadow IT 33

Confusing Interfaces 35

UIL is Pervasive 35

II Foundational Concepts 37

4 Risk Management 39

Death by 1,000 Cuts 40

The Risk Equation 41

Value 43

Threats 47

Vulnerabilities 48

Countermeasures 54

Risk Optimization 60

Risk and User-Initiated Loss 63

5 The Problems with Awareness Efforts 65

Awareness Programs Can Be Extremely Valuable 65

Check-the-Box Mentality 66

Training vs Awareness 68

The Compliance Budget 68

Shoulds vs Musts 70

When It's Okay to Blame the User 72

Awareness Programs Do Not Always Translate into Practice 74

Structural Failings of Awareness Programs 75

Further Considerations 77

6 Protection, Detection, and Reaction 79

Conceptual Overview 80

Protection 81

Detection 82

Reaction 84

Mitigating a Loss in Progress 86

Mitigating Future Incidents 87

Putting It All Together 88

7 Lessons from Safety Science 89

The Limitations of Old-School Safety Science 91

Most UIL Prevention Programs Are Old-School 93

The New School of Safety Science 94

Putting Safety Science to Use 96

Safety Culture 97

The Need to Not Remove All Errors 98

When to Blame Users 100

We Need to Learn from Safety Science 100

8 Applied Behavioral Science 103

The ABCs of Behavioral Science 105

Antecedents 106

Behaviors 111

Consequences 112

Engineering Behavior vs Influencing Behavior 120

9 Security Culture and Behavior 123

ABCs of Culture 125

Types of Cultures 127

Subcultures 130

What is Your Culture? 132

Improving Culture 133

Determining a Finite Set of Behaviors to Improve 134

Behavioral Change Strategies 135

Traditional Project Management 137

Change Management 137

Is Culture Your Ally? 138

10 User Metrics 141

The Importance of Metrics 141

The Hidden Cost of Awareness 142

Types of Awareness Metrics 143

Compliance Metrics 144

Engagement Metrics 145

Behavioral Improvement 147

Tangible ROI 149

Intangible Benefits 149

Day 0 Metrics 150

Deserve More 151

11 The Kill Chain 153

Kill Chain Principles 154

The Military Kill Chain 154

The Cyber Kill Chain and Defense in Depth 155

Deconstructing