Welcome to your Cyber Security Fundamentalsreading list. Here you will find resources selected by your course team to support you throughout this module.
Open Source Intelligence Techniques by Bazzell, M.Fifth Edition Sheds New Light on Open Source Intelligence Collection and Analysis.Author Michael Bazzell has been well known and respected in government circles for his ability to locate personal information about any target through Open Source Intelligence (OSINT). In this book, he shares his methods in great detail. Each step of his process is explained throughout sixteen chapters of specialized websites, application programming interfaces, and software solutions. Based on his live and online video training at IntelTechniques.com, over 250 resources are identified with narrative tutorials and screen captures. This book will serve as a reference guide for anyone that is responsible for the collection of online content. It is written in a hands-on style that encourages the reader to execute the tutorials as they go. The search techniques offered will inspire analysts to "think outside the box" when scouring the internet for personal information. Much of the content of this book has never been discussed in any publication. Always thinking like a hacker, the author has identified new ways to use various technologies for an unintended purpose. This book will improve anyone's online investigative skills. Among other techniques, you will learn how to locate: Hidden Social Network ContentCell Phone Subscriber InformationDeleted Websites & PostsMissing Facebook Profile DataFull Twitter Account DataAlias Social Network ProfilesFree Investigative SoftwareUseful Browser ExtensionsAlternative Search Engine ResultsWebsite Owner InformationPhoto GPS & MetadataLive Streaming Social ContentSocial Content by LocationIP Addresses of UsersAdditional User AccountsSensitive Documents & PhotosPrivate Email AddressesDuplicate Video PostsMobile App Network DataUnlisted Addresses & #sPublic Government RecordsDocument MetadataRental Vehicle ContractsOnline Criminal ActivityPersonal Radio CommunicationsCompromised Email InformationWireless Routers by LocationHidden Mapping ApplicationsDark Web Content (Tor)Restricted YouTube ContentHidden Website DetailsVehicle Registration Details
Call Number: 372.1 BAZ
Publication Date: 2016
Influence by Cialdini, R.Influence: Science and Practice is an examination of the psychology of compliance (i.e. uncovering which factors cause a person to say "yes" to another's request). Written in a narrative style combined with scholarly research, Cialdini combines evidence from experimental work with the techniques and strategies he gathered while working as a salesperson, fundraiser, advertiser, and in other positions inside organizations that commonly use compliance tactics to get us to say "yes." Widely used in classes, as well as sold to people operating successfully in the business world, the eagerly awaited revision of Influence reminds the reader of the power of persuasion. Cialdini organizes compliance techniques into six categories based on psychological principles that direct human behavior: reciprocation, consistency, social proof, liking, authority, and scarcity.
Call Number: 153.852 CIA
Publication Date: 2008
Social Engineering by Hadnagy, C., Wozniak, S.Harden the human firewall against the most current threats Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker's repertoire--why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly-used techniques that fool even the most robust security personnel, and shows you how these techniques have been used in the past. The way that we make decisions as humans affects everything from our emotions to our security. Hackers, since the beginning of time, have figured out ways to exploit that decision making process and get you to take an action not in your best interest. This new Second Edition has been updated with the most current methods used by sharing stories, examples, and scientific study behind how those decisions are exploited. Networks and systems can be hacked, but they can also be protected; when the "system" in question is a human being, there is no software to fall back on, no hardware upgrade, no code that can lock information down indefinitely. Human nature and emotion is the secret weapon of the malicious social engineering, and this book shows you how to recognize, predict, and prevent this type of manipulation by taking you inside the social engineer's bag of tricks. Examine the most common social engineering tricks used to gain access Discover which popular techniques generally don't work in the real world Examine how our understanding of the science behind emotions and decisions can be used by social engineers Learn how social engineering factors into some of the biggest recent headlines Learn how to use these skills as a professional social engineer and secure your company Adopt effective counter-measures to keep hackers at bay By working from the social engineer's playbook, you gain the advantage of foresight that can help you protect yourself and others from even their best efforts. Social Engineering gives you the inside information you need to mount an unshakeable defense.
