: Tim Rains
: Cybersecurity Threats, Malware Trends, and Strategies Discover risk mitigation strategies for modern threats to your organization
: Packt Publishing
: 9781804618950
: 1
: CHF 30.90
:
: Sonstiges
: English
: 584
: DRM
: PC/MAC/eReader/Tablet
: ePUB

Tim Rains is Microsoft's former Global Chief Security Advisor and Amazon Web Services' former Global Security Leader for Worldwide Public Sector. He has spent the last two decades advising private and public sector organizations all over the world on cybersecurity strategies.
Cybersecurity Threats, Malware Trends, and Strategies, Second Edition builds upon the success of the first edition that has helped so many aspiring CISOs, and cybersecurity professionals understand and develop effective data-driven cybersecurity strategies for their organizations. In this edition, you'll examine long-term trends in vulnerability disclosures and exploitation, regional differences in malware infections and the socio-economic factors that underpin them, and how ransomware evolved from an obscure threat to the most feared threat in cybersecurity. You'll also gain valuable insights into the roles that governments play in cybersecurity, including their role as threat actors, and how to mitigate government access to data. The book concludes with a deep dive into modern approaches to cybersecurity using the cloud.
By the end of this book, you will have a better understanding of the threat landscape, how to recognize good Cyber Threat Intelligence, and how to measure the effectiveness of your organization's cybersecurity strategy.

Preface


Imagine you are in a submarine submerged hundreds of feet below the surface surrounded by dark, freezing water. The hull of the submarine is under constant immense pressure from all directions. A single mistake in the design, construction, or operation of the submarine spells disaster for it and its entire crew.

This is analogous to the challenge thatChief Information Security Officers (CISOs) and their teams face today. Their organizations are surrounded on the Internet by badness that is constantly probing for ways to penetrate and compromise their IT infrastructures. The people in their organizations receive wave after wave of social engineering attacks designed to trick them into making poor trust decisions that will undermine the controls that their security teams have implemented. The specters of ransomware and data breaches continue to haunt CISOs,Chief Information Officers (CIOs), andChief Technology Officers (CTOs) of the most sophisticated organizations in the world.

After conducting hundreds of incident response investigations for Microsoft’s enterprise customers, publishing thousands of pages of threat intelligence, and assisting some ofAmazon Web Services’ (AWS) largest customers, I have had the opportunity to learn from and advise literally thousands of businesses and public sector organizations in almost every country around the world. I wrote this book to share some of the insights and lessons I’ve learned during this extraordinary journey.

The views and opinions expressed in this book are my own personal opinions and not those of my current or past employers.

Who this book is for


Chief Information Security Officers (CISOs) and aspiring CISOs,Chief Security Officers (CSOs),Chief Technology Officers (CTOs),Chief Information Officers (CIOs), cybersecurity professionals, compliance and audit professionals, senior IT management with cybersecurity responsibilities, vendors’ cybersecurity professional services consultants and salespeople, computer hobbyists with an interest in cybersecurity, and university level students aspiring to become cybersecurity professionals would all benefit from reading this book.

Readers should have basic knowledge ofInformation Technology (IT), with some insight into IT challenges in large-scale, complex enterprise IT environments. Intermediate knowledge of networking (TCP/IP networks) and software development principles, people management experience and insights into how enterprise scale organizations generally operate, and knowledge of basic cybersecurity concepts would all be useful as well.

What this book covers


Chapter 1,Introduction, discusses the most common ways that enterprise IT environments get initially compromised and how to mitigate them. This will prepare you to evaluate cybersecurity strategies that are designed to mitigate intrusion attempts (covered in later chapters).

Chapter 2,What to Know about Threat Intelligence, explains what threat intelligence is, how to de