Read more
Deals with the national debate on protecting critical infrastructure. This book covers cyber security policy development for massively complex infrastructure using ten principles derived from experiences in US Federal Government settings and a range of global commercial environments.
List of contents
1. Introduction2. Deception3. Separation4. Diversity5. Commonality6. Depth7. Discretion8. Collection9. Correlation10. Awareness11. ResponseAppendix: Sample National Infrastructure Protection Requirements
Report
"Amoroso s advice takes the art out of the debate onwhether security is art or science. He brings a high level goal oriented approach to practical situations in order for the right security decisions to appear obvious to the reader. However, no book is a single solution, and this one is no exception. Some readers may be disappointed not to find comprehensive references for further reading. It is apparent that the book surveys a great deal of literature, but there is no bibliography. Readers may also be disappointed that there is no step-by-step guaranteed path to cyber security solutions. The book provides no procedures or checklists. Nevertheless, those who allow Amoroso to influence their view of the security problem at the level he chooses to present it should more easily be able to recognize cyber security solutions." --Computers and Security
"Ed Amoroso has again given the policy community a thoughtful roadmap. Cyberthreats are becoming more sophisticated, but thankfully Ed is well abreast of the problem and leading with solutions." --John Hamre, Deputy Secretary of Defense (1997-2000), president and CEO of the Center for Strategic and Informational Studies, Washington, DC
"Dr. Amoroso's fifth book Cyber Attacks: Protecting National Infrastructure outlines the challenges of protecting our nation's infrastructure from cyber attack using security techniques established to protect much smaller and less complex environments. He proposes a brand new type of national infrastructure protection methodology and outlines a strategy presented as a series of ten basic design and operations principles ranging from deception to response. The bulk of the text covers each of these principles in technical detail. While several of these principles would be daunting to implement and practice they provide the first clear and concise framework for discussion of this critical challenge. This text is thought-provoking and should be a must read for anyone concerned with cybersecurity in the private or government sector." --Clayton W. Naeve, Ph.D., Senior Vice President and Chief Information Officer, Endowed Chair in Bioinformatics, St. Jude Children's Research Hospital, Memphis, TN
"Dr. Ed Amoroso reveals in plain English the threats and weaknesses of our critical infrastructure balanced against practices that reduce the exposures. This is an excellent guide to the understanding of the cyber-scape that the security professional navigates. The book takes complex concepts of security and simplifies it into coherent and simple to understand concepts." --Arnold Felberbaum, Chief IT Security & Compliance Officer, Reed Elsevier
"The national infrastructure, which is now vital to communication, commerce and entertainment in everyday life, is highly vulnerable to malicious attacks and terrorist threats. Today, it is possible for botnets to penetrate millions of computers around the world in few minutes, and to attack the valuable national infrastructure. "As the New York Times reported, the growing number of threats by botnets suggests that this cyber security issue has become a serious problem, and we are losing the war against these attacks. "While computer security technologies will be useful for network systems, the reality tells us that this conventional approach is not effective enough for the complex, large-scale national infrastructure. "Not only does the author provide comprehensive methodologies based on 25 years of experience in cyber security at AT&T, but he also suggests security through obscurity, which attempts to use secrecy to provide security." --Byeong Gi Lee, President, IEEE Communications Society, and Commissioner of the Korea Communications Commission (KCC)
