Enjoy fast, free delivery, exclusive deals, and award-winning movies & TV shows with Prime
Try Prime
and start saving today with fast, free delivery
Amazon Prime includes:
Fast, FREE Delivery is available to Prime members. To join, select "Try Amazon Prime and start saving today with Fast, FREE Delivery" below the Add to Cart button.
Amazon Prime members enjoy:- Cardmembers earn 5% Back at Amazon.com with a Prime Credit Card.
- Unlimited Free Two-Day Delivery
- Streaming of thousands of movies and TV shows with limited ads on Prime Video.
- A Kindle book to borrow for free each month - with no due dates
- Listen to over 2 million songs and hundreds of playlists
- Unlimited photo storage with anywhere access
Important: Your credit card will NOT be charged when you start your free trial or if you cancel during the trial period. If you're happy with Amazon Prime, do nothing. At the end of the free trial, your membership will automatically upgrade to a monthly membership.
Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.
Read instantly on your browser with Kindle for Web.
Using your mobile phone camera - scan the code below and download the Kindle app.
OK
Audible sample Sample
Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us 1st Edition
Purchase options and add-ons
175+ Cybersecurity Misconceptions and the Myth-Busting Skills You Need to Correct Them
Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn't the user the weakest link?
In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derail security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.
Whatever your cybersecurity role or experience, Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout the book, you'll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses.
- Read over 175 common misconceptions held by users, leaders, and cybersecurity professionals, along with tips for how to avoid them.
- Learn the pros and cons of analogies, misconceptions about security tools, and pitfalls of faulty assumptions. What really is the weakest link? When aren't "best practices" best?
- Discover how others understand cybersecurity and improve the effectiveness of cybersecurity decisions as a user, a developer, a researcher, or a leader.
- Get a high-level exposure to why statistics and figures may mislead as well as enlighten.
- Develop skills to identify new myths as they emerge, strategies to avoid future pitfalls, and techniques to help mitigate them.
"You are made to feel as if you would never fall for this and somehow this makes each case all the more memorable. . . . Read the book, laugh at the right places, and put your learning to work. You won't regret it."
--From the Foreword by Vint Cerf, Internet Hall of Fame Pioneer
Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.
- ISBN-100137929234
- ISBN-13978-0137929238
- Edition1st
- PublisherAddison-Wesley Professional
- Publication dateJanuary 23, 2023
- LanguageEnglish
- Dimensions7 x 0.78 x 9 inches
- Print length416 pages
Frequently bought together
Similar items that may deliver to you quickly
From the Publisher
175+ Cybersecurity Misconceptions and the Myth-Busting Skills You Need to Correct Them
Chapters are interspersed with original hand-drawn illustrations that offer a lighthearted view of various myths to entertain as much as they explain.
|
|
|
---|---|---|
Security must fit a myriad of users and situations. |
The magic of five 9’s is also an illusion in cybersecurity. |
A lock icon does not necessarily mean there is no risk. |
Editorial Reviews
Review
"Many security leaders are traditionally in charge of correcting misconceptions just as much as they are in charge of building up solid security practices. We have plenty of resources on practices--but this book is the crucial guide to that essential myth busting."
--Phil Venables, CISO, Google Cloud
"I'm writing this on my phone, over Wi-Fi, in an airplane on my way to Black Hat, one of the world's largest security conferences. The fact that I'm able to do this at all shows how much we've really learned about cybersecurity over the decades. Now it's all collected in one place for everyone to share. Thank the wise authors, and most importantly: GET OFF THEIR LAWN."
--Wendy Nather, Head of Advisory CISOs, Cisco
"This book is astounding. A true tour de force--which I have never said about any other book. Inverting the viewpoint is a stroke of genius. This is going to be on my grabbable-at-any-time shelf. What I learned, recalled, and was refreshed on with technically astute agnosticism cannot be measured; just appreciated as a profound historical compilation of security practice and theory. Bravo!"
