Evidence-based cybersecurity : foundations, research, and practice /: foundations, research, and practice. (2022)
- Record Type:
- Book
- Title:
- Evidence-based cybersecurity : foundations, research, and practice /: foundations, research, and practice. (2022)
- Main Title:
- Evidence-based cybersecurity : foundations, research, and practice
- Further Information:
- Note: Pierre-Luc Pomerleau, David Maimon.
- Authors:
- Pomerleau, Pierre-Luc
Maimon, David, 1978- - Contents:
- Foreword xv About the authors xvii Acknowledgment xix 1 The case for an evidence-based approach to cybersecurity 1 The evidence-based approach 3 Evidence-based medicine 4 Evidence-based policing 5 Evidence-based learning 6 The case for evidence-based cybersecurity 7 References 9 2 Computers, computer networks, the Internet, and cybersecurity 11 Introduction: computers and computer networks 11 The open system interconnection (OSI) model and the communication process 13 The importance of cybersecurity 14 The cybersecurity ecosystem 16 Cybersecurity doctrines, practices, and policies 18 Current practices, tools, and policies to secure cyber infrastructures 23 References 25 3 Human behavior in cyberspace 29 Introduction: cybercrime and cyberspace 29 Four key actors within the cybercrime ecosystem 31 The offenders 31 The enablers 32 The victims 33 The guardians 33 Human behaviors as a central element of cybercrime 34 The human factor in the literature on cybercrime 36 A look inside the organization 37 Conclusion 39 References 39 4 Criminological, sociological, psychological, ethical, and biological models relevant to cybercrime and cybercriminals 43 Introduction 43 Criminological and sociological models relevant to cybercrime 43 The routine activity approach and the problem analysis triangle 44 Environmental criminology 45 Situational crime prevention 47 Anthropological criminology and ethnographic studies 48 Biosocial criminology 50 Psychology and cyberpsychology in theForeword xv About the authors xvii Acknowledgment xix 1 The case for an evidence-based approach to cybersecurity 1 The evidence-based approach 3 Evidence-based medicine 4 Evidence-based policing 5 Evidence-based learning 6 The case for evidence-based cybersecurity 7 References 9 2 Computers, computer networks, the Internet, and cybersecurity 11 Introduction: computers and computer networks 11 The open system interconnection (OSI) model and the communication process 13 The importance of cybersecurity 14 The cybersecurity ecosystem 16 Cybersecurity doctrines, practices, and policies 18 Current practices, tools, and policies to secure cyber infrastructures 23 References 25 3 Human behavior in cyberspace 29 Introduction: cybercrime and cyberspace 29 Four key actors within the cybercrime ecosystem 31 The offenders 31 The enablers 32 The victims 33 The guardians 33 Human behaviors as a central element of cybercrime 34 The human factor in the literature on cybercrime 36 A look inside the organization 37 Conclusion 39 References 39 4 Criminological, sociological, psychological, ethical, and biological models relevant to cybercrime and cybercriminals 43 Introduction 43 Criminological and sociological models relevant to cybercrime 43 The routine activity approach and the problem analysis triangle 44 Environmental criminology 45 Situational crime prevention 47 Anthropological criminology and ethnographic studies 48 Biosocial criminology 50 Psychology and cyberpsychology in the management of cybercrime 51 Cyberpsychology 52 Philosophical and ethical models 54 Hard determinism and crime 54 Compatibilism and crime 55 References 57 5 Science and cybersecurity 63 Introduction 63 The importance of quantitative, qualitative, and mixed research 64 Quantitative, qualitative, or mixed methods? 65 Science, theories, and facts 65 Science in cybersecurity 68 Case reports 70 The problems with surveys, benchmarks, and validation testing in cybersecurity 71 Surveys 71 Benchmarks 72 Validation testing 72 Research designs in cybersecurity 73 Fundamental observational and controlled research 73 Case-control 74 Simulations 75 Longitudinal research 75 The difference-in-differences research method 76 Time-series design 78 Field research 79 Conclusion 79 References 80 6 Network security and intrusion detection systems 85 Introduction 85 Network security and intrusion detection systems in cybersecurity 86 Intrusion detection system categories 87 Endpoint detection systems (EDSs) 89 Security information and event management (SIEM) systems 90 Data loss prevention (DLP) 91 Challenges in evaluating security tools 92 Surveys and think tanks reports 93 Intrusion-detection assessment metrics 94 The way forward in protecting the network from intrusions 95 Data science: data analytics, machine learning, and artificial intelligence 95 From a rule-based approach to data analytics 96 Machine learning and artificial intelligence 97 The use of honeypots in intrusion detection and network security 98 An evidence-based approach 101 Conclusion 101 Note 102 References 102 7 The Internet of Things (IoT), data security, and website security 109 Introduction 109 The IoT 110 What risks are associated with the IoT? 111 Online attacks against IoT 114 IoT architecture and protocol stack 115 IoT risk frameworks 116 IoT security tools and defense techniques for data security 117 Network intrusion detection systems (NIDSs) in an IoT environment 119 Metrics to measure effectiveness 120 Examples of IoT security empirical research designs 120 Website security 121 Web defacement 122 An example of evidence-based research design 124 Threat hunting: a proactive approach to mitigating risks to IoT, data security, and website security 125 Conclusion 126 References 127 8 Data privacy, training, and awareness and cybersecurity frameworks 133 Introduction 133 Data privacy 133 Digital risks 134 Data breaches 135 Cybersecurity governance 135 Information security control frameworks 137 ISO 27001 and 27002 137 NIST 138 Laws, regulations, and industry standards 139 The General Data Protection Regulation (GDPR) 139 PCI DSS – payment card industry 139 HIPAA – health-related information 140 New York Department of Financial Services (NYDFS) cybersecurity regulations 140 Cybersecurity training and awareness 141 Games and gamification 142 Assessment tools 144 The Federal Financial Institution Examination Council (FFIEC) cybersecurity assessment tool 144 Research methods to evaluate cybersecurity awareness tools 145 Additional practical tools 145 Targeted audit and penetration testing 145 Surveys and executive workshops 146 Risk assessment 146 Impact and probability levels to assess risks 147 Relevant conceptual and research designs 148 Other examples of related work 150 Conclusion 151 Notes 152 References 152 9 Risk and threat intelligence: The effectiveness of online threat intelligence in guiding financial institutions’ incident response to online banking account takeovers 159 Introduction 159 Background 160 Bank ATO and financial institutions response 160 Situational crime prevention 161 Denying benefits as a proactive incident response to ATO incidents 162 Threat intelligence and responding to ATO incidents 166 The current study 167 Data and methods 168 Results 169 How prevalent is information on breached bank accounts on text message applications? 169 How much of the information posted on the dark web or … (more)
- Edition:
- 1st
- Publisher Details:
- Boca Raton : CRC Press
- Publication Date:
- 2022
- Extent:
- 1 online resource, illustrations (black and white)
- Subjects:
- 005.8
Computer security
Computer crimes -- Prevention - Languages:
- English
- ISBNs:
- 9781000600933
9781000600872
9781003201519 - Related ISBNs:
- 9781032062761
- Notes:
- Note: Includes bibliographical references and index.
Note: Description based on CIP data; resource not viewed. - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.697024
- Ingest File:
- 12_030.xml