Cyberspace and Cybersecurity
Features
- Provides complete coverage of cybersecurity
- Integrates technology with organizational and human factor perspectives
- Offers guidelines for project preparations as well as evaluation criteria
- Reflects research of the cyber environment in different areas including Europe, the United States, and Asia
- Includes access to instructor and student resources—such as electronic presentations, solutions to exercises, and updated references—upon qualified course adoption
Summary
Based on related courses and research on the cyber environment in Europe, the United States, and Asia, Cyberspace and Cybersecurity supplies complete coverage of cyberspace and cybersecurity. It not only emphasizes technologies but also pays close attention to human factors and organizational perspectives.
Detailing guidelines for quantifying and measuring vulnerabilities, the book also explains how to avoid these vulnerabilities through secure coding. It covers organizational-related vulnerabilities, including access authorization, user authentication, and human factors in information security. Providing readers with the understanding required to build a secure enterprise, block intrusions, and handle delicate legal and ethical issues, the text:
- Examines the risks inherent in information system components, namely hardware, software, and people
- Explains why asset identification should be the cornerstone of any information security strategy
- Identifies the traits a CIO must have to address cybersecurity challenges
- Describes how to ensure business continuity in the event of adverse incidents, including acts of nature
- Considers intrusion detection and prevention systems (IDPS), focusing on configurations, capabilities, selection, management, and deployment
Explaining how to secure a computer against malware and cyber attacks, the text’s wide-ranging coverage includes security analyzers, firewalls, antivirus software, file shredding, file encryption, and anti-loggers. It reviews international and U.S. federal laws and legal initiatives aimed at providing a legal infrastructure for what transpires over the Internet. The book concludes by examining the role of the U.S. Department of Homeland Security in our country’s cyber preparedness.
Exercises with solutions, updated references, electronic presentations, evaluation criteria for projects, guidelines to project preparations, and teaching suggestions are available upon qualified course adoption.
Table of Contents
Vulnerabilities in Information Systems
Introduction
Measuring Vulnerability
Avoiding Vulnerabilities through Secure Coding
Mistakes Can Be Good
Threats Classification
Threat Modeling Process
Security Starts at Home
Security in Applications
International Awareness
Exercises
Vulnerabilities in the Organization
Common Organizational Vulnerabilities
Access Authorization and Authentication
Human Factors
Security Services
External Technologies
Wireless Networks
Bluetooth
Passive Vulnerabilities
Active Vulnerabilities
Precautions
Wireless Fidelity
Wi-Fi Precautions at Home
Wi-Fi Precautions at the Hotspot
Wi-Fi Precautions at the Enterprise
Worldwide Interoperability Microwave Access
WiMAX Features
Cloud Computing
Exercises
Risks in Information Systems Infrastructure
Risks in Hardware
Risks in Software
Risks in People
Risks in Laptops
Risks in Cyberspace
Risk Insurance in Cyberspace
Exercises
Secure Information Systems
Introduction
Assets Identification
Assets Communication
Assets Storage
Resource Access Control Facility
Securing the Email Communications
Email Server Side
Email Client Side
Information Security Management
Exercises
Cybersecurity and the CIO
CIO: Personality
Trust and Ethics
Communication and Intelligence
Leadership and Entrepreneurship
Courage and Limitations
CIO: Education
University Degrees
Certifications
CIO: Experience
Experience
CIO: Responsibilities
Data Backup and Archiving
Culture of Security
Cyber Training
Contingency Plans
Liability
CIO: Information Security
Internal Information Security Components
Access Control—Electronic
Access Control—Physical
Cyber Policies
Cyber Awareness and Training
Training
Business Continuity
CIO: The Changing Role
Exercises
Building a Secure Organization
Business Continuity Planning
Business Impact Analysis (BIA)
Business Recovery Strategy (BRS)
Drafting of the BCP
Testing of the BCP
Training in the BCP Implementation
BCP Performance Indicators
System Access Control
System Development and Maintenance
Physical and Environmental Security
Compliance
Personnel Security
Security Organization
Computer and Network Management
Asset Classification and Control
Security Policy
Exercises
Cyberspace Intrusions
IDPS Configuration
Sensors
Processor
Consoles
Network
IDPS Capabilities
Information Acquisition
Information Loggings
Detection Techniques
Prevention Actions
IDPS Management
Implementation
Step One: Features
Step Two: Architecture
Step Three: Installation
Step Four: Testing
Step Five: Activation
Operation
Maintenance
IDPS Classification
Host-Based IDPS
Network-Based IDPS
Network Behavior Analysis System
Wireless IDPS
IDPS Comparison
Exercises
Cyberspace Defense
File Protection Applications
File Backup
Disaster Recovery
History Deletion
Shredding and Wiping
File Undelete
File Encryption
Loggers
Anti-Loggers
PC Performance Applications
Registry Repair
Anti-Rootkits
Antivirus
Junk Files
Fragmentation
Protection Tools
Security Analyzer
Password Analyzer
Firewalls
Packet-Level Filtering
Circuit-Level Filtering
Application-Level Gateway
Email Protection
Exercises
Cyberspace and the Law
International Laws
Europe
United Nations
North Atlantic Treaty Organization
INTERPOL
Impediments to Cyber Law Enforcement
Cyber-Related Laws in the United States
The Commercial Privacy Bill of Rights Act of 2011
The Cybersecurity Act of 2010
The Federal Information Security Management Act of 2002
The USA PATRIOT Act of 2001
The Communications Assistance for Law Enforcement Act of 1994
Computer Security Act of 1987
The Privacy Act of 1974
Cybercrime
Trends in Cyber Abuse
Combating Cybercrime
Exercises
Cyber Warfare and Homeland Security
Cyber Warfare
Cyber Weapons Convention
Cyber Terrorism
Cyber Espionage
Homeland Security
National Cyber Security Division
Cybersecurity Preparedness
Challenges
Distributed Defense
Countermeasures
The Cyber Defense Ecosystem
Cybersecurity Training
Cyber Simulation and Exercises
Exercises
References
Index
Author Bio(s)
Dr. George K. Kostopoulos is a faculty member at the University of Maryland University College, where he serves and teaches as a faculty mentor in the master’s degree programs in cybersecurity and information assurance. Dr. Kostopoulos has an extensive international academic career, having taught in seventeen universities around the world, including Boston University, Texas A&M International University, Florida Atlantic University, the University of Heidelberg (Germany), and the American University of Sharjah (UAE). He is the author of numerous scholarly papers and two other books, Digital Engineering and Greece and the European Economic Community. Dr. Kostopoulos received his master’s and PhD degrees in electrical and computer engineering from the Arizona State University, and a master’s in economics from California State Polytechnic University. He is the founder and editor-in-chief of the Journal of Cybersecurity and Information Assurance and a reviewer of numerous scientific conferences.
Editorial Reviews
…a timely read, and even more so, a trusted resource … covers a great deal of ground very well and its tutorial and comprehensive checklist style pulls even the risk discussions together in an understandable and educational manner that reinforces awareness to the critical attributes found within this manmade domain. … each individual chapter deals with an important and realistic aspect of cybersecurity together with the vulnerabilities and risks. Together, the chapters provide a first-rate overview of this exceedingly complex topic, a perspective that has equally horizontal as well as vertical implications, and will keep the reader cognizant of the interrelationships among the disparate disciplines making up cyberspace.
—Riley Repko, CEO, Trusted Cyber Solutions LLC & Senior Research Fellow, Virginia Tech University
