Cybersecurity Myths and Misconceptions : Avoiding the Hazards and Pitfalls that Derail Us - Eugene H. Spafford

Cybersecurity Myths and Misconceptions

Avoiding the Hazards and Pitfalls that Derail Us

By: Eugene H. Spafford, Leigh Metcalf, Josiah Dykstra

Paperback | 2 March 2023 | Edition Number 1

At a Glance

Paperback


$73.25

or 4 interest-free payments of $18.31 with

 or 

Aims to ship in 10 to 15 business days

175+ Cybersecurity Misconceptions and the Myth-Busting Skills You Need to Correct Them

Elected into the Cybersecurity Canon Hall of Fame

Cybersecurity is fraught with hidden and unsuspected dangers and difficulties. Despite our best intentions, there are common and avoidable mistakes that arise from folk wisdom, faulty assumptions about the world, and our own human biases. Cybersecurity implementations, investigations, and research all suffer as a result. Many of the bad practices sound logical, especially to people new to the field of cybersecurity, and that means they get adopted and repeated despite not being correct. For instance, why isn't the user the weakest link?

In Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us, three cybersecurity pioneers don't just deliver the first comprehensive collection of falsehoods that derail security from the frontlines to the boardroom; they offer expert practical advice for avoiding or overcoming each myth.

Whatever your cybersecurity role or experience, Eugene H. Spafford, Leigh Metcalf, and Josiah Dykstra will help you surface hidden dangers, prevent avoidable errors, eliminate faulty assumptions, and resist deeply human cognitive biases that compromise prevention, investigation, and research. Throughout the book, you'll find examples drawn from actual cybersecurity events, detailed techniques for recognizing and overcoming security fallacies, and recommended mitigations for building more secure products and businesses.

  • Read over 175 common misconceptions held by users, leaders, and cybersecurity professionals, along with tips for how to avoid them.
  • Learn the pros and cons of analogies, misconceptions about security tools, and pitfalls of faulty assumptions. What really is the weakest link? When aren't "best practices" best?
  • Discover how others understand cybersecurity and improve the effectiveness of cybersecurity decisions as a user, a developer, a researcher, or a leader.
  • Get a high-level exposure to why statistics and figures may mislead as well as enlighten.
  • Develop skills to identify new myths as they emerge, strategies to avoid future pitfalls, and techniques to help mitigate them.

"You are made to feel as if you would never fall for this and somehow this makes each case all the more memorable. . . . Read the book, laugh at the right places, and put your learning to work. You won't regret it."
--From the Foreword by Vint Cerf, Internet Hall of Fame Pioneer

Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

Industry Reviews

"Many security leaders are traditionally in charge of correcting misconceptions just as much as they are in charge of building up solid security practices. We have plenty of resources on practices--but this book is the crucial guide to that essential myth busting."
--Phil Venables, CISO, Google Cloud

"I'm writing this on my phone, over Wi-Fi, in an airplane on my way to Black Hat, one of the world's largest security conferences. The fact that I'm able to do this at all shows how much we've really learned about cybersecurity over the decades. Now it's all collected in one place for everyone to share. Thank the wise authors, and most importantly: GET OFF THEIR LAWN."
--Wendy Nather, Head of Advisory CISOs, Cisco

"This book is astounding. A true tour de force--which I have never said about any other book. Inverting the viewpoint is a stroke of genius. This is going to be on my grabbable-at-any-time shelf. What I learned, recalled, and was refreshed on with technically astute agnosticism cannot be measured; just appreciated as a profound historical compilation of security practice and theory. Bravo!"
--Winn Schwartaul, Founder and Chief Visionary Officer, The Security Awareness Company

"I am happy to endorse the central idea of this book--that cybersecurity is rife with myths that are themselves part of the problem. The brain wants to understand, the world grows ever more complicated, and the sum of the two is myth-making. As the authors say, even if some understanding is true at some time, with enough change what was true becomes a myth soon enough. As such, an acquired immunity to myths is a valuable skill for the cybersecurity practitioner if no other. The paramount goal of all security engineering is No Silent Failure, but myths perpetuate if not create silent failure. Why? Because a state of security is the absence of unmitigable surprise and you cannot mitigate what you don't know is going on. Myths blind us to reality. Ignorance of them is not bliss. This book is a vaccine."
--Dan Geer, CISO, In-Q-Tel

"This is a fun read for all levels. I like their rapid fire delivery and the general light they cast on so many diverse myths. This book will change the cybersecurity industry for the better."
--Michael Sikorski, Author of Practical Malware Analysis & CTO, Unit 42 at Palo Alto Networks

More in Network Security

Cybercrime : An Encyclopedia of Digital Crime - Nancy E. Marion

RRP $59.99

$49.25

18%
OFF
Cybersecurity All-in-One For Dummies : For Dummies - Joseph Steinberg
Information Modeling and Relational Databases : 2nd Edition - Terry Halpin
Cybersecurity For Dummies : 2nd edition - Joseph Steinberg

RRP $52.95

$34.75

34%
OFF
Cyber Wars : Hacks that Shocked the Business World - Charles Arthur

BLACK FRIDAY

Network Security Assessment : Know Your Network : 3rd Edition - Chris Mcnab
Inside Cyber Warfare : Mapping the Cyber Underworld - Jeffrey Caruso

RRP $106.50

$47.75

55%
OFF