Cybersecurity For Dummies - Joseph Steinberg

Blick ins Buch

Cybersecurity For Dummies (eBook)

Joseph Steinberg (Autor)

eBook Download: EPUB

2022 | 2. Auflage
416 Seiten
Wiley (Verlag)
978-1-119-86720-3 (ISBN)

Lese- und Medienproben

Ebook-Leseprobe (EPUB)

Explore the latest developments in cybersecurity with this essential guide

Every day it seems we read another story about one company or another being targeted by cybercriminals. It makes some of us wonder: am I safe online? The good news is that we can all be cybersecure-and it doesn't take a degree in computer science to make it happen!

Cybersecurity For Dummies is the down-to-earth guide you need to secure your own data (and your company's, too). You'll get step-by-step guidance on how to implement reasonable security measures, prevent cyber attacks, deal securely with remote work, and what to do in the event that your information is compromised.

The book also offers:

Updated directions on how to prevent ransomware attacks and how to handle the situation if you become a target
Step-by-step instructions on how to create data backups and implement strong encryption
Basic info that every aspiring cybersecurity professional needs to know

Cybersecurity For Dummies is the ideal handbook for anyone considering a career transition into cybersecurity, as well as anyone seeking to secure sensitive information.

Joseph Steinberg is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP^®, ISSAP^®, ISSMP^®, and CSSLP^®. Joseph has written several books on cybersecurity, including the previous edition of Cybersecurity For Dummies. He is currently a consultant on information security, and serves as an expert witness in related matters.

Explore the latest developments in cybersecurity with this essential guide Every day it seems we read another story about one company or another being targeted by cybercriminals. It makes some of us wonder: am I safe online? The good news is that we can all be cybersecure and it doesn t take a degree in computer science to make it happen! Cybersecurity For Dummies is the down-to-earth guide you need to secure your own data (and your company s, too). You ll get step-by-step guidance on how to implement reasonable security measures, prevent cyber attacks, deal securely with remote work, and what to do in the event that your information is compromised. The book also offers: Updated directions on how to prevent ransomware attacks and how to handle the situation if you become a target Step-by-step instructions on how to create data backups and implement strong encryption Basic info that every aspiring cybersecurity professional needs to knowCybersecurity For Dummies is the ideal handbook for anyone considering a career transition into cybersecurity, as well as anyone seeking to secure sensitive information.

Joseph Steinberg is a master of cybersecurity. He is one of very few people to hold the suite of security certifications including: CISSP¯®, ISSAP¯®, ISSMP¯®, and CSSLP¯®. Joseph has written several books on cybersecurity, including the previous edition of Cybersecurity For Dummies. He is currently a consultant on information security, and serves as an expert witness in related matters.

Introduction 1

Part 1: Getting Started with Cybersecurity 5

Chapter 1: What Exactly Is Cybersecurity? 7

Chapter 2: Getting to Know Common Cyberattacks 23

Chapter 3: The Bad Guys You Must Defend Against 49

Part 2: Improving Your Own Personal Security 69

Chapter 4: Evaluating Your Current Cybersecurity Posture 71

Chapter 5: Enhancing Physical Security 93

Chapter 6: Cybersecurity Considerations When Working from Home 105

Part 3: Protecting Yourself from Yourself 115

Chapter 7: Securing Your Accounts 117

Chapter 8: Passwords 135

Chapter 9: Preventing Social Engineering Attacks 151

Part 4: Cybersecurity for Businesses, Organizations, and Government 173

Chapter 10: Securing Your Small Business 175

Chapter 11: Cybersecurity and Big Businesses 201

Part 5: Handling a Security Incident (This Is a When, Not an If) 217

Chapter 12: Identifying a Security Breach 219

Chapter 13: Recovering from a Security Breach 239

Part 6: Backing Up and Recovery 259

Chapter 14: Backing Up 261

Chapter 15: Resetting Your Device 289

Chapter 16: Restoring from Backups 299

Part 7: Looking toward the Future 321

Chapter 17: Pursuing a Cybersecurity Career 323

Chapter 18: Emerging Technologies Bring New Threats 337

Part 8: The Part of Tens 351

Chapter 19: Ten Ways to Improve Your Cybersecurity without Spending a Fortune 353

Chapter 20: Ten (or So) Lessons from Major Cybersecurity Breaches 359

Chapter 21: Ten Ways to Safely Use Public Wi-Fi 367

Index 371

Chapter 1

What Exactly Is Cybersecurity?

