Discover millions of ebooks, audiobooks, and so much more with a free trial

From $11.99/month after trial. Cancel anytime.

The Little Book of Cybersecurity
The Little Book of Cybersecurity
The Little Book of Cybersecurity
Ebook369 pages5 hours

The Little Book of Cybersecurity

Rating: 0 out of 5 stars

()

Read preview

About this ebook

Many people believe that cybersecurity is a complicated and complex subject that involves computer security, information assurance, comprehensive infrastructure protection, commercial integrity, and ubiquitous personal interaction. The concepts apply to information, computers, networks, and other elements of coordination, cooperation, and control and involve government, business, education, and the day-to-day lives of private individuals.
The concerns normally involve the Internet as a communication facility - hence the name Cybersecurity. Achieving and maintaining cybersecurity is a never-ending process, much like national security, bank security, and so forth, so it is important to know the essential foundations of how to manage the risks of using technical interactions in order to obtain the inherent benefit. Some of the concerns that immediately come to mind are identity, personal privacy, intellectual property, secure maintenance of the critical infrastructure, and the continued operation of necessary organizations. There is a plethora of printed and online literature on various aspects of Cybersecurity - including computer security, information assurance, infrastructure security, personal security, and associated government policy informations. The purpose of this book is to give a composite picture of what Cybersecurity is all about, identify the important literature of the subject, and describe how it differs from everyday information security affecting individuals and computer activities.
This book requires knowledge of basic information systems, computer technology, and network security considerations for an understanding of the implications or many of the topics. No knowledge of mathematics, physics, and engineering is required.
The author, Harry Katzan Jr., has spent many years in basic computer security, cryptography, and modern methods including artificial intelligence and advanced software development. He is the author of Computer Data Security, The Standard Data Encryption Algorithm, and Privacy, Identity and Cloud Computing, and has done development work on security for a major bank.
LanguageEnglish
PublisheriUniverse
Release dateMar 23, 2022
ISBN9781663237781
The Little Book of Cybersecurity
Author

Harry Katzan Jr.

Harry Katzan, Jr. is a professor and consultant who has written several books and papers. He has been an advisor to the executive board of a major bank and has worked for Boeing, Oak Ridge National Lab, and IBM. He and his wife have lived in Switzerland where he was a banking consultant and a professor of Artificial Intelligence. He is an avid runner and has completed 94 marathons including Boston 13 times and New York 14 times. He holds bachelors, masters, and doctorate degrees.

Read more from Harry Katzan Jr.

Related to The Little Book of Cybersecurity

Related ebooks

Teaching Science & Technology For You

View More

Related articles

Related categories

Reviews for The Little Book of Cybersecurity

Rating: 0 out of 5 stars
0 ratings

0 ratings0 reviews

What did you think?

Tap to rate

Review must be at least 10 words

    Book preview

    The Little Book of Cybersecurity - Harry Katzan Jr.

    The

    LITTLE BOOK

    Of

    CYBERSECURITY

    HARRY KATZAN JR.

    45491.png

    THE LITTLE BOOK OF CYBERSECURITY

    Copyright © 2022 Harry Katzan Jr.

    All rights reserved. No part of this book may be used or reproduced by any means, graphic, electronic, or mechanical, including photocopying, recording, taping or by any information storage retrieval system without the written permission of the author except in the case of brief quotations embodied in critical articles and reviews.

    iUniverse

    1663 Liberty Drive

    Bloomington, IN 47403

    www.iuniverse.com

    844-349-9409

    Because of the dynamic nature of the Internet, any web addresses or links contained in this book may have changed since publication and may no longer be valid. The views expressed in this work are solely those of the author and do not necessarily reflect the views of the publisher, and the publisher hereby disclaims any responsibility for them.

    Any people depicted in stock imagery provided by Getty Images are models, and such images are being used for illustrative purposes only.

    Certain stock imagery © Getty Images.