--Winn Schwartaul, Founder and Chief Visionary Officer, The Security Awareness Company
"I am happy to endorse the central idea of this book--that cybersecurity is rife with myths that are themselves part of the problem. The brain wants to understand, the world grows ever more complicated, and the sum of the two is myth-making. As the authors say, even if some understanding is true at some time, with enough change what was true becomes a myth soon enough. As such, an acquired immunity to myths is a valuable skill for the cybersecurity practitioner if no other. The paramount goal of all security engineering is No Silent Failure, but myths perpetuate if not create silent failure. Why? Because a state of security is the absence of unmitigable surprise and you cannot mitigate what you don't know is going on. Myths blind us to reality. Ignorance of them is not bliss. This book is a vaccine."
--Dan Geer, CISO, In-Q-Tel
"This is a fun read for all levels. I like their rapid fire delivery and the general light they cast on so many diverse myths. This book will change the cybersecurity industry for the better."
--Michael Sikorski, Author of Practical Malware Analysis & CTO, Unit 42 at Palo Alto Networks
About the Author
Eugene H. Spafford, PhD, is a professor in Computer Science at Purdue University. In his 35-year career, Spaf has been honored with every major award in cybersecurity. Leigh Metcalf, PhD, is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute's cybersecurity-focused CERT® division. Josiah Dykstra, PhD, is a cybersecurity practitioner, researcher, author, and speaker. He is the owner of Designer Security and has worked at the US National Security Agency for 18 years.
Product details
- Publisher : Addison-Wesley Professional; 1st edition (January 23, 2023)
- Language : English
- Paperback : 416 pages
- ISBN-10 : 0137929234
- ISBN-13 : 978-0137929238
- Item Weight : 1.54 pounds
- Dimensions : 7 x 0.78 x 9 inches
- Best Sellers Rank: #107,923 in Books (See Top 100 in Books)
- #9 in Computer Networking (Books)
- #71 in Computer Network Security
- #2,036 in Unknown
- Customer Reviews:
About the authors
Josiah Dykstra is a seasoned cybersecurity practitioner, researcher, author, and speaker. He is a senior leader in the U.S. Department of Defense and the owner of Designer Security, LLC. Dr. Dykstra holds a Ph.D. in computer science and is interested in cybersecurity science, especially where humans intersect with technology. He has studied stress in hacking, action bias in incident response, and the economics of cyber threat intelligence.
Dr. Dykstra is a frequent author and speaker, including Black Hat and RSA Conference. He received the CyberCorps® Scholarship for Service (SFS) fellowship and is one of six people in the SFS Hall of Fame. In 2017, he received the Presidential Early Career Award for Scientists and Engineers (PECASE) from then President Barack Obama. Dr. Dykstra is a Fellow of the American Academy of Forensic Sciences and a Distinguished Member of the Association for Computing Machinery (ACM). He is the author of numerous research papers, the book Essential Cybersecurity Science (O'Reilly Media, 2016), and co-author of Cybersecurity Myths and Misconceptions (Pearson, 2023).
Eugene H. Spafford is a professor of Computer Sciences at Purdue University. He is also the founder and Executive Director Emeritus of the Center for Education and Research in Information Assurance and Security. He has been working in computing as a student, researcher, consultant, and professor for 44 years. Some of his work is at the foundation of current security practice, including intrusion detection, incident response, firewalls, integrity management, and forensic investigation. His most recent work has been in cyber security policy, forensics, and future threats. He has also been a pioneer in education, including starting and heading the oldest degree-granting cybersecurity program.
Dr. Spafford has been recognized with significant honors from various organizations. These include being elected as a Fellow of the American Academy of Arts and Sciences (AAA&S), and the Association for the Advancement of Science (AAAS); a Life Fellow of the ACM, the IEEE, and the (ISC)2; a Life Distinguished Fellow of the ISSA; and a member of the Cyber Security Hall of Fame — the only person to ever hold all these distinctions. In 2012 he was named one of Purdue's inaugural Morrill Professors — the university's highest award for the combination of scholarship, teaching, and service. In 2016, he received the State of Indiana's highest civilian honor by being named as a Sagamore of the Wabash.
