Using sample charts, graphics, case studies, and war stories, Yankee Group Security Expert Andrew Jaquith demonstrates exactly how to establish effective metrics based on your organization's unique requirements. You'll discover how to quantify hard-to-measure security activities, compile and analyze all relevant data, identify strengths and weaknesses, set cost-effective priorities for improvement, and craft compelling messages for senior management. Security Metrics successfully bridges management's quantitative viewpoint with the nuts-and-bolts approach typically taken by security professionals. It brings together expert solutions drawn from Jaquith's extensive consulting work in the software, aerospace, and financial services industries, including new metrics presented nowhere else. You'll learn how to: - Replace nonstop crisis response with a systematic approach to security improvement - Understand the differences between "good" and "bad" metrics - Measure coverage and control, vulnerability management, password quality, patch latency, benchmark scoring, and business-adjusted risk - Quantify the effectiveness of security acquisition, implementation, and other program activities - Organize, aggregate, and analyze your data to bring out key insights - Use visualization to understand and communicate security issues more clearly - Capture valuable data from firewalls and antivirus logs, third-party auditor reports, and other resources - Implement balanced scorecards that present compact, holistic views of organizational security effectiveness Whether you're an engineer or consultant responsible for security and reporting to management-or an executive who needs better information for decision-making-Security Metrics is the resource you have been searching for. Andrew Jaquith, program manager for Yankee Group's Security Solutions and Services Decision Service, advises enterprise clients on prioritizing and managing security resources. He also helps security vendors develop product, service, and go-to-market strategies for reaching enterprise customers. He co-founded @stake, Inc., a security consulting pioneer acquired by Symantec Corporation in 2004. His application security and metrics research has been featured in CIO, CSO, InformationWeek, IEEE Security and Privacy, and The Economist. Foreword Preface Acknowledgments About the Author Chapter 1 Introduction: Escaping the Hamster Wheel of Pain Chapter 2 Defining Security Metrics Chapter 3 Diagnosing Problems and Measuring Technical Security Chapter 4 Measuring Program Effectiveness Chapter 5 Analysis Techniques Chapter 6 Visualization Chapter 7 Automating Metrics Calculations Chapter 8 Designing Security Scorecards Index

    And I mean all the time. Every day there’s a new cloud-based dating app; a new cloud-based gizmo for your house; a new cloud-based game; or a thousand other new things—all in the cloud.The cloud is everywhere! Everything is in the cloud! What does it mean! Let’s slow down. Take a deep breath. That’s good. Take another. Excellent. This book teaches you all about the cloud. I’ll let you in on a little secret: the cloud is not that hard to understand. It’s not. It’s just that nobody has taken the time to explain to you what the cloud is. They haven’t, have they?Deep down I think this is because they don’t understand the cloud either, but I do. I’ve been a programmer and writer for over 30 years. I’ve been in cloud computing since the very start, and I’m here to help you on your journey to understand the cloud. Consider me your tour guide. I’ll be with you every step of the way, but not in a creepy way.I take my time with this book. I go slow and easy, so you can build up an intuition about what the cloud really is, one idea at a time. When you finish reading, you’ll understand the cloud. When you hear someone say some new cool thing is in the cloud, you’ll understand exactly what they mean. That’s a promise. How do I deliver on that promise? I use lots and lots of pictures. I use lots and lots of examples. We’ll reveal the secret inner-workings of AWS, Netflix, Facebook Messenger, Amazon Kindle, Apple iCloud, Google Maps, Nest and cloud DVRs. You’ll learn by seeing and understanding; no matter if you're a complete beginner, someone who knows a little and wants to learn more, or a programmer looking to change their career to the cloud.The cloud is the future. You don't want to miss out on the future, do you? Read this book and we'll discover it together.I’m excited. This will be fun. Let’s get started!

