Cyber Attacks: Protecting National Infrastructure (Hardcover)

No nation - especially the United States - has a coherent technical and architectural strategy for preventing cyber attack from crippling essential critical infrastructure services. This book initiates an intelligent national (and international) dialogue amongst the general technical community around proper methods for reducing national risk. This includes controversial themes such as the deliberate use of deception to trap intruders. It also serves as an attractive framework for a new national strategy for cyber security, something that several Presidential administrations have failed in attempting to create. In addition, nations other than the US might choose to adopt the framework as well Amoroso offers a technical, architectural, and management solution to the problem of protecting national infrastructure. This includes practical and empirically-based guidance for security engineers, network operators, software designers, technology managers, application developers, and even those who simply use computing technology in their work or home. Each principle is presented as a separate security strategy, along with pages of compelling examples that demonstrate use of the principle. A specific set of criteria requirements allows any organization, such as a government agency, to integrate the principles into their local environment. This book takes the national debate on protecting critical infrastructure in an entirely new and fruitful direction.

* Covers cyber security policy development for massively complex infrastructure using ten principles derived from experiences in U.S. Federal Government settings and a range of global commercial environments. * Provides a unique and provocative philosophy of cyber security that directly contradicts conventional wisdom about info sec for small or enterprise-level systems. * Illustrates the use of practical, trial-and-error findings derived from 25 years of hands-on experience protecting critical infrastructure on a daily basis at AT&T.

沒有一個國家 - 尤其是美國 - 對於防止網絡攻擊破壞基礎關鍵基礎設施服務有一個一致的技術和架構策略。本書在廣大技術社區中啟動了一個智能的國家（和國際）對話，探討減少國家風險的正確方法。這包括有爭議的主題，如故意使用欺騙手段來困住入侵者。它還為新的國家網絡安全戰略提供了一個有吸引力的框架，這是幾屆總統政府在創建方面失敗的。此外，除了美國之外的國家也可以選擇採用這個框架。Amoroso提供了一個保護國家基礎設施的技術、架構和管理解決方案。這包括針對安全工程師、網絡運營商、軟件設計師、技術經理、應用程序開發人員，甚至那些在工作或家庭中僅僅使用計算技術的人的實用和經驗主義指導。每個原則都被呈現為一個獨立的安全策略，並附有引人入勝的例子，以展示該原則的應用。一套具體的標準要求允許任何組織，如政府機構，將這些原則整合到他們的本地環境中。本書將關於保護關鍵基礎設施的國家辯論帶入了一個全新且有成果的方向。

* 以美國聯邦政府環境和一系列全球商業環境的經驗為基礎，涵蓋了大規模複雜基礎設施的網絡安全政策制定，使用了十個原則。
* 提供了一種獨特而引人思考的網絡安全哲學，直接與關於小型或企業級系統的信息安全的常識相矛盾。
* 通過25年來在AT&T每天保護關鍵基礎設施的實踐和試錯結果，說明了實用的發現。