Additional Information
Book Details
Abstract
Nearly every day we hear news that customer data has been compromised or new bugs have been discovered, leaving it open to the risk of falling into the wrong hands. Cyber security is more essential today than ever, not just in the workplace but at home too. This book covers the various types of cyber threat and explains what you can do to mitigate these risks and keep your data secure.
'David takes the reader on an engaging and informative journey covering the major topics that make up cyber security. Highly recommended for anyone interested in learning at a high level what cyber security is, what it means and why it is important.'
Adrian Davis
Nearly every day we hear news that customer data has been compromised or new bugs have been discovered, leaving personal details open to the risk of falling into the wrong hands. Cyber security is more essential today than ever, not just in the workplace but at home too.
This book covers the various types of cyber threat and explains what you can do to mitigate these risks and keep your data secure. The book is crucial reading for businesses wanting to better understand security risks and ensure the safety of organisational and customer data but will also be valuable to anyone concerned with data protection.
'The book is well informed, elegantly composed and an intriguing read.... Simply exemplary!'
Emmanuel Ojo Ademola FBCS
'The BCS Cyber Security book is well written and easy to read, which is unusual in a book addressing this subject matter.
The author takes the time to describe his interpretation of “Cyber” as this term is often misused both within and outside the industry.
The book makes many references to real world examples and their consequences. This helps to illuminate the threats and vulnerabilities and helps us understand the possible actions that should be taken.
The book is well structured with two major sections; Cyber Security Problems - encompassing Cyber Security Issues, Targets, Vulnerabilities, Threats and Impacts and Improving Cyber Security - encompassing Risk Management, Business Continuity, Disaster Recovery and risk mitigations. The final part of the book is a comprehensive analysis of applicable standards, good practice guidelines and the law.
This practitioners guide is a must have for those with an interest in information security, either as a potential career or to expand their general business knowledge. Highly recommended!'
Terry Neal
David Sutton's career in IT spans nearly 50 years and includes voice and data networking, information security and critical information infrastructure protection. He has delivered lectures on information risk management and business continuity at Royal Holloway University of London from where he holds an MSc in Information Security. He is also the author of Information Risk Management and a co-author of Information Security Management Principles (2nd edition).
Table of Contents
Section Title | Page | Action | Price |
---|---|---|---|
Cover | Cover | ||
Copyright | iv | ||
CONTENTS | vii | ||
LIST OF FIGURES AND TABLES | x | ||
AUTHOR | xi | ||
ACKNOWLEDGEMENTS | xii | ||
ABBREVIATIONS | xiii | ||
PREFACE | xvi | ||
GLOSSARY | xxi | ||
PART I CYBER SECURITY PROBLEMS | 1 | ||
1. INTRODUCTION | 3 | ||
BACKGROUND | 3 | ||
THE EXPECTATIONS OF USERS AND ORGANISATIONS | 9 | ||
CYBER SECURITY IN THE WIDER CONTEXT | 10 | ||
2. THE BIG ISSUES | 12 | ||
CYBERCRIME | 12 | ||
CYBER HARASSMENT OR CYBER BULLYING | 16 | ||
CYBER WARFARE | 18 | ||
CYBER SURVEILLANCE | 21 | ||
WHY WE SHOULD CARE | 29 | ||
WHAT MAKES CYBER SECURITY DIFFICULT? | 30 | ||
3. CYBER TARGETS | 34 | ||
INDIVIDUAL TARGETS | 34 | ||
BUSINESS TARGETS | 35 | ||
CRITICAL NATIONAL INFRASTRUCTURE TARGETS | 35 | ||
BUILDING TARGETS | 45 | ||
ACADEMIA AND RESEARCH TARGETS | 46 | ||
MANUFACTURING AND INDUSTRY TARGETS | 47 | ||
4. CYBER VULNERABILITIES AND IMPACTS | 50 | ||
CYBER VULNERABILITIES | 50 | ||
CYBER IMPACTS | 58 | ||
5. CYBER THREATS | 64 | ||
TYPES OF ATTACKER | 65 | ||
MOTIVES – WHAT DRIVES AN ATTACKER | 69 | ||
MEANS | 73 | ||
CYBER-ATTACK METHODS | 74 | ||
TYPES OF CYBER-ATTACK AND ATTACK VECTORS | 76 | ||
THE RISKS OF CONDUCTING A CYBER-ATTACK | 82 | ||
PART II IMPROVING CYBER SECURITY | 85 | ||
6. RISK MANAGEMENT OVERVIEW | 87 | ||
A GENERAL VIEW OF RISK | 87 | ||
ASSETS | 88 | ||
VULNERABILITIES | 88 | ||
LIKELIHOOD OR PROBABILITY | 89 | ||
QUALITATIVE AND QUANTITATIVE ASSESSMENTS | 90 | ||
THE RISK MANAGEMENT PROCESS | 90 | ||
7. BUSINESS CONTINUITY AND DISASTER RECOVERY | 99 | ||
BUSINESS CONTINUITY | 101 | ||
DISASTER RECOVERY | 103 | ||
8. BASIC CYBER SECURITY STEPS | 107 | ||
GENERAL SECURITY ADVICE | 107 | ||
TECHNICAL SECURITY ADVICE | 115 | ||
MOBILE WORKING | 122 | ||
9. ORGANISATIONAL SECURITY STEPS | 125 | ||
SECURITY POLICIES OVERVIEW | 125 | ||
DIRECTIVE POLICIES | 127 | ||
ADMINISTRATIVE POLICIES | 128 | ||
COMMUNAL POLICIES | 135 | ||
TECHNICAL POLICIES | 136 | ||
10. AWARENESS AND TRAINING | 141 | ||
AWARENESS | 142 | ||
TRAINING | 147 | ||
11. INFORMATION SHARING | 149 | ||
TRUST | 150 | ||
INFORMATION CLASSIFICATION | 150 | ||
PROTECTION OF SHARED INFORMATION | 151 | ||
ANONYMISATION OF SHARED INFORMATION | 152 | ||
ROUTES TO INFORMATION SHARING | 153 | ||
PART III APPENDICES | 157 | ||
APPENDIX A – STANDARDS | 159 | ||
CYBER SECURITY STANDARDS | 160 | ||
ISO/IEC 27000 SERIES STANDARDS | 160 | ||
OTHER RELEVANT ISO STANDARDS | 166 | ||
BUSINESS CONTINUITY STANDARDS | 167 | ||
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) STANDARDS | 169 | ||
APPENDIX B – GOOD PRACTICE GUIDELINES | 171 | ||
GENERAL CYBER SECURITY ADVICE | 171 | ||
UK GOVERNMENT CYBER SECURITY ADVICE | 172 | ||
APPENDIX C – CYBER SECURITY LAW | 173 | ||
UK LAW | 173 | ||
EU DIRECTIVES AND REGULATIONS | 176 | ||
OTHER RELEVANT LEGISLATION | 178 | ||
APPENDIX D – CYBER SECURITY TRAINING | 180 | ||
APPENDIX E – LINKS TO OTHER USEFUL ORGANISATIONS | 183 | ||
FURTHER READING | 184 | ||
Index | 186 | ||
Back Cover | 194 |