Ira Winkler's Zen and the Art of Information Security

Description

While security is generally perceived to be a complicated and expensive process, Zen and the Art of Information Security makes security understandable to the average person in a completely non-technical, concise, and entertaining format. Through the use of analogies and just plain common sense, readers see through the hype and become comfortable taking very simple actions to secure themselves. Even highly technical people have misperceptions about security concerns and will also benefit from Ira Winkler's experiences making security understandable to the business world. Mr. Winkler is one of the most popular and highly rated speakers in the field of security, and lectures to tens of thousands of people a year. Zen and the Art of Information Security is based on one of his most well received international presentations.

*Written by an internationally renowned author of "Spies Among Us" who travels the world making security presentations to tens of thousands of people a year
* This short and concise book is specifically for the business, consumer, and technical user short on time but looking for the latest information along with reader friendly analogies
* Describes the REAL security threats that you have to worry about, and more importantly, what to do about them

CONTENTS:

Introduction

Why You Shouldn't Buy This Book . 1

Chapter 1

Zen and the Art of Cybersecurity . 7

Philosophy of Security .13

Chapter 2

Why I Don't Like the Title of This Book . 15

What Makes a Scientist .16

Why Some People are Better Scientists .18

Putting it All Together .22

Applying Science .23

Chapter 3

What is Security? . 25

Risk .26

Value .27

Threat .29

Vulnerability .31

Countermeasures .34

You Really Can't Counter Threat.35

What is a Security Program? .36

Optimizing Risk .37

Consciously Accept Risk .41

Chapter 4

A Bad Question . 43

Value has Nothing to do With Computers .45

A Typical Security Budget .46

xiv Contents

Determining A Security Budget .47

Multiyear Budgets .48

Remind the CIO the I means Information .48

Making Risk a Conscious Decision .49

Chapter 5

What Makes a Maste . 51

Mastering Computer Security .54

Taking Advantage of

Problems Built Into the Software .55

How Are These Bugs Found? .58

Fixing Software Security Vulnerabilitie.59

Taking Advantage of How the

Computer is Configured or Maintained .59

Preventing the Configuration Vulnerabilities 61

Can you Master Information Security? .62

Chapter 6

Knights and Dragons. 63

The FUD Factor .65

Dragons Forgive Incompetency .66

What If You're Not a Knight? . . . . . . . . . . . . . .67

Terrorists Really Aren't That Good . . . . . . . . . . . . .67

The People You Really Have to Worry About . . . .69

Real Computer Geniuses . . . . . . . . . . . . . . . . .69

Professionals . . . . . . . . . . . . . . . . . . . . . . . . . . .70

Opportunists . . . . . . . . . . . . . . . . . . . . . . . . . .71

Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . . .71

Look for Snakes, Not Dragons . . . . . . . . . . . . . . . .72

Don't Suffer Death By 1,000 Cuts . . . . . . . . . . . . .72

Contents xv

Chapter 7

Cyberterrorism is Not Effective . . . . . . . . . . . . . . 75

Anthrax vs. Nimda . . . . . . . . . . . . . . . . . . . . . . . .77

It is Easier to Blow Things Up . . . . . . . . . . . . . . . .78

What is a Terrorist? . . . . . . . . . . . . . . . . . . . . . . . .79

Chapter 8

Common Sense and Common Knowledge. . . . . 81

Wanting Benefit Without the Associated Costs . . . .83

Some People Are Just Stupid . . . . . . . . . . . . . . . . .85

The Wizard of Oz . . . . . . . . . . . . . . . . . . . . . . . . .87

Chapter 9

Never Underestimate

the Stupidity of a Criminal . . . . . . . . . . . . . . . . . 91

There is a Difference Between

Being Good and Being Effective . . . . . . . . . . . . . .98

Understanding your Adversary . . . . . . . . . . . . . . . .99

Insiders . . . . . . . . . . . . . . . . . . . . . . . . . . . . .100

MICE . . . . . . . . . . . . . . . . . . . . . . . . . . . .101

Competitors . . . . . . . . . . . . . . . . . . . . . . . . . .102

Foreign Intelligence Agencies . . . . . . . . . . . . .103

Organized Criminals . . . . . . . . . . . . . . . . . . . .103

Criminals . . . . . . . . . . . . . . . . . . . . . . . . . . . .104

Cybercriminals . . . . . . . . . . . . . . . . . . . . . . . .104

Script Kiddies . . . . . . . . . . . . . . . . . . . . . . . . .105

The Criminal Mindset . . . . . . . . . . . . . . . . . . . . .106

Hiring Hackers . . . . . . . . . . . . . . . . . . . . . . . .107

Your Kids are Notas Smart as You Think . . . . . . . .109

xvi Contents

Chapter 10

Information Security

Is INFORMATION Security . . . . . . . . . . . . . . . . . 111

Chapter 11

Is Security a Should or a Must?. . . . . . . . . . . . . 115

Management Must Believe Security is a Must . . . .119

So is Security a Should or a Must For You? . . . . .120

Chapter 12

If You Don't Remember History,

You Will Repeat It. . . . . . . . . . . . . . . . . . . . . . . . 123

Chapter 13

Ira's Golden Rules . . . . . . . . . . . . . . . . . . . . . . . . 129

Take Responsibility . . . . . . . . . . . . . . . . . . . . . . .130

Decide Security is a Must . . . . . . . . . . . . . . . . . .131

Educate Yourself . . . . . . . . . . . . . . . . . . . . . . . . .132

Remember,You are Protecting Information . . . . .132

Protecting Your Computer . . . . . . . . . . . . . . . . . .133

Use and Renew Anti-Virus Software . . . . . . . .133

Use and Renew Personal Firewalls . . . . . . . . .134

Use and Renew Anti-Spyware . . . . . . . . . . . .135

Run Weekly Backups . . . . . . . . . . . . . . . . . . .136

Use Uninterruptible Power Supplies . . . . . . . .136

Note on Security Software . . . . . . . . . . . . . . . . .137

The 95/5 Rule . . . . . . . . . . . . . . . . . . . . . . . . . .138

Chapter 14

Chance Favors the Prepared . . . . . . . . . . . . . . . 139

Ubiquitous Security . . . . . . . . . . . . . . . . . . . . . .140

The Purpose of This Book . . . . . . . . . . . . . . . . . .141

Technology is Still Important . . . . . . . . . . . . . . . .142

Contents xvii

Security is Really Risk Management . . . . . . . . . .142

Be Responsible . . . . . . . . . . . . . . . . . . . . . . . . . .143

Appendix A

Critical Moments in Computer

Security History . . . . . . . . . . . . . . . . . . . . . . . . . 145

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151