Preface | p. xi |
Psychological Security Traps | p. 1 |
Learned Helplessness and Naïveté | p. 2 |
Confirmation Traps | p. 10 |
Functional Fixation | p. 14 |
Summary | p. 20 |
Wireless Networking: Fertile Ground for Social Engineering | p. 21 |
Easy Money | p. 22 |
Wireless Gone Wild | p. 28 |
Still, Wireless is the Future | p. 31 |
Beautiful Security Metrics | p. 33 |
Security Metrics by Analogy: Health | p. 34 |
Security Metrics by Example | p. 38 |
Summary | p. 60 |
The Underground Economy of Security Breaches | p. 63 |
The Makeup and Infrastructure of the Cyber Underground | p. 64 |
The Payoff | p. 66 |
How Can We Combat This Growing Underground Economy? | p. 71 |
Summary | p. 72 |
Beautiful Trade: Rethinking E-Commerce Security | p. 73 |
Deconstructing Commerce | p. 74 |
Weak Amelioration Attempts | p. 76 |
E-Commerce Redone: A New Security Model | p. 83 |
The New Model | p. 86 |
Securing Online Advertising: Rustlers and sheriffs in The New Wild West | p. 89 |
Attacks on Users | p. 89 |
Advertisers As Victims | p. 98 |
Creating Accountability in Online Advertising | p. 105 |
The Evolution of PGP's Web of Trust | p. 107 |
PGP and OpenPGP | p. 108 |
Trust, Validity, and Authority | p. 108 |
PGP and Crypto History | p. 116 |
Enhancements to the Original Web of Trust Model | p. 120 |
Interesting Areas for Further Research | p. 128 |
References | p. 129 |
Open Source Honeyclient: Proactive Detection of Client-Side Exploits | p. 131 |
Enter Honeyclients | p. 133 |
Introducing the World's First Open Source Honeyclient | p. 133 |
Second-Generation Honeyclients | p. 135 |
Honeyclient Operational Results | p. 139 |
Analysis of Exploits | p. 141 |
Limitations of the Current Honeyclient Implementation | p. 143 |
Related Work | p. 144 |
The Future of Honeyclients | p. 146 |
Tomorrow's Security Cogs and Levers | p. 147 |
Cloud Computing and Web Services: The Single Machine Is Here | p. 150 |
Connecting People, Process, and Technology: The Potential for Business Process Management | p. 154 |
Social Networking: When People Start Communicating, Big Things Change | p. 158 |
Information Security Economics: Supercrunching and the New Rules of the Grid | p. 162 |
Platforms of the Long-Tail Variety: Why the Future Will Be Different for Us All | p. 165 |
Conclusion | p. 168 |
Acknowledgments | p. 169 |
Security By Design | p. 171 |
Metrics with No Meaning | p. 172 |
Time to Market or Time to Quality? | p. 174 |
How a Disciplined System Development Lifecycle Can Help | p. 178 |
Conclusion: Beautiful Security Is an Attribute of Beautiful Systems | p. 181 |
Forcing Firms to Focus: Is Secure Software in Your Future? | p. 183 |
Implicit Requirements Can Still Be Powerful | p. 184 |
How One Firm Came to Demand Secure Software | p. 185 |
Enforcing Security in Off-the-Shelf Software | p. 190 |
Analysis: How to Make the World's Software More Secure | p. 193 |
Oh No, Here Come The Infosecurity Lawyers! | p. 199 |
Culture | p. 200 |
Balance | p. 202 |
Communication | p. 207 |
Doing the Right Thing | p. 211 |
Beautiful Log Handling | p. 213 |
Logs in Security Laws and Standards | p. 213 |
Focus on Logs | p. 214 |
When Logs Are Invaluable | p. 215 |
Challenges with Logs | p. 216 |
Case Study: Behind a Trashed Server | p. 218 |
Future Logging | p. 221 |
Conclusions | p. 223 |
Incident Detection: Finding The Other 68% | p. 225 |
A Common Starting Point | p. 226 |
Improving Detection with Context | p. 228 |
Improving Perspective with Host Logging | p. 232 |
Summary | p. 237 |
Doing Real Work Without Real Data | p. 239 |
How Data Translucency Works | p. 240 |
A Real-Life Example | p. 243 |
Personal Data Stored As a Convenience | p. 244 |
Trade-offs | p. 244 |
Going Deeper | p. 245 |
References | p. 246 |
Casting Spells: PC Security Theater | p. 247 |
Growing Attacks, Defenses in Retreat | p. 248 |
The Illusion Revealed | p. 252 |
Better Practices for Desktop Security | p. 257 |
Conclusion | p. 258 |
Contributors | p. 259 |
Index | p. 269 |
Table of Contents provided by Ingram. All Rights Reserved. |