Skip to main content

Posts

Showing posts from October, 2013

Book Review: The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud) (2012) by Dawn M. Cappelli, Andrew P. Moore, and Randall F. Trzeciak

Executive Summary The authors have reviewed more than 700 cases of insider threat attacks and developed a comprehensive list of mitigation controls that might have prevented them. The book is not very well organized, but the content represents the authoritative source on precursor behavior that may illuminate potential insider attacks. In that regard, it is a must-read for cyber security professionals. What is clear from reading the book is that there is no technical solution that will prevent insider attacks. Technology can aid in discovery, but it is not a panacea; it will not prevent a determined inside attacker. A good program will accomplish four tasks: Train employees and their managers to watch for the signs of potential insider threat behavior. Provide the mechanisms across the organization to report and review the activity. Establish and maintain the apparatus to report potential abuse and respond to incidents when necessary. Mitigate the risk before any damage

Book Review: “Neuromancer” by William Gibson

Executive Summary This book is a must-read for every cyber security professional, not because you will learn new insights into your craft, but because you will understand why this book was so influential to the cyber security zeitgeist back in the day. Gibson invented and clarified the language that we are still using today ten years before it became mainstream. He coined the word "cyberspace," launched the "cyberpunk" genre, pontificated about "the singularity," guessed that "hacktivism" would be a thing, and understood that we would need "Google search" long before any of us even knew how vital that service would become. In my mind, this book is in our cyber security canon. You should have read this by now. Introduction Gibson published Neuromancer in 1984 and subsequently received multiple book awards for his efforts:  The Nebula Award (Best Science Fiction Novel) [1]  The Philip K. Dick Award (Best Science Fic