Among many other activities, he is vice-chair of ACM Publications Ethics & Plagiarism Committee, is editor-in-chief of the journal Computers & Security, serves on the Board of Directors of the Computing Research Association, and as a member of the National Security Advisory Board for Sandia Laboratories.
Discover more of the author’s books, see similar authors, read author blogs and more
Customer reviews
Customer Reviews, including Product Star Ratings help customers to learn more about the product and decide whether it is the right product for them.
To calculate the overall star rating and percentage breakdown by star, we don’t use a simple average. Instead, our system considers things like how recent a review is and if the reviewer bought the item on Amazon. It also analyzed reviews to verify trustworthiness.
Learn more how customers reviews work on AmazonReviews with images
-
Top reviews
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
In a world where cybersecurity is increasingly critical, it is vital to challenge and debunk the myths that hinder progress and compromise security efforts. The authors delve deep into the web of falsehoods that permeate the industry, addressing misconceptions from the frontlines to the boardroom. By presenting real-world examples and drawing from their vast experience, they empower readers to recognize and overcome these myths, ultimately building more secure products, businesses, and practices.
One of the key insights the authors bring forth is the fallacy of considering users as the weakest link in cybersecurity. Through their compelling arguments, they shed light on the complex dynamics involved and the shared responsibility that exists between users, developers, researchers, and leaders. This fresh perspective challenges conventional wisdom and highlights the need for a holistic approach to cybersecurity.
"Cybersecurity Myths and Misconceptions" stands out for its pragmatic and actionable advice. The book not only identifies common misconceptions but also provides practical strategies and recommended mitigations for combating them. From analogies and security tools to the pitfalls of faulty assumptions and misguided "best practices," the authors leave no stone unturned. Each myth is carefully examined, empowering readers to make informed decisions and enhance their cybersecurity defenses.
The authors' ability to bridge the gap between technical concepts and everyday understanding is commendable. They effectively communicate complex ideas, making the book accessible to readers with varying levels of expertise. By weaving in real-life cybersecurity events, the authors make the material engaging, relatable, and thought-provoking.
"Cybersecurity Myths and Misconceptions" is not just a book; it is a guide for navigating the treacherous landscape of cybersecurity. Its comprehensive coverage, insightful analysis, and practical advice make it an essential resource for cybersecurity professionals, leaders, developers, researchers, and even those new to the field. It equips readers with the skills to identify emerging myths, avoid future pitfalls, and contribute to a safer digital world.
Spafford, Metcalf, and Dykstra have come together to create a seminal work that challenges conventional thinking, enhances understanding, and paves the way for a more secure cyber landscape. Whether you are seeking to deepen your knowledge or simply gain a high-level exposure to cybersecurity concepts, "Cybersecurity Myths and Misconceptions" is a must-read.
Prepare to embark on a transformative journey and emerge armed with the knowledge to dismantle the falsehoods that threaten our digital realm.
Reviewed in the United States on June 9, 2023
In a world where cybersecurity is increasingly critical, it is vital to challenge and debunk the myths that hinder progress and compromise security efforts. The authors delve deep into the web of falsehoods that permeate the industry, addressing misconceptions from the frontlines to the boardroom. By presenting real-world examples and drawing from their vast experience, they empower readers to recognize and overcome these myths, ultimately building more secure products, businesses, and practices.
One of the key insights the authors bring forth is the fallacy of considering users as the weakest link in cybersecurity. Through their compelling arguments, they shed light on the complex dynamics involved and the shared responsibility that exists between users, developers, researchers, and leaders. This fresh perspective challenges conventional wisdom and highlights the need for a holistic approach to cybersecurity.
"Cybersecurity Myths and Misconceptions" stands out for its pragmatic and actionable advice. The book not only identifies common misconceptions but also provides practical strategies and recommended mitigations for combating them. From analogies and security tools to the pitfalls of faulty assumptions and misguided "best practices," the authors leave no stone unturned. Each myth is carefully examined, empowering readers to make informed decisions and enhance their cybersecurity defenses.