     America's next major war is likely to be provoked by a cyber attack. From well-covered stories like the Stuxnet virus, which helped slow Iran's nuclear program, to lesser-known tales like EternalBlue, the 2017 cyber battle that closed hospitals in Britain and froze shipping crates in Germany in midair, we have entered an age in which online threats carry real-world consequences. But we do not have to let autocrats and criminals run amok in the digital realm. We now know a great deal about how to make cyberspace far less dangerous--and about how to defend our security, economy, democracy, and privacy from cyber attack.This is a book about the realm in which nobody should ever want to fight a war: The Fifth Domain, the Pentagon's term for cyberspace. Our guides are two of America's top cybersecurity experts, seasoned practitioners who are as familiar with the White House Situation Room as they are with Fortune 500 boardrooms. Richard A. Clarke and Robert K. Knake offer a vivid, engrossing tour of the often unfamiliar terrain of cyberspace, introducing us to the scientists, executives, and public servants who have learned through hard experience how government agencies and private firms can fend off cyber threats.Clarke and Knake take us inside quantum-computing labs racing to develop cyber superweapons; bring us into the boardrooms of the many firms that have been hacked and the few that have not; and walk us through the corridors of the U.S. intelligence community with officials working to defend America's elections from foreign malice. With a focus on solutions over scaremongering, they make a compelling case for "cyber resilience"--building systems that can resist most attacks, raising the costs on cyber criminals and the autocrats who often lurk behind them, and avoiding the trap of overreaction to digital attacks.Above all, Clarke and Knake show us how to keep The Fifth Domain a humming engine of economic growth and human progress, not give in to those who would turn it into a wasteland of conflict. Backed by decades of high-level experience in the White House and the private sector, this book delivers a riveting, agenda-setting insider look at what works in the struggle to avoid cyberwar.

     A young physics student starts a revolutionary new marketplace immune to State coercion; he ends up ordering hits on people because they might threaten his great experiment, and is jailed for life without parole. Fully automated contractual systems are proposed to make business and the law work better; the contracts people actually write are unregulated penny stock offerings whose fine print literally states that you are buying nothing of any value. The biggest crowdfunding in history attracts $150 million on the promise that it will embody “the steadfast iron will of unstoppable code”; upon release it is immediately hacked, and $50 million is stolen. How did we get here? David Gerard covers the origins and history of Bitcoin to the present day, the other cryptocurrencies it spawned including Ethereum, the ICO craze and the 2017 crypto bubble, and the attempts to apply blockchains and smart contracts to business. Plus a case study on blockchains in the music industry. Bitcoin and blockchains are not a technology story, but a psychology story. Remember: if it sounds too good to be true, it almost certainly is.

    Tracing the rise, fall, and alarming resurrection of the digital mafia behind the two largest spam pharmacies and countless viruses, phishing, and spyware attacks he delivers the first definitive narrative of the global spam problem and its threat to consumers everywhere.Blending cutting-edge research, investigative reporting, and firsthand interviews, this terrifying true story reveals how we unwittingly invite these digital thieves into our lives every day. From unassuming computer programmers right next door to digital mobsters like "Cosma" who unleashed a massive malware attack that has stolen thousands of Americans' logins and passwords, Krebs uncovers the shocking lengths to which these people will go to profit from our data and our wallets.Not only are hundreds of thousands of Americans exposing themselves to fraud and dangerously toxic products from rogue online pharmacies, but even those who never open junk messages are at risk. As Krebs notes, spammers can—and do—hack into accounts through these emails, harvest personal information like usernames and passwords, and sell them on the digital black market. The fallout from this global epidemic doesn't just cost consumers and companies billions, it costs lives too.Fast-paced and utterly gripping, Spam Nation ultimately proposes concrete solutions for protecting ourselves online and stemming this tidal wave of cybercrime, before it's too late."Krebs's talent for exposing the weaknesses in online security has earned him respect in the IT business and loathing among cybercriminals. His track record of scoops has helped him become the rare blogger who supports himself on the strength of his reputation for hard-nosed reporting." Bloomberg Businessweek

    Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography!Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies.Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling.Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.