    ISBN: 978-1-6632-3776-7 (sc)

    ISBN: 978-1-6632-3777-4 (hc)

    ISBN: 978-1-6632-3778-1 (e)

    Library of Congress Control Number: 2022915493

    iUniverse rev. date: 03/23/2022

    To Margaret,

    as always

    PREFACE

    This is little book is a collection of chapters written by the author on the subject of Cybersecurity. They represent papers that have been peer reviewed and prepared for a variety of conferences and other academic events. Some chapters have been written to suit a general audience, and others have been prepared for a select class of readers. There are some formatting differences due to the basic requirements of the varying circumstances.

    The essays are intended to be read separately resulting in a minimal amount of definitional material being repeated throughout the book. The reader is able to comfortably read the entries on a topic of interest and disregard the remainder. The chapters are related, but each has a unique focus.

    The subject matter can be viewed as two separate collections. The first is the relation of cybersecurity to the newly dispatched subject of service science. The second is the application of modern technology to everyday affairs. The objective of the chapters is to provide insight into what is new to the areas of business and management. The scope of the subject matter is introductory, foundational, and applicative. The introductory chapters are straightforward and give a gentle introduction to what the disciplines are all about. The foundational chapters provide a basis for the study of the concepts and methods of the two disciplines. The applicative essays are general in nature, so as to provide insight to what does and can go on in the world of service and technology.

    The table of contents is unique in that the entries give an introduction to the respective chapters. This is an aid to selection and gives a summary of the subject matter that is covered. The chapters were assembled to support a recent look into the various subjects.

    Service and cybersecurity are new fields of study and learning. Unfortunately, insufficient time has elapsed for the development of a set of case studies suitable for that form of study. It is hoped that this collection will partially fill that void.

    Harry Katzan, Jr.

    April 2022

    CONTENTS

    Section One - Introduction to Cybersecurity

    1 Essentials of Cybersecurity

    The effectiveness and efficiency of modern networked computer systems is a function of five basic attributes: availability, accuracy, authenticity, confidentiality, and integrity. The concepts apply to information, computers, networks, and other elements of coordination, cooperation, and control, and they apply to government, business, education, and private individuals. The concerns normally involve the Internet as a communication facility – hence the name Cybersecurity. Some of the concerns that immediately come to mind are identity, personal privacy, intellectual property, secure maintenance of the critical infrastructure, and organizational sustainability. The purpose of this chapter is to give a composite picture of what cybersecurity is all about, identify the important literature on the subject, and describe how it differs from everyday information security affecting individuals and computer activities. This paper requires knowledge of basic information systems, computer, and network security technology for an understanding of the implications of many of the topics

    2 Cybersecurity Service Model

    The efficacy of modern computer systems is normally regarded as a function of five basic attributes of computer and information security: availability, accuracy, authenticity, confidentiality, and integrity. The concepts generally apply to government, business, education, and the ordinary lives of private individuals. The considerations normally involve extended applications of the Internet – hence the name Cybersecurity. Achieving and maintaining a secure cyberspace is a complicated process, and some of the concerns involve personal identity, privacy and intellectual property, secure maintenance of the critical infrastructure, and the sustainability of organizations. The threats to a secure operating infrastructure are serious and profound: cyber terrorism, cyber war, cyber espionage, and cyber crime, to which the technical community has responded with a plethora of ad hoc safeguards and procedures, usually supplied by the competitive private sector. This chapter proposes a fresh view of the cyber domain based on service science with the ultimate objective of developing a cybersecurity service model.

    3 Fundamentals of Applied Cybersecurity for Business and Management

    It is well established that cybersecurity is a complicated and complex subject encompassing computer security, information assurance, comprehensive infrastructure protection, commercial integrity, and ubiquitous personal interactions. The concepts apply to information, computers, networks, and other elements of coordination, cooperation, and control, and they apply to government, business, education, and the ordinary lives of private individuals. The concerns normally involve the Internet as a communication facility – hence the name Cybersecurity. Achieving and maintaining cybersecurity is a never-ending process, much like national security, bank security, and so forth, so it is important to know the essential foundations of how to manage the risks of using technical interactions in order to obtain the inherent benefits. Some of the concerns that immediately come to mind are identity, personal privacy, intellectual property, secure maintenance of critical infrastructure, and the continued operation of necessary organizations. There is a plethora of printed and online literature on various aspects of cybersecurity – including computer security, information assurance, infrastructure security, personal security, and associated government policy information. The purpose of this chapter is to give a composite picture of what cybersecurity is all about, identify the important literature on the subject, and describe how it differs from everyday information security affecting individuals and computer activities. This chapter requires knowledge of basic information systems, computer, and network security technology for an understanding of the implications of many of the topics.

