Cybersecurity First Principles: A Reboot of Strategy and Tactics (Paperback)

The first expert discussion of the foundations of cybersecurity

In Cybersecurity First Principles, Rick Howard, the Chief Security Officer, Chief Analyst, and Senior fellow at The Cyberwire, challenges the conventional wisdom of current cybersecurity best practices, strategy, and tactics and makes the case that the profession needs to get back to first principles. The author convincingly lays out the arguments for the absolute cybersecurity first principle and then discusses the strategies and tactics required to achieve it.

In the book, you'll explore:

• Infosec history from the 1960s until the early 2020s and why it has largely failed
• What the infosec community should be trying to achieve instead
• The arguments for the absolute and atomic cybersecurity first principle
• The strategies and tactics to adopt that will have the greatest impact in pursuing the ultimate first principle
• Case studies through a first principle lens of the 2015 OPM hack, the 2016 DNC Hack, the 2019 Colonial Pipeline hack, and the Netflix Chaos Monkey resilience program
• A top to bottom explanation of how to calculate cyber risk for two different kinds of companies

This book is perfect for cybersecurity professionals at all levels: business executives and senior security professionals, mid-level practitioner veterans, newbies coming out of school as well as career-changers seeking better career opportunities, teachers, and students.

《網路安全首要原則》是第一本專注於網路安全基礎的專家討論。作者Rick Howard是The Cyberwire的首席安全官、首席分析師和高級研究員，他挑戰了當前網路安全最佳實踐、策略和戰術的常識，並提出了專業需要回歸首要原則的觀點。作者有力地陳述了絕對網路安全首要原則的論點，並討論了實現該原則所需的策略和戰術。

在這本書中，你將探索以下內容：
- 從1960年代到2020年代初的資訊安全歷史，以及為何它在很大程度上失敗了
- 資訊安全社群應該努力實現的目標
- 絕對和原子網路安全首要原則的論點
- 採取的策略和戰術，對追求最終首要原則具有最大影響力
- 通過首要原則的角度研究2015年OPM駭客事件、2016年DNC駭客事件、2019年Colonial Pipeline駭客事件和Netflix Chaos Monkey彈性計劃的案例研究
- 如何計算兩種不同公司的網路風險的從頭到尾解釋

這本書非常適合各級網路安全專業人士閱讀，包括企業高管和高級安全專業人員、中級從業者、剛從學校畢業的新手以及尋求更好職業機會的轉行者、教師和學生。