The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Hardcover)
暫譯: CERT 內部威脅指南:如何預防、檢測及應對資訊科技犯罪 (精裝版)
Dawn M. Cappelli, Andrew P. Moore, Randall F. Trzeciak
- 出版商: Addison Wesley
- 出版日期: 2012-01-24
- 售價: $2,440
- 貴賓價: 9.8 折 $2,391
- 語言: 英文
- 頁數: 432
- 裝訂: Hardcover
- ISBN: 0321812573
- ISBN-13: 9780321812575
-
相關分類:
Penetration-test
立即出貨 (庫存=1)
買這商品的人也買了...
-
射擊遊戲演算法與程式原理$490$382 -
大話設計模式$620$490 -
ASP.NET 4.0 專題實務-使用 C#$750$593 -
24 小時不打烊的雲端服務-專家教你用 CentOS 架設萬年不掛的伺服器$680$530 -
.jpg)
電繪 魂。世界級遊戲原畫師的創作思維$650$514 -
App 程式設計入門-iPhone、iPad, 2/e$490$387 -
iOS 創意程式設計家─ iPhone + iPad 跨平台通用, 3/e$580$458 -
iOS SDK 開發範例大全 (The iOS 5 Developer's Cookbook: Core Concepts and Essential Recipes for iOS Programmers, 3/e)$850$672 -
$228模擬濾波器設計 -
Python 程式設計入門 (適用於 2.x 與 3.x 版)$620$484 -
完整學會 Git, GitHub, Git Server 的24堂課$360$284 -
網站擷取|使用 Python (Web Scraping with Python: Collecting Data from the Modern Web)$580$458 -
超圖解 Arduino 互動設計入門, 3/e$680$578 -
無瑕的程式碼-敏捷完整篇-物件導向原則、設計模式與 C# 實踐 (Agile principles, patterns, and practices in C#)$790$616 -
Effective SQL 中文版 | 寫出良好 SQL 的 61個具體做法 (Effective SQL : 61 Specific Ways to Write Better SQL)$450$356 -
TensorFlow + Keras 深度學習人工智慧實務應用$590$460 -
寫程式前就該懂的演算法 ─ 資料分析與程式設計人員必學的邏輯思考術 (Grokking Algorithms: An illustrated guide for programmers and other curious people)$390$308 -
認識資料科學的第一本書 (Data Analytics Made Accessible)$450$356 -
Python 初學特訓班 (增訂版) (附250分鐘影音教學/範例程式)$480$379 -
實戰 Google 深度學習技術:使用 TensorFlow$520$411 -
Deep Learning|用 Python 進行深度學習的基礎理論實作$580$458 -
看板實戰 : 用一張便利貼訓練出100分高效率工作團隊 (Kanban in Action)$560$476 -
Angular2 其實可以很簡單:實務範例教學$450$383 -
駭客退散!站長、網管一定要知道的網站漏洞診斷術$480$379 -
資安風險評估指南 (Network Security Assessment, 3/e)$780$616
相關主題
商品描述
Since 2001, the CERT® Insider Threat Center at Carnegie Mellon University’s Software Engineering Institute (SEI) has collected and analyzed information about more than seven hundred insider cyber crimes, ranging from national security espionage to theft of trade secrets. The CERT® Guide to Insider Threats describes CERT’s findings in practical terms, offering specific guidance and countermeasures that can be immediately applied by executives, managers, security officers, and operational staff within any private, government, or military organization.
The authors systematically address attacks by all types of malicious insiders, including current and former employees, contractors, business partners, outsourcers, and even cloud-computing vendors. They cover all major types of insider cyber crime: IT sabotage, intellectual property theft, and fraud. For each, they present a crime profile describing how the crime tends to evolve over time, as well as motivations, attack methods, organizational issues, and precursor warnings that could have helped the organization prevent the incident or detect it earlier. Beyond identifying crucial patterns of suspicious behavior, the authors present concrete defensive measures for protecting both systems and data.
This book also conveys the big picture of the insider threat problem over time: the complex interactions and unintended consequences of existing policies, practices, technology, insider mindsets, and organizational culture. Most important, it offers actionable recommendations for the entire organization, from executive management and board members to IT, data owners, HR, and legal departments.
With this book, you will find out how to
- Identify hidden signs of insider IT sabotage, theft of sensitive information, and fraud
- Recognize insider threats throughout the software development life cycle
- Use advanced threat controls to resist attacks by both technical and nontechnical insiders
- Increase the effectiveness of existing technical security tools by enhancing rules, configurations, and associated business processes
- Prepare for unusual insider attacks, including attacks linked to organized crime or the Internet underground
By implementing this book’s security practices, you will be incorporating protection mechanisms designed to resist the vast majority of malicious insider attacks.
商品描述(中文翻譯)
自2001年以來,卡內基梅隆大學軟體工程研究所(SEI)的CERT®內部威脅中心已經收集並分析了超過七百起內部網路犯罪的資訊,這些犯罪範圍從國家安全間諜活動到商業機密竊取。《CERT®內部威脅指南》以實用的方式描述了CERT的研究結果,提供了具體的指導和對策,這些可以立即被任何私營、政府或軍事組織的高層、管理者、安全官員和操作人員應用。
作者系統性地針對各類惡意內部人員的攻擊進行探討,包括現任和前任員工、承包商、商業夥伴、外包商,甚至雲端計算供應商。他們涵蓋了所有主要類型的內部網路犯罪:IT破壞、智慧財產權竊取和詐騙。對於每一種犯罪,他們提供了一個犯罪概況,描述了該犯罪隨時間演變的趨勢,以及動機、攻擊方法、組織問題和可能幫助組織預防事件或更早檢測的前兆警告。除了識別可疑行為的關鍵模式外,作者還提出了具體的防禦措施,以保護系統和數據。
本書還傳達了內部威脅問題隨時間演變的全貌:現有政策、實踐、技術、內部心態和組織文化之間的複雜互動和意想不到的後果。最重要的是,它為整個組織提供了可行的建議,從高層管理和董事會成員到IT、數據擁有者、人力資源和法律部門。
通過本書,您將了解如何:
- 識別內部IT破壞、敏感信息竊取和詐騙的隱藏跡象
- 在軟體開發生命週期中識別內部威脅
- 使用先進的威脅控制來抵禦技術和非技術內部人員的攻擊
- 通過增強規則、配置和相關業務流程來提高現有技術安全工具的有效性
- 為不尋常的內部攻擊做好準備,包括與有組織犯罪或網路地下世界相關的攻擊
通過實施本書的安全實踐,您將納入旨在抵禦絕大多數惡意內部攻擊的保護機制。