    4 Advances in Cybersecurity for Business and Management

    The value of modern computer systems and applications is generally conceived as being a function of five characteristics normally associated with cybersecurity: availability, accuracy, authenticity, confidentiality, and integrity. The concepts generally apply to government, business, education, and the ordinary lives of private individuals, and take place in an environment associated with the Internet. Maintaining a secure cyberspace is a multidimensional process involving personal identity, privacy, intellectual property, the critical infrastructure, and the sustainability of organizations. The threats inherent in a secure operating infrastructure are profound: cyber terrorism, cyber war, cyber espionage, and cyber crime, to which the technical community has responded with safeguards and procedures. This chapter provides a contemporary view of security in the cyber domain with the ultimate objective of developing a science of cybersecurity. Two recent advances are covered: automated intrusion detection and application containers. Individuals and organizations involved with computer and information security should be aware of major developments in this important area.

    5 Contemporary Issues in Cybersecurity Research for Business and Management

    The effectiveness of modern computer applications is normally regarded as a function of five basic attributes of secure computer and information systems: availability, accuracy, authenticity, confidentiality, and integrity. The concepts generally apply to government, business, education, and the ordinary lives of private individuals. The considerations normally involve extended Internet applications – hence the name Cybersecurity. Achieving and maintaining a secure cyberspace is a complicated process, and some of the concerns involve personal identity, privacy, intellectual property, the critical infrastructure, and the sustainability of organizations. The threats to a secure operating infrastructure are serious and profound: cyber terrorism, cyber war, cyber espionage, and cyber crime, to which the technical community has responded with safeguards and procedures, usually supplied by the private sector. This chapter provides a comprehensive view of security in the cyber domain with the ultimate objective of developing a science of cybersecurity.

    6 Service Concepts

    This chapter gives a conspectus of Service for academicians and practitioners with the express purpose of defining the scope of the discipline. The subject of services is the up and coming discipline for the 22nd century, and it encompasses technology, entrepreneurship, business growth, and innovation – four subjects that are generally of interest to most managers and scientists, alike. Services are important to people in business, government, education, health care and management, religion, military, scientific research, engineering, and other endeavors that are too numerous to mention, because most service providers – be they individuals, businesses, governments, and so forth – are also consumers of services. This is the first of three introductory chapters on the subject. The second chapter, entitled Service Management, covers the operational environment for services, and the last chapter, entitled Service Technology covers the technical and architectural basis for the Service discipline.

    7 Service Management

    In the multifaceted domain of services, management and business are intertwined. An enterprise, taken in this paper to be a business, government entity, or educational organization, simultaneously manages its own services and services provided to clients by adopting the role of service provider or service client. In short, an enterprise is likely to be a provider and a user of services. In fact, many internal services are managed as a business and in some instances evolve into external service providers – all with the same or similar functional deployments. So the fine line of separation between management and business is nonexistent, and that phenomenon is clearly evident in the chapters on service.

    8 Service Technology

    This chapter concludes the conspectus of Service for academicians and practitioners. It follows the two previous chapters, entitled Service Concepts and Service Management with the express purpose of defining the scope of the discipline. An eclectic background in service technology and service architecture is required to fully explore the potential of a science as an academic discipline. This chapter reviews the technical concepts needed to apply the concepts that have previously been introduced.

    9 Identity as a Service

    Identity service is an important subject in information systems in general and cloud computing in particular. Normally associated with digital security and privacy, the scope of identity is much greater and affects most aspects of everyday life. Related subjects are behavioral tracking, personal-identifiable information (PII), privacy data relevance, data repurposing, and identity theft. Cloud computing is currently portrayed as a model for providing on-demand access to computing service via the Internet and also serves as a focus for modern security and privacy concerns. Adoption of cloud computing practically eliminates the upfront costs of acquiring computational resources and the time delay of building and deploying software applications. The technology is not without a downside, which, in this case, is the privacy of business and personal information for which identity is a major consideration. Identity service is an admixture of the major issues in the privacy and security of individual rights in a complex informational environment. This is a working paper on this important subject.

