The following originally appeared on SC Magazine UK, contributed by Paul Ponzeka, CTO at Abacus Group.
Fact and fiction - a summer reading list for pros and others interested in cyber-security to help enlighten, educate and entertain, and while they may be from a US perspective, the lessons are international.
Often, fact is stranger than fiction. Cyber-security professionals know that for sure. So, for a summer reading list pros and others interested in cyber-security may be interested in these books to help enlighten, educate and entertain, and while they may be from a US perspective, the lessons are international.
By Richard A. Clarke and Robert Knake
International security experts—Clarke from the nuclear generation and Knake from the cyber-generation—ponder the irony that although the US pioneered the technology behind cyber-warfare, outdated thinking, policies, and strategies make it vulnerable to losing any cyber-contest with a hostile nation. In this chilling and eye-opening book, Clarke and Knake provide a highly detailed yet accessible look at how cyber-warfare is being waged and the need for the US to rethink its national security to face this new threat.
By Marcia RT Pistorious
Cloud computing has appeared in many small forms and now it is emerging as a huge solution to the problem of the fast changing and increasingly cyber-world in which we live and work. In this book, cloud computing and cyber-security is described in a way that covers all sizes and implementations of businesses involved in using this method of computing.
By Kate Fazzini
Kingdom of Lies follows the intertwined stories of cyber-criminals and ethical hackers as they jump from criminal trend to criminal trend, crisis to crisis. A cyber-security professional turned journalist, Kate Fazzini illuminates the many lies companies and governments tell us about our security, the lies criminals tell to get ahead, and the lies security leaders tell to make us think they are better at their jobs than they are.
The four pillars of endpoint security: Safeguarding your network in the age of cloud computing and the Bring-Your-Own-Device trend
By Dan Griffin
Security is an advantage: the Bring-Your-Own-Device (BYOD) trend in enterprise IT has caused users to expect anywhere/anytime access to sensitive data, from any mobile device. But IT managers are nervous about serving sensitive corporate data to devices that lack sophisticated security controls. By applying the Four pillars of endpoint security, businesses can stay competitive and operate without interruption, which leads to higher productivity and business velocity.
by Kevin D Mitnick, William L Simon, Steve Wozniak
Kevin Mitnick was the most elusive computer break-in artist in history. He accessed computers and networks at the world's biggest companies, and however fast the authorities were, Mitnick was faster, sprinting through phone switches, computer systems, and cellular networks. He spent years skipping through cyber-space, always three steps ahead and labeled unstoppable. Ghost in the wires is a thrilling true story of intrigue, suspense, and unbelievable escape, and a portrait of a visionary whose creativity, skills, and persistence forced the authorities to rethink the way they pursued him, inspiring ripples that brought permanent changes in the way people and companies protect their most sensitive information.
By PW Singer
In Cybersecurity and CyberWar: What everyone needs to know®, New York Times best-selling author PW Singer and noted cyber expert Allan Friedman team up to provide the kind of easy-to-read, yet deeply informative resource book that has been missing on this crucial issue of 21st century life. Written in a lively, accessible style, filled with engaging stories and illustrative anecdotes, the book is structured around the key question areas of cyber-space and its security: how it all works, why it all matters, and what can we do?
Along the way, they take readers on a tour of the important (and entertaining) issues and characters of cyber-security, from the "Anonymous" hacker group and the Stuxnet computer virus to the new cyber-units of the Chinese and US militaries.
By David E Sanger
The Perfect Weapon is the startling inside story of how the rise of cyber-weapons transformed geopolitics like nothing since the invention of the atomic bomb. Cheap to acquire, easy to deny, and usable for a variety of malicious purposes—from crippling infrastructure to sowing discord and doubt—cyber is now the weapon of choice for democracies, dictators, and terrorists.
By Nick Bilton
In 2011, a twenty-six-year-old libertarian programmer named Ross Ulbricht launched the ultimate free market: the Silk Road, a clandestine Web site hosted on the Dark Web where anyone could trade anything—drugs, hacking software, forged passports, counterfeit cash, poisons—free of the government’s watchful eye.
Drawing on exclusive access to key players and two billion digital words and images Ross left behind, Vanity Fair correspondent and New York Times bestselling author Nick Bilton offers a tale filled with twists and turns, lucky breaks and unbelievable close calls. It’s a story of the boy next door’s ambition gone criminal, spurred on by the clash between the new world of libertarian-leaning, anonymous, decentralised Web advocates and the old world of government control, order, and the rule of law. Filled with unforgettable characters and capped by an astonishing climax, American Kingpin might be dismissed as too outrageous for fiction. But it’s all too real.
By Kevin Mitnick
Focusing on the human factors involved with information security, Mitnick explains why all the firewalls and encryption protocols in the world will never be enough to stop a savvy grifter intent on rifling a corporate database or an irate employee determined to crash a system. With the help of many fascinating true stories of successful attacks on business and government, he illustrates just how susceptible even the most locked-down information systems are to a slick con artist impersonating an IRS (US tax system) agent. Mitnick offers advice for preventing these types of social engineering hacks through security protocols, training programmes, and manuals that address the human element of security.