    The book is rich with historical detail and characters, as well as astonishing revelations about espionage carried out in recent times by the UK, US, and China. Using unique access to the National Security Agency, GCHQ, Chinese officials, and senior executives from some of the most powerful global technology companies, Gordon Corera has gathered compelling stories from heads of state, hackers and spies of all stripes.Cyberspies is a ground-breaking exploration of the new space in which the worlds of espionage, diplomacy, international business, science, and technology collide.

    For more than a year, Washington Post reporter Robert O'Harrow has explored the threats proliferating in our digital universe. This eBook is a compilation of that reporting. With chapters built around real people, including hackers, security researchers and corporate executives, this book will help regular people, lawmakers and businesses better understand the mind-bending challenge of keeping the internet safe from hackers and security breaches -- and all out war.

    WE ARE ANONYMOUS is the first full account of how a loosely assembled group of hackers scattered across the globe formed a new kind of insurgency, seized headlines, and tortured the feds-and the ultimate betrayal that would eventually bring them down. Parmy Olson goes behind the headlines and into the world of Anonymous and LulzSec with unprecedented access, drawing upon hundreds of conversations with the hackers themselves, including exclusive interviews with all six core members of LulzSec. In late 2010, thousands of hacktivists joined a mass digital assault on the websites of VISA, MasterCard, and PayPal to protest their treatment of WikiLeaks. Other targets were wide ranging-the websites of corporations from Sony Entertainment and Fox to the Vatican and the Church of Scientology were hacked, defaced, and embarrassed-and the message was that no one was safe. Thousands of user accounts from pornography websites were released, exposing government employees and military personnel.Although some attacks were perpetrated by masses of users who were rallied on the message boards of 4Chan, many others were masterminded by a small, tight-knit group of hackers who formed a splinter group of Anonymous called LulzSec. The legend of Anonymous and LulzSec grew in the wake of each ambitious hack. But how were they penetrating intricate corporate security systems? Were they anarchists or activists? Teams or lone wolves? A cabal of skilled hackers or a disorganized bunch of kids?WE ARE ANONYMOUS delves deep into the internet's underbelly to tell the incredible full story of the global cyber insurgency movement, and its implications for the future of computer security.

    Siracusa's overview, wrap-up, and critique of everything new in OS X 10.10 Yosemite.

    A world that is as creative and complex as it is dangerous and disturbing. A world that is much closer than you think.The dark net is an underworld that stretches from popular social media sites to the most secretive corners of the encrypted web. It is a world that frequently appears in newspaper headlines, but one that is little understood, and rarely explored. The Dark Net is a revelatory examination of the internet today, and of its most innovative and dangerous subcultures: trolls and pornographers, drug dealers and hackers, political extremists and computer scientists, Bitcoin programmers and self-harmers, libertarians and vigilantes.Based on extensive first-hand experience, exclusive interviews and shocking documentary evidence, The Dark Net offers a startling glimpse of human nature under the conditions of freedom and anonymity, and shines a light on an enigmatic and ever-changing world.

    We are being watched.We see online ads from websites we've visited, long after we've moved on to other interests. Our smartphones and cars transmit our location, enabling us to know what's in the neighborhood but also enabling others to track us. And the federal government, we recently learned, has been conducting a massive data-gathering surveillance operation across the Internet and on our phone lines.In Dragnet Nation, award-winning investigative journalist Julia Angwin reports from the front lines of America's surveillance economy, offering a revelatory and unsettling look at how the government, private companies, and even criminals use technology to indiscriminately sweep up vast amounts of our personal data. In a world where we can be watched in our own homes, where we can no longer keep secrets, and where we can be impersonated, financially manipulated, or even placed in a police lineup, Angwin argues that the greatest long-term danger is that we start to internalize the surveillance and censor our words and thoughts, until we lose the very freedom that makes us unique individuals. Appalled at such a prospect, Angwin conducts a series of experiments to try to protect herself, ranging from quitting Google to carrying a "burner" phone, showing how difficult it is for an average citizen to resist the dragnets' reach.Her book is a cautionary tale for all of us, with profound implications for our values, our society, and our very selves.