    10 Principles of Service Systems: An Ontological Approach

    This paper delineates the principles of service systems, based on an ontological foundation of the subject matter developed independently of a particular endeavor, that are required to enable communication among researchers and assist in the ongoing theoretical development of the constituent topics. The chapter begins with the presentation of service elements and progresses through the various topics until the requisite concepts, relations, and vocabulary are formulated. The subjects are presented in a developmental manner to promote clarity and readability by a broad service science audience and to support research in the discipline.

    11 Toward a Unified Ontology of Trusted Identity in Cyberspace

    The nation’s digital infrastructure is in jeopardy because of inadequate provisions for privacy, identity, and security. Recent Internet activity has resulted in an onslaught of identity theft, fraud, digital crime, and an increasing burden to responsible citizens. The computer security and Internet communities have been generally responsive but apparently ineffective, so it is time for a third party to step in, take charge, and provide an infrastructure to assist in protecting individuals and non-person entities. This chapter is a contribution to the domain of ontological commitment as it applies to a description of subjects, objects, actions, and relationships as they pertain to the National Strategy of Trusted Identity in Cyberspace initiative.

    12 Essentials of Ransomware for Business and Management

    Ransomware is one of the most vicious and troublesome forms of cyber terrorism to surface in recent years, and the reported incidents of it are increasing rapidly. In this form of cyber crime, a malicious program takes over a victim’s computer making use of the computer and access to files unavailable unless a victim pays a ransom. The problem affects individuals and organizations, including in one instance, a health-care facility. Typically, the victim does not know how to respond when a ransomware attack takes place, since payment of the amount of the requested ransom does not necessarily resolve the situation. This chapter describes the various forms of ransomware and gives insight on effective countermeasures. It is a short chapter on a new subject in cybersecurity.

    13 Watchlist Concepts for Business and Management – Getting Started

    A watchlist is generally regarded as a database the government uses to track terrorists. While that is partially true, there is clearly more to it. Otherwise, all of the terrorists would be easily rounded up and the world would be free of the immense security problems that we now face. It follows that if the methodology were genuinely effective, then the inherent techniques could perhaps be used for marketing and other business and societal concerns. Although the methods developed thus far by government agencies are indeed impressive, they necessarily have to be updated as the underlying problems mature. Many subjects need to be analyzed and solutions implemented. The problem domain must be precisely defined and related considerations delineated. To start, a few basic questions need to be answered concerning where society is essentially going with the notion of watch listing and whether or not the concepts of listing are applicable to other areas of business, government, and education. This essay gives an introduction to this very important topic.

    14 Cyberspace Policy Review And The National Strategy For Trusted Identity In Cyberspace

    This chapter gives a brief but substantial review of two documents promulgated by the U.S. Office of the President: the Cyberspace Policy Review and the National Strategy for Trusted Identity in Cyberspace. An identity ecosystem, consisting of participants and infrastructure, is proposed and an operational framework is envisioned. The underlying concepts are comprehensive, and the overall implications should be of interest to the academic, business, and government communities.

    15 Introduction to Terrorism for Managers

    Most persons are well aware of the nature and danger of terrorism, although they haven’t had the least inclination to define the term and related concepts. Throughout history, there have been many examples of terrorism as a threat to individual freedom and national security, and those threats have taken the form of a wide variety of actions resulting in large-scale losses of life, destruction of public, private, and personal property, widespread illness and injury, displacement of large numbers of people, and devastating economic loss. There are several dimensions to terrorism, including its very nature, cause, perpetration, targets, methods, and defense against it, and numerous papers, reports, and books have been published on the subject. However, a civilian awareness of methods for self-defense has yet to be stimulated and most businesses, institutions, and other agencies have little preparation or knowledge of a response to a terrorist attack. Business and institutional management has a responsibility to stakeholders, employees, customers, and the general public for an effective response in the event of a terrorist attack. An introduction to the essential methods for establishing an appropriate response to terrorism is the subject of the chapter.

