{"product_id":"cybersecurity-first-principles-a-reboot-of-strategy-and-tactics-isbn-9781394173082","title":"Cybersecurity First Principles: A Reboot of Strategy and Tactics","description":"\u003cp\u003e\u003cb\u003eThe first expert discussion of the foundations of cybersecurity\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eIn \u003ci\u003eCybersecurity First Principles\u003c\/i\u003e, Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. The author convincingly lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.\u003c\/p\u003e \u003cp\u003eIn the book, you'll explore:\u003c\/p\u003e \u003cul\u003e \u003cli\u003eInfosec history from the 1960s until the early 2020s and why it has largely failed\u003c\/li\u003e \u003cli\u003eWhat the infosec community should be trying to achieve instead\u003c\/li\u003e \u003cli\u003eThe arguments for the absolute and atomic cybersecurity first principle\u003c\/li\u003e \u003cli\u003eThe strategies and tactics to adopt that will have the greatest impact in pursuing the ultimate first principle\u003c\/li\u003e \u003cli\u003eCase studies through a first principle lens of the 2015 OPM hack, the 2016 DNC Hack, the 2019 Colonial Pipeline hack, and the Netflix Chaos Monkey resilience program\u003c\/li\u003e \u003cli\u003eA top to bottom explanation of how to calculate cyber risk for two different kinds of companies\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eThis book is perfect for cybersecurity professionals at all levels: business executives and senior security professionals, mid-level practitioner veterans, newbies coming out of school as well as career-changers seeking better career opportunities, teachers, and students.\u003c\/p\u003e \u003cp\u003eWho We Are xxi\u003c\/p\u003e \u003cp\u003e\u003cb\u003eIntroduction 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eWho Is This Book For?\u003c\/p\u003e \u003cp\u003eWhat the Book Covers\u003c\/p\u003e \u003cp\u003eWriting Conventions\u003c\/p\u003e \u003cp\u003eRoad Map\u003c\/p\u003e \u003cp\u003e\u003cb\u003e1 First Principles 9\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eWhat Are First Principles?\u003c\/p\u003e \u003cp\u003eWhat Is the Atomic Cybersecurity First Principle?\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003e\u003cb\u003e2 Strategies 41\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eStrategies vs. Tactics\u003c\/p\u003e \u003cp\u003eWhat Are the Essential Strategies Required for a First\u003c\/p\u003e \u003cp\u003ePrinciple Infosec Program?\u003c\/p\u003e \u003cp\u003eZero Trust Strategy Overview-\u003c\/p\u003e \u003cp\u003eIntrusion Kill Chain Prevention Strategy Overview\u003c\/p\u003e \u003cp\u003eResilience Strategy Overview\u003c\/p\u003e \u003cp\u003eRisk Forecasting Strategy Overview\u003c\/p\u003e \u003cp\u003eAutomation Strategy Overview\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003e\u003cb\u003e3 Zero Trust 57\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eThe Use Case for Zero Trust: Edward Snowden\u003c\/p\u003e \u003cp\u003eZero Trust: Overhyped in the Market but.\u003c\/p\u003e \u003cp\u003eCyber Hygiene, Defense in Depth, and Perimeter Defense:\u003c\/p\u003e \u003cp\u003eZero Trust Before We Had Zero Trust\u003c\/p\u003e \u003cp\u003eZero Trust Is Born\u003c\/p\u003e \u003cp\u003eZero Trust Is a Philosophy, Not a Product\u003c\/p\u003e \u003cp\u003eMeat- and- Potatoes Zero Trust\u003c\/p\u003e \u003cp\u003eLogical and Micro Segmentation\u003c\/p\u003e \u003cp\u003eVulnerability Management: A Zero Trust Tactic\u003c\/p\u003e \u003cp\u003eSoftware Bill of Materials: A Zero Trust Tactic\u003c\/p\u003e \u003cp\u003eIdentity Management: A Tactic for Zero Trust\u003c\/p\u003e \u003cp\u003eSingle Sign- On: A Zero Trust Tactic\u003c\/p\u003e \u003cp\u003eTwo- Factor Authentication: A Tactic for Zero Trust\u003c\/p\u003e \u003cp\u003eSoftware- Defined Perimeter: A Tactic for Zero Trust\u003c\/p\u003e \u003cp\u003eWhy Zero Trust Projects Fail\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003e\u003cb\u003e4 Intrusion Kill Chain Prevention 121\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eThe Beginnings of a New Idea\u003c\/p\u003e \u003cp\u003eThe Lockheed Martin Kill Chain Paper\u003c\/p\u003e \u003cp\u003eKill Chain Models\u003c\/p\u003e \u003cp\u003eCyber Threat Intelligence Operations as a Journey\u003c\/p\u003e \u003cp\u003eRed\/Blue\/Purple Team Operations: A Tactic for Intrusion\u003c\/p\u003e \u003cp\u003eKill Chain Prevention\u003c\/p\u003e \u003cp\u003eIntelligence Sharing: A Tactic for Intrusion Kill Chain\u003c\/p\u003e \u003cp\u003ePrevention\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003e\u003cb\u003e5 Resilience 203\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eWhat Is Resilience?