IN THIS CHAPTER

Understanding the difference between cybersecurity and information security

Showing why cybersecurity is a constantly moving target

Understanding the goals of cybersecurity

Looking at the risks mitigated by cybersecurity

To improve your ability to keep yourself and your loved ones cybersecure, you need to understand what cybersecure means, what your goals should be vis-à-vis cybersecurity, and what exactly you’re securing against.

While the answers to these questions may initially seem simple and straightforward, they aren’t. As you see in this chapter, these answers can vary dramatically between people, company divisions, organizations, and even within the same entity at different times.

Cybersecurity Means Different Things to Different Folks

While cybersecurity may sound like a simple enough term to define, in actuality, from a practical standpoint, it means quite different things to different people in different situations, leading to extremely varied relevant policies, procedures, and practices. Individuals who want to protect their social media accounts from hacker takeovers, for example, are exceedingly unlikely to assume many of the approaches and technologies used by Pentagon workers to secure classified networks.

Typically, for example:

For individuals, cybersecurity means that their personal data is not accessible to anyone other than themselves and others they have authorized, and that their computing devices work properly and are free from malware.
For small business owners, cybersecurity may include ensuring that credit card data is properly protected and that standards for data security are properly implemented at point-of-sale registers.
For firms conducting online business, cybersecurity may include protecting servers that untrusted outsiders regularly interact with.
For shared service providers, cybersecurity may entail protecting numerous data centers that house numerous servers that, in turn, host many virtual servers belonging to many different organizations.
For the government, cybersecurity may include establishing different classifications of data, each with its own set of related laws, policies, procedures, and technologies.

The bottom line is that while the word cybersecurity is easy to define, the practical expectations that enters people’s minds when they hear the word vary quite a bit.

Technically speaking, cybersecurity is the subset of information security that addresses information and information systems that store and process data in electronic form, whereas information security encompasses the security of all forms of data (for example, securing a paper file and a filing cabinet).

That said, today, many people colloquially interchange the terms, often referring to aspects of information security that are technically not part of cybersecurity as being part of the latter. Such usage also results from the blending of the two in many situations. Technically speaking, for example, if someone writes down a password on a piece of paper and leaves the paper on a desk where other people can see the password instead of placing the paper in a safe deposit box or safe, that person has violated a principle of information security, not of cybersecurity, even though those actions may result in serious cybersecurity repercussions.

Cybersecurity Is a Constantly Moving Target

While the ultimate goal of cybersecurity may not change much over time, the policies, procedures, and technologies used to achieve it change dramatically as the years march on. Many approaches and technologies that were more than adequate to protect consumers’ digital data in 1980, for example, are effectively worthless today, either because they’re no longer practical to employ or because technological advances have rendered them obsolete or impotent.

While assembling a complete list of every advancement that the world has seen in recent decades and how such changes impact cybersecurity in effectively impossible, we can examine several key development area and their impacts on the ever-evolving nature of cybersecurity: technological changes, economic model shifts, and outsourcing.

Technological changes

Technological changes tremendously impact cybersecurity. New risks come along with the new capabilities and conveniences that new offerings deliver. As the pact of technological advancement continues to increase, therefore, so does the pace of new cybersecurity risks. While the number of such risks created over the past few decades as the result of new offerings is astounding, the areas described in the following sections have yielded a disproportionate impact on cybersecurity.

