Cybersecurity First Principles: A Reboot of Strategy and Tactics

Read more

The first expert discussion of the foundations of cybersecurity
 
In Cybersecurity First Principles, Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. The author convincingly lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.
 
In the book, you'll explore:
* Infosec history from the 1960s until the early 2020s and why it has largely failed
* What the infosec community should be trying to achieve instead
* The arguments for the absolute and atomic cybersecurity first principle
* The strategies and tactics to adopt that will have the greatest impact in pursuing the ultimate first principle
* Case studies through a first principle lens of the 2015 OPM hack, the 2016 DNC Hack, the 2019 Colonial Pipeline hack, and the Netflix Chaos Monkey resilience program
* A top to bottom explanation of how to calculate cyber risk for two different kinds of companies
 
This book is perfect for cybersecurity professionals at all levels: business executives and senior security professionals, mid-level practitioner veterans, newbies coming out of school as well as career-changers seeking better career opportunities, teachers, and students.

List of contents

Who We Are xxi
 
Introduction 1
 
Who Is This Book For?
 
What the Book Covers
 
Writing Conventions
 
Road Map
 
1 First Principles 9
 
Overview
 
What Are First Principles?
 
What Is the Atomic Cybersecurity First Principle?
 
Conclusion
 
2 Strategies 41
 
Overview
 
Strategies vs. Tactics
 
What Are the Essential Strategies Required for a First
 
Principle Infosec Program?
 
Zero Trust Strategy Overview-
 
Intrusion Kill Chain Prevention Strategy Overview
 
Resilience Strategy Overview
 
Risk Forecasting Strategy Overview
 
Automation Strategy Overview
 
Conclusion
 
3 Zero Trust 57
 
Overview
 
The Use Case for Zero Trust: Edward Snowden
 
Zero Trust: Overhyped in the Market but.
 
Cyber Hygiene, Defense in Depth, and Perimeter Defense:
 
Zero Trust Before We Had Zero Trust
 
Zero Trust Is Born
 
Zero Trust Is a Philosophy, Not a Product
 
Meat- and- Potatoes Zero Trust
 
Logical and Micro Segmentation
 
Vulnerability Management: A Zero Trust Tactic
 
Software Bill of Materials: A Zero Trust Tactic
 
Identity Management: A Tactic for Zero Trust
 
Single Sign- On: A Zero Trust Tactic
 
Two- Factor Authentication: A Tactic for Zero Trust
 
Software- Defined Perimeter: A Tactic for Zero Trust
 
Why Zero Trust Projects Fail
 
Conclusion
 
4 Intrusion Kill Chain Prevention 121
 
Overview
 
The Beginnings of a New Idea
 
The Lockheed Martin Kill Chain Paper
 
Kill Chain Models
 
Cyber Threat Intelligence Operations as a Journey
 
Red/Blue/Purple Team Operations: A Tactic for Intrusion
 
Kill Chain Prevention
 
Intelligence Sharing: A Tactic for Intrusion Kill Chain
 
Prevention
 
Conclusion
 
5 Resilience 203
 
Overview
 
What Is Resilience?
 
Crisis Handling: A Tactic for Resilience
 
Backups: A Tactic for Resilience
 
Encryption: A Tactic for Resilience
 
Incident Response: A Tactic for Resilience
 
Conclusion
 
6 Risk Forecasting 255
 
Overview
 
Superforecasting, Fermi Estimates, and Black Swans
 
Bayes Rule: A Different Way to Think About
 
Cybersecurity Risk
 
Risk Forecasting with the Bayes Rule: A Practical
 
Example
 
Conclusion
 
7 Automation 307
 
Overview
 
Why Security Automation Is Essential
 
Early History of Software Development Philosophies
 
DevSecOps: An Essential Tactic for Automation
 
Compliance: A First Principle Tactic That Cuts Across
 
All Strategies
 
Chaos Engineering for Automation and Resilience
 
Conclusion
 
8 Summation 341
 
Overview
 
Zero Trust
 
Conclusion
 
Index 351

About the author

RICK HOWARD is the Chief Analyst and Senior Fellow at The CyberWire, the world's largest cybersecurity podcast network, and the CSO of N2K (The CyberWire's parent company). He's been a CSO for Palo Alto Networks, TASC, and a former Commander for the U.S. Army's Computer Emergency Response Team. He helped found the Cyber Threat Alliance (an ISAO for security vendors) and the Cybersecurity Canon Project (a Rock & Roll Hall of Fame for cybersecurity books).

Summary

The first expert discussion of the foundations of cybersecurity

In Cybersecurity First Principles, Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. The author convincingly lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.

In the book, you'll explore:
* Infosec history from the 1960s until the early 2020s and why it has largely failed
* What the infosec community should be trying to achieve instead
* The arguments for the absolute and atomic cybersecurity first principle
* The strategies and tactics to adopt that will have the greatest impact in pursuing the ultimate first principle
* Case studies through a first principle lens of the 2015 OPM hack, the 2016 DNC Hack, the 2019 Colonial Pipeline hack, and the Netflix Chaos Monkey resilience program
* A top to bottom explanation of how to calculate cyber risk for two different kinds of companies

This book is perfect for cybersecurity professionals at all levels: business executives and senior security professionals, mid-level practitioner veterans, newbies coming out of school as well as career-changers seeking better career opportunities, teachers, and students.