\u003c\/p\u003e \u003cp\u003eCrisis Handling: A Tactic for Resilience\u003c\/p\u003e \u003cp\u003eBackups: A Tactic for Resilience\u003c\/p\u003e \u003cp\u003eEncryption: A Tactic for Resilience\u003c\/p\u003e \u003cp\u003eIncident Response: A Tactic for Resilience\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003e\u003cb\u003e6 Risk Forecasting 255\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eSuperforecasting, Fermi Estimates, and Black Swans\u003c\/p\u003e \u003cp\u003eBayes Rule: A Different Way to Think About\u003c\/p\u003e \u003cp\u003eCybersecurity Risk\u003c\/p\u003e \u003cp\u003eRisk Forecasting with the Bayes Rule: A Practical\u003c\/p\u003e \u003cp\u003eExample\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003e\u003cb\u003e7 Automation 307\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eWhy Security Automation Is Essential\u003c\/p\u003e \u003cp\u003eEarly History of Software Development Philosophies\u003c\/p\u003e \u003cp\u003eDevSecOps: An Essential Tactic for Automation\u003c\/p\u003e \u003cp\u003eCompliance: A First Principle Tactic That Cuts Across\u003c\/p\u003e \u003cp\u003eAll Strategies\u003c\/p\u003e \u003cp\u003eChaos Engineering for Automation and Resilience\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003e\u003cb\u003e8 Summation 341\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview\u003c\/p\u003e \u003cp\u003eZero Trust\u003c\/p\u003e \u003cp\u003eConclusion\u003c\/p\u003e \u003cp\u003eIndex 351\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eRICK HOWARD\u003c\/b\u003e is the Chief Analyst and Senior Fellow at The CyberWire, the world’s largest cybersecurity podcast network, and the CSO of N2K (The CyberWire’s parent company). He’s been a CSO for Palo Alto Networks, TASC, and a former Commander for the U.S. Army’s Computer Emergency Response Team. He helped found the Cyber Threat Alliance (an ISAO for security vendors) and the Cybersecurity Canon Project (a Rock \u0026amp; Roll Hall of Fame for cybersecurity books).   \u003c\/p\u003e\u003cp\u003e“I often tell individuals just starting in cyber that if they want to understand what is going on, go listen to Rick.”\u003cbr\u003e \u003cb\u003e— Mark McLaughlin,\u003c\/b\u003e Former President, CEO and Chairman of the Board, Palo Alto Networks \u003c\/p\u003e\u003cp\u003e“Rick Howard has been at the forefront of cybersecurity since it existed as a profession. In \u003ci\u003eCybersecurity First Principles,\u003c\/i\u003e he not only educates but also entertains; something only the truly accomplished can achieve.” \u003cbr\u003e \u003cb\u003e— Jack Freund,\u003c\/b\u003e Co-Author of “\u003ci\u003eMeasuring and Managing Information Risk: A Fair Approach\u003c\/i\u003e” \u003c\/p\u003e\u003cp\u003e“Strategic thinking is critical to our success in securing our organizations. This book is an invaluable roadmap for how to approach cybersecurity strategically by an absolute legend in our industry.” \u003cbr\u003e \u003cb\u003e— George Finney,\u003c\/b\u003e author of “\u003ci\u003eProject Zero Trust: A Story about a Strategy for Aligning Security and the Business\u003c\/i\u003e” \u003c\/p\u003e\u003cp\u003eSince the 1970s, infosec practitioners have been incrementally improving the overall security landscape without ever taking a moment to consider if they were going in the right strategic direction in the first place. The author makes the case that they weren’t. The general direction wasn’t wrong per se, but the thought leaders in the space never got to the root of the problem. Retracing the footsteps of scientific thought leaders like Descartes and Elon Musk, this book makes the case for the ultimate cybersecurity first principle and outlines the strategies and tactics necessary to pursue it. \u003c\/p\u003e\u003cp\u003eA reboot of infosec strategy and tactics, this book explains: \u003c\/p\u003e\u003cul\u003e\n\u003cli\u003eWhy a first principle approach is necessary\u003c\/li\u003e \u003cli\u003e Five strategies that emerge because of it: Zero Trust, Intrusion Kill Chain Prevention, Resilience, Automation and Risk Forecasting\u003c\/li\u003e \u003cli\u003eHands-on tactics to achieve each strategy\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989019312357,"sku":"NP9781394173082","price":32.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781394173082.jpg?v=1761782460","url":"https:\/\/k12savings.com\/es\/products\/cybersecurity-first-principles-a-reboot-of-strategy-and-tactics-isbn-9781394173082","provider":"K12savings","version":"1.0","type":"link"}