The Digital Big Bang

Оглавление

Phil Quade. The Digital Big Bang

Table of Contents

List of Illustrations

Guide

Pages

the DIGITAL BIG BANG. THE HARD STUFF, THE SOFT STUFF, AND THE FUTURE OF CYBERSECURITY

ABOUT THE AUTHOR

CONTRIBUTORS

ACKNOWLEDGMENTS

INTRODUCTION

THE COSMIC BIG BANG: THE BIRTH OF THE PHYSICAL UNIVERSE AND THE HUMAN SOCIETY THAT EMERGED

THE DIGITAL BIG BANG: THE BIRTH OF THE DIGITAL UNIVERSE

THE SCIENTIFIC REVOLUTION

THE BANG BEGINS

WHAT WE GOT RIGHT

WHAT WE GOT WRONG

AN UNWARRANTED ASSUMPTION OF TRUST

AN HONEST ASSESSMENT OF THE CURRENT STATE

WHAT CYBERCRIMES EXPLOIT

WHAT WE CAN GET RIGHT NOW

THE DIGITAL NUCLEUS

SECTION 1 BINDING STRATEGIES:THE CORE OF CYBERSECURITY

THE NEED FOR SPEED

THE DRIVE TO CONNECT

HARNESSING SPEED AND CONNECTIVITY

1 SPEED

SPEED: THE NUCLEUS OF THE CYBERFRONTIER

WHAT DO WE MEAN BY SPEED?

