Data Breach Aftermath and Recovery for Individuals and Institutions


Book Description

In January 2016, the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Data Breach Aftermath and Recovery for Individuals and Institutions. Participants examined existing technical and policy remediations, and they discussed possible new mechanisms for better protecting and helping consumers in the wake of a breach. Speakers were asked to focus on data breach aftermath and recovery and to discuss ways to remediate harms from breaches. This publication summarizes the presentations and discussions from the workshop.




Effective Model-Based Systems Engineering


Book Description

This textbook presents a proven, mature Model-Based Systems Engineering (MBSE) methodology that has delivered success in a wide range of system and enterprise programs. The authors introduce MBSE as the state of the practice in the vital Systems Engineering discipline that manages complexity and integrates technologies and design approaches to achieve effective, affordable, and balanced system solutions to the needs of a customer organization and its personnel. The book begins with a summary of the background and nature of MBSE. It summarizes the theory behind Object-Oriented Design applied to complex system architectures. It then walks through the phases of the MBSE methodology, using system examples to illustrate key points. Subsequent chapters broaden the application of MBSE in Service-Oriented Architectures (SOA), real-time systems, cybersecurity, networked enterprises, system simulations, and prototyping. The vital subject of system and architecture governance completes the discussion. The book features exercises at the end of each chapter intended to help readers/students focus on key points, as well as extensive appendices that furnish additional detail in particular areas. The self-contained text is ideal for students in a range of courses in systems architecture and MBSE as well as for practitioners seeking a highly practical presentation of MBSE principles and techniques.




Recoverability as a First-Class Security Objective


Book Description

The Forum on Cyber Resilience of the National Academies of Sciences, Engineering, and Medicine hosted the Workshop on Recoverability as a First-Class Security Objective on February 8, 2018, in Washington, D.C. The workshop featured presentations from several experts in industry, research, and government roles who spoke about the complex facets of recoverabilityâ€"that is, the ability to restore normal operations and security in a system affected by software or hardware failure or a deliberate attack. This publication summarizes the presentations and discussions from the workshop.




Guide to Protecting the Confidentiality of Personally Identifiable Information


Book Description

The escalation of security breaches involving personally identifiable information (PII) has contributed to the loss of millions of records over the past few years. Breaches involving PII are hazardous to both individuals and org. Individual harms may include identity theft, embarrassment, or blackmail. Organ. harms may include a loss of public trust, legal liability, or remediation costs. To protect the confidentiality of PII, org. should use a risk-based approach. This report provides guidelines for a risk-based approach to protecting the confidentiality of PII. The recommend. here are intended primarily for U.S. Fed. gov¿t. agencies and those who conduct business on behalf of the agencies, but other org. may find portions of the publication useful.




Software Update as a Mechanism for Resilience and Security


Book Description

Software update is an important mechanism by which security changes and improvements are made in software, and this seemingly simple concept encompasses a wide variety of practices, mechanisms, policies, and technologies. To explore the landscape further, the Forum on Cyber Resilience hosted a workshop featuring invited speakers from government, the private sector, and academia. This publication summarizes the presentations and discussions from the workshop.




The Ethics of Information Technology and Business


Book Description

This is the first study of business ethics to take into consideration the plethora of issues raised by the Information Age. The first study of business ethics to take into consideration the plethora of issues raised by the Information Age. Explores a wide range of topics including marketing, privacy, and the protection of personal information; employees and communication privacy; intellectual property issues; the ethical issues of e-business; Internet-related business ethics problems; and the ethical dimension of information technology on society. Uncovers previous ignored ethical issues. Underlines the need for public discussion of the issues. Argues that computers and information technology have not necessarily developed in the most ethical manner possible.