    Today, our entire modern way of life, from communication to commerce to conflict, fundamentally depends on the Internet. And the cybersecurity issues that result challenge literally everyone: politicians wrestling with everything from cybercrime to online freedom; generals protecting the nation from new forms of attack, while planning new cyberwars; business executives defending firms from once unimaginable threats, and looking to make money off of them; lawyers and ethicists building new frameworks for right and wrong. Most of all, cybersecurity issues affect us as individuals. We face new questions in everything from our rights and responsibilities as citizens of both the online and real world to simply how to protect ourselves and our families from a new type of danger. And yet, there is perhaps no issue that has grown so important, so quickly, and that touches so many, that remains so poorly understood.In Cybersecurity and CyberWar: What Everyone Needs to Know�, New York Times best-selling author P. W. Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyberspace and its security: how it all works, why it all matters, and what can we do? Along the way, they take readers on a tour of the important (and entertaining) issues and characters of cybersecurity, from the "Anonymous" hacker group and the Stuxnet computer virus to the new cyber units of the Chinese and U.S. militaries. Cybersecurity and CyberWar: What Everyone Needs to Know� is the definitive account on the subject for us all, which comes not a moment too soon.What Everyone Needs to Know� is a registered trademark of Oxford University Press.

    At that career level, you’ll no longer be required to work towards the next promotion, and being promoted beyond it is exceptional rather than expected. At that point your career path will branch, and you have to decide between remaining at your current level, continuing down the path of technical excellence to become a Staff Engineer, or switching into engineering management. Of course, the specific titles vary by company, and you can replace “Senior Engineer” and “Staff Engineer” with whatever titles your company prefers. Over the past few years we’ve seen a flurry of books unlocking the engineering management career path, like Camille Fournier’s The Manager’s Path, Julie Zhuo’s The Making of a Manager, Lara Hogan’s Resilient Management and my own, An Elegant Puzzle. The management career isn’t an easy one, but increasingly there are maps available for navigating it. On the other hand, the transition into Staff Engineer, and its further evolutions like Principal and Distinguished Engineer, remains challenging and undocumented. What are the skills you need to develop to reach Staff Engineer? Are technical abilities alone sufficient to reach and succeed in that role? How do most folks reach this role? What is your manager’s role in helping you along the way? Will you enjoy being a Staff Engineer or you will toil for years to achieve a role that doesn’t suit you? "Staff Engineer: Leadership beyond the management track" is a pragmatic look at attaining and operating in these Staff-plus roles.

    Though until now it has remained mostly anonymous, its members invented the concept of hacktivism, released the top tool for testing password security, and created what was for years the best technique for controlling computers from afar, forcing giant companies to work harder to protect customers. They contributed to the development of Tor, the most important privacy tool on the net, and helped build cyberweapons that advanced US security without injuring anyone. With its origins in the earliest days of the Internet, the cDc is full of oddball characters -- activists, artists, even future politicians. Many of these hackers have become top executives and advisors walking the corridors of power in Washington and Silicon Valley. The most famous is former Texas Congressman and current presidential candidate Beto O'Rourke, whose time in the cDc set him up to found a tech business, launch an alternative publication in El Paso, and make long-shot bets on unconventional campaigns.Today, the group and its followers are battling electoral misinformation, making personal data safer, and battling to keep technology a force for good instead of for surveillance and oppression. Cult of the Dead Cow shows how governments, corporations, and criminals came to hold immense power over individuals and how we can fight back against them.