Call Number: 005.8 HAD
Publication Date: 2018
The Art of Deception by Mitnick, K.D., Simon, W.L., Wozniak, S.The world's most infamous hacker offers an insider's view of thelow-tech threats to high-tech security Kevin Mitnick's exploits as a cyber-desperado and fugitive form oneof the most exhaustive FBI manhunts in history and have spawneddozens of articles, books, films, and documentaries. Since hisrelease from federal prison, in 1998, Mitnick has turned his lifearound and established himself as one of the most sought-aftercomputer security experts worldwide. Now, in The Art of Deception,the world's most notorious hacker gives new meaning to the oldadage, "It takes a thief to catch a thief." Focusing on the human factors involved with information security,Mitnick explains why all the firewalls and encryption protocols inthe world will never be enough to stop a savvy grifter intent onrifling a corporate database or an irate employee determined tocrash a system. With the help of many fascinating true stories ofsuccessful attacks on business and government, he illustrates justhow susceptible even the most locked-down information systems areto a slick con artist impersonating an IRS agent. Narrating fromthe points of view of both the attacker and the victims, heexplains why each attack was so successful and how it could havebeen prevented in an engaging and highly readable style reminiscentof a true-crime novel. And, perhaps most importantly, Mitnickoffers advice for preventing these types of social engineeringhacks through security protocols, training programs, and manualsthat address the human element of security.
Call Number: 005.8 MIT + eBook
Publication Date: 2003
Cyber-Risk Management by Refsdal, A., Solhaug, B., Stølen, K.This book provides a brief and general introduction to cybersecurity and cyber-risk assessment. Not limited to a specific approach or technique, its focus is highly pragmatic and is based on established international standards (including ISO 31000) as well as industrial best practices. It explains how cyber-risk assessment should be conducted, which techniques should be used when, what the typical challenges and problems are, and how they should be addressed. The content is divided into three parts. First, part I provides a conceptual introduction to the topic of risk management in general and to cybersecurity and cyber-risk management in particular. Next, part II presents the main stages of cyber-risk assessment from context establishment to risk treatment and acceptance, each illustrated by a running example. Finally, part III details four important challenges and how to reasonably deal with them in practice: risk measurement, risk scales, uncertainty, and low-frequency risks with high consequence. The target audience is mainly practitioners and students who are interested in the fundamentals and basic principles and techniques of security risk assessment, as well as lecturers seeking teaching material. The book provides an overview of the cyber-risk assessment process, the tasks involved, and how to complete them in practice.
Call Number: 658.478 REF + eBook
Publication Date: 2015
Threat Modeling by Shostack, A.The only security book to be chosen as a Dr. Dobbs Jolt Award Finalist since Bruce Schneier's Secrets and Lies and Applied Cryptography! Adam Shostack is responsible for security development lifecycle threat modeling at Microsoft and is one of a handful of threat modeling experts in the world. Now, he is sharing his considerable expertise into this unique book. With pages of specific actionable advice, he details how to build better security into the design of systems, software, or services from the outset. You'll explore various threat modeling approaches, find out how to test your designs against threats, and learn effective ways to address threats that have been validated at Microsoft and other top companies. Systems security managers, you'll find tools and a framework for structured thinking about what can go wrong. Software developers, you'll appreciate the jargon-free and accessible introduction to this essential skill. Security professionals, you'll learn to discern changing threats and discover the easiest ways to adopt a structured approach to threat modeling. Provides a unique how-to for security and software developers who need to design secure products and systems and test their designs Explains how to threat model and explores various threat modeling approaches, such as asset-centric, attacker-centric and software-centric Provides effective approaches and techniques that have been proven at Microsoft and elsewhere Offers actionable how-to advice not tied to any specific software, operating system, or programming language Authored by a Microsoft professional who is one of the most prominent threat modeling experts in the world As more software is delivered on the Internet or operates on Internet-connected devices, the design of secure software is absolutely critical. Make sure you're ready with Threat Modeling: Designing for Security.
