Taming the Hacking Storm

A transformative new approach to Internet security from an experienced industry expert

Taming the Hacking Storm: A Framework for Defeating Hackers and Malware is a groundbreaking new roadmap to solving the ubiquitous Internet security issues currently plaguing countries, businesses, and individuals around the world. In easy-to-understand and non-technical language, author and cybersecurity veteran Roger Grimes describes the most prevalent threats to our online safety today and what ties them all together. He goes on to lay out a comprehensive and robust framework for combating that threat—one that rests on a foundation of identity verification—and explains exactly how to implement it in the real world.

The author addresses each of the challenges, pitfalls, and roadblocks that might stand in the way of his solutions, offering practical ways to navigate, avoid, or counter those impediments. The book also includes:

• How to address peripheral security issues, including software and firmware vulnerabilities
• Strategies for addressing a lack of international agreement on the implementation of security standards and practices
• Things you can do today to encourage the development of a more secure, trusted Internet

An insightful and original new approach to cybersecurity that promises to transform the way we all use the Internet, Taming the Hacking Storm is a must-read guide for cybersecurity practitioners, academic researchers studying Internet security, and members of the general public with an interest in tech, security, and privacy.

About the Author vii

Preface xi

About This Book xxi

Acknowledgments xxiii

Chapter Summaries xxv

Part I: Identifying the Problem 1

Chapter 1: How Bad Is Internet Security? 3

Chapter 2: How We Are Attacked and Why 25

Chapter 3: The Problem 45

Chapter 4: Challenges 60

Part II: The Technology Solution 75

Chapter 5: The Solution 77

Chapter 6: Technology Solution Summary 95

Chapter 7: Trusted Identity 109

Chapter 8: Safe and Trusted Devices 140

Chapter 9: Trusted OSs and Apps 166

Chapter 10: Trusted Networks 191

Chapter 11: Trust Assurance Service 205

Chapter 12: Internet Security Global Alliance 222

Part III: Challenging the Solution 235

Chapter 13: Threat Modeling 237

Chapter 14: Common Questions 252

Part IV: Other Needed Solutions 261

Chapter 15: Secure Coding 263

Chapter 16: Better Patching 272

Chapter 17: Getting International Agreements 282

Chapter 18: What You Can Do 288

Index 297

ROGER A. GRIMES is a technical author and computer security veteran with 36 years’ experience in the IT industry. He is the Data-Driven Defense Evangelist at KnowBe4, a human risk management company, as well as a senior computer security consultant and cybersecurity architect. He specializes in hackers, malware, identity management, Windows computer security, host security, and quantum computing.

AN EXPERT DEMONSTRATION OF WEAVING SECURITY INTO YOUR ORGANISATION’S CULTURE

In Taming the Hacking Storm: A Framework for Defeating Hackers and Malware, 36-year veteran of the computer security industry, Roger Grimes, delivers a comprehensive and carefully considered solution to hacking and malware. Grimes pulls together a wide variety of ideas to create a cohesive set of strategies for dealing with the most pressing cybersecurity issues present on the internet today.

Using a framework based on robust identity verification, the author explains exactly how to apply his techniques in the real world. He walks you through the challenges, pitfalls, and roadblocks that stand in the way of the worldwide implementation of Grimes’ solutions and provides straightforward prescriptions for dealing with those impediments. The book also examines peripheral security issues, including software and firmware vulnerabilities, incomplete or delayed software patching, and a lack of agreement between countries on internet security issues.

Taming the Hacking Storm is a revolutionary new take on internet security that’s perfect for anyone interested in cybersecurity, as well as professionals in the cybersecurity industry, internet security organizations, and cybersecurity researchers in academia.