Menu Expand
Cyber Security

Cyber Security

David Sutton

(2017)

Additional Information

Abstract

Nearly every day we hear news that customer data has been compromised or new bugs have been discovered, leaving it open to the risk of falling into the wrong hands. Cyber security is more essential today than ever, not just in the workplace but at home too. This book covers the various types of cyber threat and explains what you can do to mitigate these risks and keep your data secure.
'David takes the reader on an engaging and informative journey covering the major topics that make up cyber security. Highly recommended for anyone interested in learning at a high level what cyber security is, what it means and why it is important.'
Adrian Davis
Nearly every day we hear news that customer data has been compromised or new bugs have been discovered, leaving personal details open to the risk of falling into the wrong hands. Cyber security is more essential today than ever, not just in the workplace but at home too. This book covers the various types of cyber threat and explains what you can do to mitigate these risks and keep your data secure. The book is crucial reading for businesses wanting to better understand security risks and ensure the safety of organisational and customer data but will also be valuable to anyone concerned with data protection.
'The book is well informed, elegantly composed and an intriguing read.... Simply exemplary!'
Emmanuel Ojo Ademola FBCS
'The BCS Cyber Security book is well written and easy to read, which is unusual in a book addressing this subject matter. The author takes the time to describe his interpretation of “Cyber” as this term is often misused both within and outside the industry. The book makes many references to real world examples and their consequences. This helps to illuminate the threats and vulnerabilities and helps us understand the possible actions that should be taken. The book is well structured with two major sections; Cyber Security Problems - encompassing Cyber Security Issues, Targets, Vulnerabilities, Threats and Impacts and Improving Cyber Security - encompassing Risk Management, Business Continuity, Disaster Recovery and risk mitigations. The final part of the book is a comprehensive analysis of applicable standards, good practice guidelines and the law. This practitioners guide is a must have for those with an interest in information security, either as a potential career or to expand their general business knowledge. Highly recommended!'
Terry Neal
David Sutton's career in IT spans nearly 50 years and includes voice and data networking, information security and critical information infrastructure protection. He has delivered lectures on information risk management and business continuity at Royal Holloway University of London from where he holds an MSc in Information Security. He is also the author of Information Risk Management and a co-author of Information Security Management Principles (2nd edition).

Table of Contents

Section Title Page Action Price
Cover Cover
Copyright iv
CONTENTS vii
LIST OF FIGURES AND TABLES x
AUTHOR xi
ACKNOWLEDGEMENTS xii
ABBREVIATIONS xiii
PREFACE xvi
GLOSSARY xxi
PART I CYBER SECURITY PROBLEMS 1
1. INTRODUCTION 3
BACKGROUND 3
THE EXPECTATIONS OF USERS AND ORGANISATIONS 9
CYBER SECURITY IN THE WIDER CONTEXT 10
2. THE BIG ISSUES 12
CYBERCRIME 12
CYBER HARASSMENT OR CYBER BULLYING 16
CYBER WARFARE 18
CYBER SURVEILLANCE 21
WHY WE SHOULD CARE 29
WHAT MAKES CYBER SECURITY DIFFICULT? 30
3. CYBER TARGETS 34
INDIVIDUAL TARGETS 34
BUSINESS TARGETS 35
CRITICAL NATIONAL INFRASTRUCTURE TARGETS 35
BUILDING TARGETS 45
ACADEMIA AND RESEARCH TARGETS 46
MANUFACTURING AND INDUSTRY TARGETS 47
4. CYBER VULNERABILITIES AND IMPACTS 50
CYBER VULNERABILITIES 50
CYBER IMPACTS 58
5. CYBER THREATS 64
TYPES OF ATTACKER 65
MOTIVES – WHAT DRIVES AN ATTACKER 69
MEANS 73
CYBER-ATTACK METHODS 74
TYPES OF CYBER-ATTACK AND ATTACK VECTORS 76
THE RISKS OF CONDUCTING A CYBER-ATTACK 82
PART II IMPROVING CYBER SECURITY 85
6. RISK MANAGEMENT OVERVIEW 87
A GENERAL VIEW OF RISK 87
ASSETS 88
VULNERABILITIES 88
LIKELIHOOD OR PROBABILITY 89
QUALITATIVE AND QUANTITATIVE ASSESSMENTS 90
THE RISK MANAGEMENT PROCESS 90
7. BUSINESS CONTINUITY AND DISASTER RECOVERY 99
BUSINESS CONTINUITY 101
DISASTER RECOVERY 103
8. BASIC CYBER SECURITY STEPS 107
GENERAL SECURITY ADVICE 107
TECHNICAL SECURITY ADVICE 115
MOBILE WORKING 122
9. ORGANISATIONAL SECURITY STEPS 125
SECURITY POLICIES OVERVIEW 125
DIRECTIVE POLICIES 127
ADMINISTRATIVE POLICIES 128
COMMUNAL POLICIES 135
TECHNICAL POLICIES 136
10. AWARENESS AND TRAINING 141
AWARENESS 142
TRAINING 147
11. INFORMATION SHARING 149
TRUST 150
INFORMATION CLASSIFICATION 150
PROTECTION OF SHARED INFORMATION 151
ANONYMISATION OF SHARED INFORMATION 152
ROUTES TO INFORMATION SHARING 153
PART III APPENDICES 157
APPENDIX A – STANDARDS 159
CYBER SECURITY STANDARDS 160
ISO/IEC 27000 SERIES STANDARDS 160
OTHER RELEVANT ISO STANDARDS 166
BUSINESS CONTINUITY STANDARDS 167
NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) STANDARDS 169
APPENDIX B – GOOD PRACTICE GUIDELINES 171
GENERAL CYBER SECURITY ADVICE 171
UK GOVERNMENT CYBER SECURITY ADVICE 172
APPENDIX C – CYBER SECURITY LAW 173
UK LAW 173
EU DIRECTIVES AND REGULATIONS 176
OTHER RELEVANT LEGISLATION 178
APPENDIX D – CYBER SECURITY TRAINING 180
APPENDIX E – LINKS TO OTHER USEFUL ORGANISATIONS 183
FURTHER READING 184
Index 186
Back Cover 194