| Preface | p. xi |
| Psychological Security Traps | p. 1 |
| Learned Helplessness and Naïveté | p. 2 |
| Confirmation Traps | p. 10 |
| Functional Fixation | p. 14 |
| Summary | p. 20 |
| Wireless Networking: Fertile Ground for Social Engineering | p. 21 |
| Easy Money | p. 22 |
| Wireless Gone Wild | p. 28 |
| Still, Wireless is the Future | p. 31 |
| Beautiful Security Metrics | p. 33 |
| Security Metrics by Analogy: Health | p. 34 |
| Security Metrics by Example | p. 38 |
| Summary | p. 60 |
| The Underground Economy of Security Breaches | p. 63 |
| The Makeup and Infrastructure of the Cyber Underground | p. 64 |
| The Payoff | p. 66 |
| How Can We Combat This Growing Underground Economy? | p. 71 |
| Summary | p. 72 |
| Beautiful Trade: Rethinking E-Commerce Security | p. 73 |
| Deconstructing Commerce | p. 74 |
| Weak Amelioration Attempts | p. 76 |
| E-Commerce Redone: A New Security Model | p. 83 |
| The New Model | p. 86 |
| Securing Online Advertising: Rustlers and sheriffs in The New Wild West | p. 89 |
| Attacks on Users | p. 89 |
| Advertisers As Victims | p. 98 |
| Creating Accountability in Online Advertising | p. 105 |
| The Evolution of PGP's Web of Trust | p. 107 |
| PGP and OpenPGP | p. 108 |
| Trust, Validity, and Authority | p. 108 |
| PGP and Crypto History | p. 116 |
| Enhancements to the Original Web of Trust Model | p. 120 |
| Interesting Areas for Further Research | p. 128 |
| References | p. 129 |
| Open Source Honeyclient: Proactive Detection of Client-Side Exploits | p. 131 |
| Enter Honeyclients | p. 133 |
| Introducing the World's First Open Source Honeyclient | p. 133 |
| Second-Generation Honeyclients | p. 135 |
| Honeyclient Operational Results | p. 139 |
| Analysis of Exploits | p. 141 |
| Limitations of the Current Honeyclient Implementation | p. 143 |
| Related Work | p. 144 |
| The Future of Honeyclients | p. 146 |
| Tomorrow's Security Cogs and Levers | p. 147 |
| Cloud Computing and Web Services: The Single Machine Is Here | p. 150 |
| Connecting People, Process, and Technology: The Potential for Business Process Management | p. 154 |
| Social Networking: When People Start Communicating, Big Things Change | p. 158 |
| Information Security Economics: Supercrunching and the New Rules of the Grid | p. 162 |
| Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All | p. 165 |
| Conclusion | p. 168 |
| Acknowledgments | p. 169 |
| Security By Design | p. 171 |
| Metrics with No Meaning | p. 172 |
| Time to Market or Time to Quality? | p. 174 |
| How a Disciplined System Development Lifecycle Can Help | p. 178 |
| Conclusion: Beautiful Security Is an Attribute of Beautiful Systems | p. 181 |
| Forcing Firms to Focus: Is Secure Software in Your Future? | p. 183 |
| Implicit Requirements Can Still Be Powerful | p. 184 |
| How One Firm Came to Demand Secure Software | p. 185 |
| Enforcing Security in Off-the-Shelf Software | p. 190 |
| Analysis: How to Make the World's Software More Secure | p. 193 |
| Oh No, Here Come The Infosecurity Lawyers! | p. 199 |
| Culture | p. 200 |
| Balance | p. 202 |
| Communication | p. 207 |
| Doing the Right Thing | p. 211 |
| Beautiful Log Handling | p. 213 |
| Logs in Security Laws and Standards | p. 213 |
| Focus on Logs | p. 214 |
| When Logs Are Invaluable | p. 215 |
| Challenges with Logs | p. 216 |
| Case Study: Behind a Trashed Server | p. 218 |
| Future Logging | p. 221 |
| Conclusions | p. 223 |
| Incident Detection: Finding The Other 68% | p. 225 |
| A Common Starting Point | p. 226 |
| Improving Detection with Context | p. 228 |
| Improving Perspective with Host Logging | p. 232 |
| Summary | p. 237 |
| Doing Real Work Without Real Data | p. 239 |
| How Data Translucency Works | p. 240 |
| A Real-Life Example | p. 243 |
| Personal Data Stored As a Convenience | p. 244 |
| Trade-offs | p. 244 |
| Going Deeper | p. 245 |
| References | p. 246 |
| Casting Spells: PC Security Theater | p. 247 |
| Growing Attacks, Defenses in Retreat | p. 248 |
| The Illusion Revealed | p. 252 |
| Better Practices for Desktop Security | p. 257 |
| Conclusion | p. 258 |
| Contributors | p. 259 |
| Index | p. 269 |
| Table of Contents provided by Ingram. All Rights Reserved. |