HOW SPEED IMPACTS SECURITY

THE STRATEGIC IMPERATIVES

THE PURPOSE OF YOUR MISSION

THE SCIENCE OF RACING: ACCELERATION, DECELERATION, HARD BRAKING, AND KNOWING WHEN TO APPLY EACH

ELEMENTS OF FORCE MULTIPLICATION

Inertia

Prioritization

GETTING ON THE HIGHWAY AND GETTING UP TO SPEED

Learn

Test

Accelerate

Validate

Repeat

OPERATING LIMITS FOR YOURSELF AND OTHERS

ABOUT THE CONTRIBUTOR

IS SPEED AN ADVANTAGE? IT DEPENDS ON THE CONTEXT

CONTEXT: CREDIT APPLICATIONS

CONTEXT: AUTONOMOUS VEHICLES

CONTEXT: AUTONOMOUS LETHAL WEAPONS

THE RISK

ABOUT THE CONTRIBUTOR

2 CONNECTIVITY

MANAGING THE INTENSIFYING CONNECTIVITY OF THE IOT ERA

ABOUT THE CONTRIBUTOR

CYBERSPACE: MAKING SOME SENSE OF IT ALL

THE CASE FOR CYBERSPACE AS A DOMAIN

TEASING OUT THE CONSTITUENT PARTS OF CYBERSPACE

THE BOOKENDS: GEOGRAPHY AND PEOPLE

The Geography Layer

The People Layer

The Circuit Layer

The Control Logic Layer

The Device Layer

THE IMPORTANCE OF THE VERTICAL AND THE VIDEO

IMPLICATIONS

More than Technology

Characterized by Convergence

Wealth, Treasure, and More

Ever Changing, Never Secure

ABOUT THE CONTRIBUTOR

SECTION 2 ELEMENTARY SHORTFALLS:THE THINGS WE DIDN'T GET RIGHT AT THE BEGINNING

UNANSWERED QUESTIONS

3 AUTHENTICATION

AUTHENTICATION, DATA INTEGRITY, NONREPUDIATION, AVAILABILITY, AND CONFIDENTIALITY: THE FIVE PILLARS OF SECURITY

THE FIVE KEY ELEMENTS OF CYBERSECURITY

THE ART OF COMMUNICATIONS

ACHIEVING INFORMATION INTEGRITY

ABOUT THE CONTRIBUTOR

AUTHENTICATION AND MODELS OF TRUST

THE POWER OF PAIRING AUTHENTICATION WITH ACCESS KEYS OR TOKENS

BROKERAGE CAPABILITIES

AUTHENTICATION BEYOND INDIVIDUALS

BROKERAGES AS A SECURITY VERIFICATION ECOSYSTEM

ABOUT THE CONTRIBUTOR

4 PATCHING

PATCHING: A GROWING CHALLENGE AND A NEEDED DISCIPLINE

ESTABLISHING A SECURITY GOVERNANCE FRAMEWORK

AUTOMATION AND PATCHING

DEALING WITH UNPATCHABLE DEVICES

ABOUT THE CONTRIBUTOR

CONQUER OR BE CONQUERED

IT STARTS WITH DEVELOPERS

THE OPERATIONAL IMPACT OF PATCHING

No Restart or Reboot Required

Separate Patches from New Features

Offer the Ability to Roll Back Patches

AN ORGANIZATIONAL PRIORITY

DON'T LEAVE YOUR DOORS UNLOCKED

ABOUT THE CONTRIBUTOR

5 TRAINING

FILL THE SKILLS GAP WITH AN ENVIRONMENT OF CONTINUAL TRAINING

ADAPTING SKILLS TO NEW ENVIRONMENTS

FINDING THE RIGHT PEOPLE

CHALLENGING SENIOR ANALYSTS

BUILDING BROAD SKILLS

WHY THE APPRENTICE MODEL WORKS

ENGAGING MENTORS

DEFINING TIERS AND STAGES

ABOUT THE CONTRIBUTOR

EMPLOYEE TRAINING IS KEY FOR CYBERSECURITY

SECURITY EVERYWHERE

THE SCOPE OF THE PROBLEM

EDUCATING EMPLOYEES TO REDUCE RISK

WE'RE ALL IN THIS TOGETHER

Start at the top

Share the security responsibility

Train your users

EDUCATE YOURSELF AND PASS IT ON

ABOUT THE CONTRIBUTOR

TRAINING IS A MINDSET

THE CHALLENGE OF SECURITY CERTIFICATIONS

THE IMPORTANCE OF MENTORS

LEVERAGING IT EXPERIENCE

DEVELOP CRITICAL THINKING

THE NEED FOR DIVERSITY

UNDERSTAND THE WHY

DEVELOPING THE WHOLE PERSON

ABOUT THE CONTRIBUTOR

SECTION 3 FUNDAMENTAL STRATEGIES:PROVEN STRATEGIES THAT DON'T LET US DOWN

6 CRYPTOGRAPHY

CRYPTOGRAPHY: THE BACKBONE OF CYBERSECURITY

A GAIN THAT IS MORE THAN WORTH THE PAIN

BUILDING ON A STRONG FOUNDATION

AGILITY NOW!

QUANTUM RESISTANCE

ABOUT THE CONTRIBUTOR

CRYPTOGRAPHY: THE GOOD, THE BAD, AND THE FUTURE

DESIGNING CRYPTOSYSTEMS AND PROTOCOLS

IMPLEMENTING CRYPTOGRAPHY

SIDE-CHANNEL ATTACKS

ADVANCED CRYPTOGRAPHY

CONCLUSIONS

ABOUT THE CONTRIBUTOR

7 ACCESS CONTROL

MANAGING ACCESS IN CHALLENGING ENVIRONMENTS

WHERE DO YOU START?

Determine User Roles

Conduct Third-Party Audits

TALKING TO STAKEHOLDERS

SECURING IOT ACCESS

ADDRESSING PRIVILEGE CHANGES

ENHANCING ACCESS CONTROL TO ADDRESS CHANGE

ABOUT THE CONTRIBUTOR

A SYSTEMATIC APPROACH TO ACCESS CONTROL

ACCESS CONTROL IS THE WEAK LINK IN MANY SECURITY STRATEGIES

WHERE TO START

SECURE YOUR MOST CRITICAL ASSETS FIRST

GOOD SECURITY TAKES TIME

APPLY CONTINUOUS MONITORING

THE CHALLENGE OF SHADOW IT

SUMMING UP

ABOUT THE CONTRIBUTOR

8 SEGMENTATION

SUCCESSFUL SEGMENTATION ISN'T SEPARATION: IT'S COLLABORATION

THE ANSWER IS SEGMENTATION

SEGMENTATION CAN BE COSTLY AND DISRUPTIVE

LOOK FOR WIN-WINS

ABOUT THE CONTRIBUTOR

WHY WE NEED TO SEGMENT NETWORKS

SEGMENTATION DRIVERS

UNDERSTANDING DATA FLOW

SECURING LATERAL DATA FLOW

MANAGING COMPLEXITY

MANAGING A BREACH

MONITORING NETWORK HEALTH

SEGMENTING A LEGACY NETWORK

ENGAGING KEY STAKEHOLDERS

KEY TAKEAWAYS

ABOUT THE CONTRIBUTOR

SECTION 4 ADVANCED STRATEGIES:SOPHISTICATED CYBERSECURITY OPERATIONS

9 VISIBILITY

VISIBILITY: IDENTIFYING PATHOGENS, RISK FACTORS, AND SYMPTOMS OF CYBERATTACKS

VISIBILITY ON DEVICES

VISIBILITY ON CODE

VISIBILITY ON ACTIVITY

VISIBILITY ON IDENTITY AND ACCESS

CONCLUSION

ABOUT THE CONTRIBUTOR

20/20 INSIGHT: REDEFINING VISIBILITY TO STOP MODERN CYBERCRIME SYNDICATES

ABOUT THE CONTRIBUTOR

THE CHALLENGE OF VISIBILITY

VISIBILITY IS ABOUT MORE THAN TECHNOLOGY

DEVELOP A RELATIONSHIP WITH KEY STAKEHOLDERS

CARROT AND STICK

UPGRADE YOUR SECURITY TEAM

WHAT ABOUT SECURITY TECHNOLOGY?

