Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls That Derail Us (Paperback)

175+ Cybersecurity Misconceptions and the Myth-Busting Skills You Need to Correct Them

Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn't the user the weakest link?

In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derails security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.

Whatever your cybersecurity role or experience, Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout the book, you'll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses.

• Read over 175 common misconceptions held by users, leaders, and cybersecurity professionals, along with tips for how to avoid them.
• Learn the pros and cons of analogies, misconceptions about security tools, and pitfalls of faulty assumptions. What really is the weakest link? When aren't "best practices" best?
• Discover how others understand cybersecurity and improve the effectiveness of cybersecurity decisions as a user, a developer, a researcher, or a leader.
• Get a high-level exposure to why statistics and figures may mislead as well as enlighten.
• Develop skills to identify new myths as they emerge, strategies to avoid future pitfalls, and techniques to help mitigate them.
• Fall down the rabbit hole of analogies with whimsical illustrations of difficult concepts, coupled with extensive citations and humor-tinged prose that explain them.

「175+ 個網路安全誤解及你需要糾正它們的揭穿神技」

網路安全充滿了隱藏的危險和困難。儘管我們有最好的意圖，但常見且可避免的錯誤源於民間智慧、對世界的錯誤假設以及我們自身的人類偏見。網路安全的實施、調查和研究都因此受到影響。許多不良做法聽起來很合理，尤其對於新手來說，這意味著它們被採用和重複使用，儘管它們並不正確。例如，為什麼使用者不是最薄弱的環節呢？在《網路安全的神話和誤解：避免使我們偏離正軌的危險和陷阱》中，三位網路安全先驅不僅提供了首個全面的謬誤集合，從前線到董事會，他們還提供了專家實用建議，以避免或克服每個神話。

無論你在網路安全領域的角色或經驗如何，尤金·H·斯帕福德、利·梅特卡夫和約西亞·戴克斯特將幫助你揭示隱藏的危險，防止可避免的錯誤，消除錯誤的假設，並抵抗威脅預防、調查和研究的深層人類認知偏見。在整本書中，你將找到來自實際網路安全事件的例子，詳細的識別和克服安全謬誤的技巧，以及建立更安全產品和企業的建議緩解措施。

- 閱讀超過 175 個由使用者、領導者和網路安全專業人員持有的常見誤解，以及避免它們的提示。
- 了解類比的利弊、對安全工具的誤解以及錯誤假設的陷阱。什麼才是最薄弱的環節？何時「最佳實踐」並非最佳？
- 發現他人對網路安全的理解，並提高作為使用者、開發人員、研究人員或領導者的網路安全決策的效果。
- 獲得高層次的洞察，了解統計數據可能誤導和啟發的原因。
- 發展識別新神話的能力，避免未來陷阱的策略，以及幫助緩解它們的技巧。
- 深入探索類比的兔子洞，配以難懂概念的幽默插圖，並附有廣泛引用和幽默風格的散文來解釋它們。

Eugene H. Spafford, PhD, is a professor in Computer Science at Purdue University. In his 35-year career, Spaf has been honored with every major award in cybersecurity. Leigh Metcalf, PhD, is a Senior Network Security Research Analyst at the Carnegie Mellon University Software Engineering Institute's cybersecurity-focused CERT(R) division. Josiah Dykstra, PhD, is a cybersecurity practitioner, researcher, author, and speaker. He is the owner of Designer Security and has worked at the US National Security Agency for 18 years.

Eugene H. Spafford博士是普渡大學計算機科學系的教授。在他35年的職業生涯中，Spaf獲得了資訊安全領域的所有重要獎項。Leigh Metcalf博士是卡內基梅隆大學軟體工程研究所專注於資訊安全的CERT(R)部門的高級網路安全研究分析師。Josiah Dykstra博士是資訊安全從業者、研究員、作家和演講者。他是Designer Security的所有者，並在美國國家安全局工作了18年。