Asset Recovery Handbook


Book Description

Developing countries lose billions each year through bribery, misappropriation of funds, and other corrupt practices. Much of the proceeds of this corruption find 'safe haven' in the world's financial centers. These criminal flows are a drain on social services and economic development programs, contributing to the impoverishment of the world's poorest countries. Many developing countries have already sought to recover stolen assets. A number of successful high-profile cases with creative international cooperation has demonstrated that asset recovery is possible. However, it is highly complex, involving coordination and collaboration with domestic agencies and ministries in multiple jurisdictions, as well as the capacity to trace and secure assets and pursue various legal options—whether criminal confiscation, non-conviction based confiscation, civil actions, or other alternatives. This process can be overwhelming for even the most experienced practitioners. It is exceptionally difficult for those working in the context of failed states, widespread corruption, or limited resources. With this in mind, the Stolen Asset Recovery (StAR) Initiative has developed and updated this Asset Recovery Handbook: A Guide for Practitioners to assist those grappling with the strategic, organizational, investigative, and legal challenges of recovering stolen assets. A practitioner-led project, the Handbook provides common approaches to recovering stolen assets located in foreign jurisdictions, identifies the challenges that practitioners are likely to encounter, and introduces good practices. It includes examples of tools that can be used by practitioners, such as sample intelligence reports, applications for court orders, and mutual legal assistance requests. StAR—the Stolen Asset Recovery Initiative—is a partnership between the World Bank Group and the United Nations Office on Drugs and Crime that supports international efforts to end safe havens for corrupt funds. StAR works with developing countries and financial centers to prevent the laundering of the proceeds of corruption and to facilitate more systematic and timely return of stolen assets.




Data Breach Preparation and Response


Book Description

Data Breach Preparation and Response: Breaches are Certain, Impact is Not is the first book to provide 360 degree visibility and guidance on how to proactively prepare for and manage a data breach and limit impact. Data breaches are inevitable incidents that can disrupt business operations and carry severe reputational and financial impact, making them one of the largest risks facing organizations today. The effects of a breach can be felt across multiple departments within an organization, who will each play a role in effectively managing the breach. Kevvie Fowler has assembled a team of leading forensics, security, privacy, legal, public relations and cyber insurance experts to create the definitive breach management reference for the whole organization. - Discusses the cyber criminals behind data breaches and the underground dark web forums they use to trade and sell stolen data - Features never-before published techniques to qualify and discount a suspected breach or to verify and precisely scope a confirmed breach - Helps identify your sensitive data, and the commonly overlooked data sets that, if stolen, can result in a material breach - Defines breach response plan requirements and describes how to develop a plan tailored for effectiveness within your organization - Explains strategies for proactively self-detecting a breach and simplifying a response - Covers critical first-responder steps and breach management practices, including containing a breach and getting the scope right, the first time - Shows how to leverage threat intelligence to improve breach response and management effectiveness - Offers guidance on how to manage internal and external breach communications, restore trust, and resume business operations after a breach, including the critical steps after the breach to reduce breach-related litigation and regulatory fines - Illustrates how to define your cyber-defensible position to improve data protection and demonstrate proper due diligence practices




Threat Forecasting


Book Description

Drawing upon years of practical experience and using numerous examples and illustrative case studies, Threat Forecasting: Leveraging Big Data for Predictive Analysis discusses important topics, including the danger of using historic data as the basis for predicting future breaches, how to use security intelligence as a tool to develop threat forecasting techniques, and how to use threat data visualization techniques and threat simulation tools. Readers will gain valuable security insights into unstructured big data, along with tactics on how to use the data to their advantage to reduce risk. - Presents case studies and actual data to demonstrate threat data visualization techniques and threat simulation tools - Explores the usage of kill chain modelling to inform actionable security intelligence - Demonstrates a methodology that can be used to create a full threat forecast analysis for enterprise networks of any size




The Hacked World Order


Book Description

For more than three hundred years, the world wrestled with conflicts that arose between nation-states. Nation-states wielded military force, financial pressure, and diplomatic persuasion to create "world order." Even after the end of the Cold War, the elements comprising world order remained essentially unchanged. But 2012 marked a transformation in geopolitics and the tactics of both the established powers and smaller entities looking to challenge the international community. That year, the US government revealed its involvement in Operation "Olympic Games," a mission aimed at disrupting the Iranian nuclear program through cyberattacks; Russia and China conducted massive cyber-espionage operations; and the world split over the governance of the Internet. Cyberspace became a battlefield. Cyber conflict is hard to track, often delivered by proxies, and has outcomes that are hard to gauge. It demands that the rules of engagement be completely reworked and all the old niceties of diplomacy be recast. Many of the critical resources of statecraft are now in the hands of the private sector, giant technology companies in particular. In this new world order, cybersecurity expert Adam Segal reveals, power has been well and truly hacked.