THE CHALLENGE OF OVERLAPPING CAPABILITIES

ISSUES PREVENTING A COMPLETE SOLUTION

ACHIEVING AN OPTIMAL BALANCE

ABOUT THE CONTRIBUTOR

10 INSPECTION

IN AND OUT OF THE SHADOWS: THE VISIBILITY THAT INSPECTION ENABLES IS NOT CONFINED TO TECHNOLOGY ALONE

ABOUT THE CONTRIBUTOR

THE FUNDAMENTAL IMPORTANCE OF INSPECTION

DEFINING INSPECTION

INSPECTION TECHNIQUES

CONTENT INSPECTION

THE CHALLENGE OF ENCRYPTION

THE FUTURE OF INSPECTION

CONCLUSION

ABOUT THE CONTRIBUTOR

11 FAILURE RECOVERY

PREPARATION, RESPONSE, AND RECOVERY

TECHNOLOGY

ENVIRONMENTAL CHANGE

GLOBALIZATION

UNITY OF EFFORT

Response and Preparation

CENTRAL RESPONSE TEAM

ABOUT THE CONTRIBUTOR

CYBER EVENT RECOVERY

PREPARING FOR A CYBER EVENT

POST-EVENT PLANNING

BEING PREPARED: EVENT MONITORING

ADAPTING TO EVOLVING NETWORKS

REMEDIATION RESOURCES

BE PREPARED FOR THE UNEXPECTED

CONCLUSION

ABOUT THE CONTRIBUTOR

SECTION 5 HIGHER-ORDER DIMENSIONS:WHERE HUMAN FACTORS CAN ECLIPSE COMPUTING WIZARDRY

12 COMPLEXITY MANAGEMENT

SHIFT YOUR MINDSET TO MANAGE COMPLEXITY

GETTING STARTED

KEY CHALLENGES

MANAGING COMPLEXITY

MANAGING RAPID CHANGE

INCIDENT RESPONSE

CONCLUSION

ABOUT THE CONTRIBUTOR

SEVEN STEPS TO REDUCING COMPLEXITY

1. REDUCE EXISTING COMPLEXITY

2. ADJUST YOUR POLICIES

3. APPLY SEGMENTATION

4. IMPLEMENT NAC

5. EMPLOY AUTOMATION

6. MANAGE PEOPLE

7. MANAGE CULTURAL COMPLEXITY

CONCLUSION: SECURITY CAN NEVER BE A BOTTLENECK

ABOUT THE CONTRIBUTOR

13 PRIVACY

DON'T PANIC! SECURITY PROS MUST LEARN TO EMBRACE THE NEW ERA OF PRIVACY

ABOUT THE CONTRIBUTOR

STRICTER PRIVACY REGULATIONS ARE DRIVING THE CONVERSATIONS—AND INNOVATIONS—WE NEED

ABOUT THE CONTRIBUTOR

14 HUMAN FRAILTY

OVERCOMING HUMAN FRAILTY: PEOPLE AND THE POWER OF OBLIGATION

THE NEED FOR A TECHNOLOGY SOLUTION

THE NEED FOR PEOPLE SKILLS

THE POWER OF OBLIGATION

ABOUT THE CONTRIBUTOR

OVERCOMING HUMAN FRAILTY BY DESIGN

THE SOLUTION: DESIGN FOR THE HUMAN PSYCHE

WINNING SECURITY STRATEGIES

ABOUT THE CONTRIBUTOR

THE FUTURE

UNIFYING FORCES

Guidepost for the Future: Unifying Forces

RELATIONSHIPS

Guidepost for the Future: Relationships

INFORMED OPTIMISM

Guidepost for the Future: Confidence That the Internet Will Be Better

PURSUIT OF FACTS AND WISDOM

Guidepost for the Future: Cybersecurity Is a Science, Not an Art

MACHINES THAT SERVE PEOPLE

CONCLUSION

WHY CYBERSECURITY NEEDS AI

ABOUT THE CONTRIBUTOR

THE FUTURE OF CYBERSECURITY

WHAT HAPPENED IN THREE GENERATIONS OF CYBERSECURITY

HARDWARE AND SOFTWARE NEEDED FOR BUILDING SECURITY INTO THE NEW INFRASTRUCTURE

THE POWER OF INTENT-BASED SECURITY TO ORCHESTRATE THE SECURITY FABRIC

ABOUT THE CONTRIBUTOR

INDEX

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

Phil Quade, CISO, Fortinet

.....

The assumption of trust that was still deep within the DNA of the Internet became a huge problem the moment the public could go online. On an increasingly vast and anonymous network, that trust soon transformed from guiding philosophy to greatest weakness. As more people arrived, the Internet quickly became a newly discovered continent of naïve users, systems, and networks to be exploited and hacked for digital fraud, grift, or simply to prove it could be done.

Since those first hacks, the field of cybersecurity has struggled to catch up and compensate. Mitigating the weakness—the wrongful assumption of trust and the lack of strong authentication—while still balancing the essential benefits and fundamentals of speed and connectivity, remains an enduring challenge of cybersecurity today.

.....