Digital data

In the last few decades we have witnessed dramatic changes in the technologies that exist, as well as who use such technologies, how they do so, and for what purposes. All of these factors impact cybersecurity.

Consider, for example, that when many of the people alive today were children, controlling access to data in a business environment simply meant that the data owner placed a physical file containing the information into a locked cabinet and gave the key to only people the owner recognized as being authorized personnel and only when they requested the key during business hours. For additional security, the data owner may have located the cabinet in an office that was locked after business hours and which itself was in a building that was also locked and alarmed.

Today, with the digital storage of information, however, simple filing and protection schemes have been replaced with complex technologies that must automatically authenticate users who seek the data from potentially any location at potentially any time, determine whether the users are authorized to access a particular element or set of data, and securely deliver the proper data — all while preventing any attacks against the system servicing data requests, any attacks against the data in transit, and any of the security controls protecting the both of them.

Furthermore, the transition from written communication to email and chat has moved tremendous amounts of sensitive information to Internet-connected servers. Likewise, society’s move from film to digital photography and videography has increased the stakes for cybersecurity. Nearly every photograph and video taken today is stored electronically rather than on film and negatives — a situation that has enabled criminals situated anywhere to either steal people’s images and leak them, hold people’s valuable images ransom with ransomware, or use them to create turmoil in people’s personal lives by creating fake profiles on dating sites, for example. The fact that movies and television shows are now stored and transmitted electronically has likewise allowed pirates to copy them and offer them to the masses — sometimes via malware-infested websites.

The Internet

The most significant technological advancement when it comes to cybersecurity impact has been the arrival of the Internet era, and, more specifically, the transformation of the Internet from a small network connecting researchers at a few universities to an enormous worldwide communication system utilized by a tremendous number of people, businesses, and organizations. In recent years, the Internet has also become the conduit for communication both by billions of smart devices and by people remotely connecting to industrial control systems. Just a few decades ago, it was unfathomable that hackers from across the globe could disrupt a business, manipulate an election, create a fuel shortage, pollute drinking water, or steal a billion dollars. Today, no knowledgeable person would dismiss any such possibilities.

Prior to the Internet era, it was extremely difficult for the average hacker to financially profit by hacking. The arrival of online banking and commerce in the 1990s, however, meant that hackers could directly steal money or goods and services — which meant that not only could hackers quickly and easily monetize their efforts, but unethical people had strong incentives to enter the world of cybercrime.

Cryptocurrency

Compounding those incentives severalfold has been the arrival and proliferation of cryptocurrency over the past decade, along with innovation that has dramatically magnified the potential return-on-investment for criminals involved in cybercrime, simultaneously increasing their ability to earn money through cybercrime and improving their ability to hide while doing so. Criminals historically faced a challenge when receiving payments since the account from which they ultimately withdrew the money could often be tied to them. Cryptocurrency effectively eliminated such risks.

In addition, not only has the dramatic rise in the value of cryptocurrencies held by criminals over the past few years enriched many crooks, providing evildoers with the resources to invest in enhancing their cyber-arsenals, but also the public’s perception of cryptocurrency as a quick way to get rich has helped scammers perpetuate all sorts of social engineering–based cybercrimes related to cryptocurrency investing.

Furthermore, the availability and global liquidity of cryptocurrency has helped criminals launder money...

Erscheint lt. Verlag	21.3.2022
Sprache	englisch
Themenwelt	Mathematik / Informatik ► Informatik ► Netzwerke
Schlagworte	Computer Science • Computersicherheit • cybersecurity • Cybersicherheit • Informatik • Networking / Security • Netzwerke / Sicherheit
ISBN-10	1-119-86720-7 / 1119867207
ISBN-13	978-1-119-86720-3 / 9781119867203

Haben Sie eine Frage zum Produkt?

EPUB (Adobe DRM)
Größe: 6,0 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belletristik und Sachbüchern. Der Fließtext wird dynamisch an die Display- und Schriftgröße angepasst. Auch für mobile Lesegeräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.