The authors' ability to bridge the gap between technical concepts and everyday understanding is commendable. They effectively communicate complex ideas, making the book accessible to readers with varying levels of expertise. By weaving in real-life cybersecurity events, the authors make the material engaging, relatable, and thought-provoking.
"Cybersecurity Myths and Misconceptions" is not just a book; it is a guide for navigating the treacherous landscape of cybersecurity. Its comprehensive coverage, insightful analysis, and practical advice make it an essential resource for cybersecurity professionals, leaders, developers, researchers, and even those new to the field. It equips readers with the skills to identify emerging myths, avoid future pitfalls, and contribute to a safer digital world.
Spafford, Metcalf, and Dykstra have come together to create a seminal work that challenges conventional thinking, enhances understanding, and paves the way for a more secure cyber landscape. Whether you are seeking to deepen your knowledge or simply gain a high-level exposure to cybersecurity concepts, "Cybersecurity Myths and Misconceptions" is a must-read.
Prepare to embark on a transformative journey and emerge armed with the knowledge to dismantle the falsehoods that threaten our digital realm.
All this FUD can lead to industry myths that often take a life of their own. And dispelling these myths can be a significant endeavor for information security professionals. In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us (Addison-Wesley), authors Drs. Eugene Spafford, Leigh Metcalf, and Josiah Dykstra have written a fascinating book to clarify myth from reality.
While the function of the book is to dispel the myths, it also serves as an excellent introduction to computer security. The authors bring significant experience to every chapter. Dr. Gene Spafford, better known as Spaf, a professor of computer science at Purdue University, is one of the most influential people in computer security. Metcalf is a senior network security research analyst at Carnegie Mellon University, while Dykstra is a Senior Fellow at the National Security Agency.
The book will be like a walk down memory lane for those who have been in information security for a while. Lots of buzzwords and hype from the past are discussed and dispelled. For the information security newbie, it serves as an excellent introductory text.
For those interviewing information security staff at all levels, each of the myths and misconceptions written about can be used as launching questions during a technical interview. Discussing a myth and misconception is a great open-ended question that lends itself to a fruitful interview, where you can truly discern the candidate’s understanding of information security.
Here are three of the more interesting myths and misconceptions I found insightful:
Sharing more cyber threat intel will make things better – It is not about the volume of sharing; it is about better sharing, as threat intelligence takes many forms. Massive information dumps don't help anyone. But sharing specific knowledge to help a defender know which attacker behavior to look for, and the so what if it is discovered – that sharing is invaluable.
Believe and fear every hacking demo you see – there is a misconception that every demonstration or academic finding will result in widespread use.
For example, security researchers dropped a bombshell at Black Hat 2019 that the Boeing Dreamliner is susceptible to hacking. Only one-third of all CVEs are ever seen in live environments, and of those, only 5% have known exploits.
As to dealing with CVEs, this is getting harder. Ben Edwards of the Cyentia Institute said at the RSA conference last week that vulnerabilities are significantly increasing, and it won't be much longer until there are over 1,000 CVEs issued weekly.
There is a shortage of cybersecurity talent – there is a lot of FUD stating that there are millions of available information security jobs. According to some estimates, their numbers would indicate that 1% of the US population is needed to work in information security to ameliorate the shortage.
Much of the so-called shortage is due to firms unwilling to pay market rates for information security professionals. Firms that pay market rates find the lack is not necessarily so terrible.
The authors use a variation of one of Spaf's analogies, that instead of worrying about how to produce more firefighters. Perhaps we should put some effort into reducing the construction of buildings from gasoline-soaked balsa wood. Sage advice, indeed.
Cybersecurity Myths and Misconceptions is a fascinating and engaging read. For the experienced professional, it will validate many things and have you laughing about some of the things from the past. For the not-so-experienced security professional, this will make you smarter and more valuable to your organization. It's a great read from some of the most intelligent people in the industry.
The title may make readers think this is just Snopes in print debunking myths. But it is much more than that. It shows the reader, in explicit detail, what it takes to do this thing called information security. There's a lot of great information here, and I could end this review by saying that it's no myth, but I won't.