Call Number: 005.8 SHO + eBook
Publication Date: 2014
Cyber Security by Sutton, D.Nearly every day we hear news that customer data has been compromised or new bugs have been discovered, leaving it open to the risk of falling into the wrong hands. Cyber security is more essential today than ever, not just in the workplace but at home too. This book covers the various types of cyber threat and explains what you can do to mitigate these risks and keep your data secure.
Call Number: 005.8 SUT + eBook
Publication Date: 2017
Security Engineering by Anderson, R.Now that there''s software in everything, how can you make anything secure? Understand how to engineer dependable systems with this newly updated classic In Security Engineering: A Guide to Building Dependable Distributed Systems, Third Edition Cambridge University professor Ross Anderson updates his classic textbook and teaches readers how to design, implement, and test systems to withstand both error and attack. This book became a best-seller in 2001 and helped establish the discipline of security engineering. By the second edition in 2008, underground dark markets had let the bad guys specialize and scale up; attacks were increasingly on users rather than on technology. The book repeated its success by showing how security engineers can focus on usability. Now the third edition brings it up to date for 2020. As people now go online from phones more than laptops, most servers are in the cloud, online advertising drives the Internet and social networks have taken over much human interaction, many patterns of crime and abuse are the same, but the methods have evolved. Ross Anderson explores what security engineering means in 2020, including: How the basic elements of cryptography, protocols, and access control translate to the new world of phones, cloud services, social media and the Internet of Things Who the attackers are - from nation states and business competitors through criminal gangs to stalkers and playground bullies What they do - from phishing and carding through SIM swapping and software exploits to DDoS and fake news Security psychology, from privacy through ease-of-use to deception The economics of security and dependability - why companies build vulnerable systems and governments look the other way How dozens of industries went online - well or badly How to manage security and safety engineering in a world of agile development - from reliability engineering to DevSecOps The third edition of Security Engineering ends with a grand challenge: sustainable security. As we build ever more software and connectivity into safety-critical durable goods like cars and medical devices, how do we design systems we can maintain and defend for decades? Or will everything in the world need monthly software upgrades, and become unsafe once they stop?
Call Number: eBook
Publication Date: 2020
Cybersecurity: a Business Solution by Arnold, R.As a business leader, you might think you have cybersecurity under control because you have a great IT team. But managing cyber risk requires more than firewalls and good passwords. Cash flow, insurance, relationships, and legal affairs for an organization all play major roles in managing cyber risk. Treating cybersecurity as "just an IT problem" leaves an organization exposed and unprepared. Therefore, executives must take charge of the big picture. Cybersecurity: A Business Solution is a concise guide to managing cybersecurity from a business perspective, written specifically for the leaders of small and medium businesses. In this book you will find a step-by-step approach to managing the financial impact of cybersecurity. The strategy provides the knowledge you need to steer technical experts toward solutions that fit your organization's business mission. The book also covers common pitfalls that lead to a false sense of security. And, to help offset the cost of higher security, it explains how you can leverage investments in cybersecurity to capture market share and realize more profits. The book's companion material also includes an executive guide to The National Institute of Standards and Technology (NIST) Cybersecurity Framework. It offers a business level overview of the following key terms and concepts, which are central to managing its adoption. Tiers Profiles Functions Informative References
Call Number: 005.8 ARN
Publication Date: 2017
Cyber Security Basics by Franke, D.Information security does not have to be complicated. A clear understanding of the fundamentals can help establish a solid information security foundation for individuals, small businesses and large organizations. This 100-page book provides a primer for those new to the field, and a refresher for the more seasoned practitioner. The goal is to help clear some of the fog that can get in the way of implementing best practices. Practical and effective information security does not have to be complicated-- it can be achieved by learning and applying cyber security basics.