The field of cybersecurity and cybercrime is a critical and rapidly evolving area of study. As our society becomes more and more reliant on technology, the risks of cybercrime increase. This book provides a comprehensive introduction to the field, covering both cybercrime and cybersecurity. The book starts by providing an overview of common threats and the risk management view of cybercrime. It explores the different types of threats, such as hacking, malware, phishing, and social engineering, and the various ways in which they can impact individuals, businesses, and society at large. It also introduces the concept of risk management and the different approaches that can be used to manage cyber risks, such as risk avoidance, mitigation, transfer, and acceptance. From there, the book delves into the three key areas of cybersecurity: people, process, and technology. It explores the role of people in cybersecurity, including staffing, psychological profiling, role sensitivity, awareness, training, and education. It also examines the importance of process, including strategy and governance, policy, configuration management, and physical security. Finally, the book explores the critical role of technology, including system security, identification and authentication, authorisation and access control, and cryptography. The book is designed to be accessible to a wide range of readers, from first-year students studying cybercrime and cybersecurity for the first time to seasoned professionals who need to better understand the purpose of cybersecurity programmes and controls. It is written in a clear and concise manner, with each chapter building on the previous one to provide a comprehensive overview of the field. Overall, this book is an essential resource for anyone interested in the field of cybersecurity and cybercrime. It provides a critical introduction to the key concepts, theories, and practices in the field, and is sure to be a valuable reference for years to come.
Author(s): Paul A. Watters
Edition: 1
Publisher: Routledge | Taylor & Francis Group
Year: 2024
Language: English
Commentary: TruePDF
Pages: 183
Tags: Computer Crimes; Computer Security
Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Foreword
Preface
Acknowledgements
About the Author
1 Introduction
Confidentiality
Integrity
Availability
Conclusion
Notes
2 Risk Management
Risk Assessment Scope
Analysing Data
Risk Mitigation Or Acceptance?
Case Study: Which Country Is Most Likely to Attack?
Conclusion
Notes
3 Threats
Mistakes
Stealing and Fraud
Employee Sabotage
Supporting Infrastructure Loss
Hacking
Espionage (Commercial and Government)
Malicious Code (Malware)
Scams
Case Study: Data Loss in the British Government
Conclusion
Notes
4 Organisational Responses
The Cybersecurity Strategy
Policy
Organisational Policy
Issue-Specific Policy
Entity-Specific Policy
Roles and Responsibilities
Management
Planning
Accreditation
Assurance
Design Assurance
Operational Assurance
Insurance
Case Study: Monitoring the Underground Economy
Conclusion
Notes
5 Operational Security: Users
Staffing
Separation of Duties
Least Privilege
Role Sensitivity
User Compliance
Fraud Detection
Termination
Managing Users
Internet-Facing Systems
Bring Your Own Device (BYOD)
Psychological Factors
Cognition
Emotion (Mood)
Motivation
Learning
Modifying User Behaviour
Awareness
Training
Education
Case Study: A Non-Associative Model of Phishing
Conclusion
Notes
6 Operational Security: Systems
Physical Security
Conclusion
Notes
7 Operational Security: Threat Response
Situational Crime Prevention
Incident Response
Disaster Response
Conclusion
Notes
8 Technical Responses: Securing Systems
Identification and Authentication
Something You Know
Something You Have
Something You Are
Authorisation and Access Control
Cryptography
Symmetric Ciphers
Steganography
Antivirus
Conclusion
Notes
9 Technical Responses: Forensics
Conclusion
Notes
10 Technical Responses: Penetration Testing
Breaking Into Your Own Network
Breaking Your Own Applications
Conclusion
Notes
11 Regulatory and Legal Responses
Expert Juries
How Specialised Is Computer Technology?
How Extensive Is the Core Body of Knowledge in Computing?
What About Specialisations Like Computer Forensics?
How Should Expert Juries Be Selected?
Why Can’t We Just Have Expert Witnesses?
What Has Been the International Experience?
Conclusion
12 Honeypots and Deception
Child Exploitation as a Cybercrime
Technical Mechanisms for Warning Message Delivery
The Classic Case
The Broader Case
Legal Issues
Conclusion
Notes
Index