    1

    ESSENTIALS OF

    CYBERSECURITY

    INTRODUCTION

    It is well established that cybersecurity is a complicated and complex subject encompassing computer security, information assurance, comprehensive infrastructure protection, commercial integrity, and ubiquitous personal interactions. Most people look at the subject from a personal perspective. Is my computer and information secure from outside interference? Is the operation of my online business vulnerable to outside threats? Will I get the item I ordered? Are my utilities safe from international intrusion? Have I done enough to protect my personal privacy? Are my bank accounts and credit cards safe? How do we protect our websites and online information systems from hackers? The list of everyday concerns that people have over the modern system of communication could go on and on. Clearly, concerned citizens and organizations look to someone or something else, such as their Internet service provider or their company or the government, to solve the problem and just tell them what to do.

    So far, it hasn’t been that simple and probably never will be. The digital infrastructure based on the Internet that we call cyberspace is something that we depend on every day for a prosperous economy, a strong military, and an enlightened lifestyle. Cyberspace, as a concept, is a virtual world synthesized from computer hardware and software, desktops and laptops, tablets and cell phones, and broadband and wireless signals that power our schools, businesses, hospitals, government, utilities, and personal lives through a sophisticated set of communication systems, available worldwide. However, the power to build also provides the power to disrupt and destroy. Many persons associate cybersecurity with cyber crime, since it costs persons, commercial organizations, and governments more than a $1 trillion per year. However, there is considerably more to cybersecurity than cyber crime, so it is necessary to start off with concepts and definitions.

    CONCEPTS AND DEFINITIONS

    Cyberspace has been defined as the interdependent network of information technology infrastructure, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries. Alternately, cyberspace is often regarded as any process, program, or protocol relating to the use of the Internet for data processing transmission or use in telecommunication. As such, cyberspace is instrumental in sustaining the everyday activities of millions of people and thousands of organizations worldwide.

    The strategic plan for the U.S. Department of Homeland Security lists five main missions for the period 2012-2016, listed as follows:

    Mission 1: Preventing Terrorism and Enhancing Security

    Mission 2: Securing and Managing Our Borders

    Mission 3: Enforcing and Administering Our Immigration Laws

    Mission 4: Safeguarding and Securing Cyberspace

    Mission 5: Ensuring Resilience to Disaster

    Clearly, the placement of cybersecurity as one of the five major strategic missions of the Department of Homeland Security (DHS) is a sure-fire indication that an underlying problem exists with the global dependence on the Internet that is summarized in the following introductory quote from the DHS report:

    Cyberspace is highly dynamic and the risks posed by malicious cyber activity often transcend sector and international boundaries. Today’s threats to cybersecurity require the engagement of the entire society – from government and law enforcement to the private sector and most importantly, members of the public – to mitigate malicious activities while bolstering defensive capabilities.

    Ensuing policy goals and objectives to achieve cybersecurity could therefore include:

    Goal 4.1: Create a Safe, Secure, and Resilient Cyber Environment

    Objective 4.1.1: Understand and prioritize cyber threats

    Objective 4.1.2: Manage risks to cyberspace

    Objective 4.1.3: Prevent cyber crime and other malicious uses of cyberspace

    Objective 4.1.4: Develop a robust public-private cyber incident response capability

    Goal 4.2: Promote Cybersecurity Knowledge and Innovation

    Objective 4.2.1: Enhance public awareness

    Objective 4.2.2: Foster a dynamic workforce

    Objective 4.2.3: Invest in innovative technologies, techniques, and procedures

    While the line between policy and operations may be a blurred line in some instances, a necessary requirement of cybersecurity is to have security operations be part of a stated set of objectives.

    CYBER ATTACKS

    Cyber attacks can be divided into four distinct groups: cyber terrorism, cyber war, cybercrime, and cyber espionage. It would seem that cybercrime and cyber espionage are the most pressing issues, but the others are just offstage. Here are some definitions:

    Cyber crime is the use of computers or related systems to steal or compromise confidential information for criminal purposes, most often for financial gain.

    Cyber espionage is the use of computers or related systems to collect intelligence or enable certain operations, whether in cyberspace or the real world.

    Cyber terrorism is the use of computers or related systems to create fear or panic in a society and may not result in physical destruction by cyber agitation.

    Cyber war consists of military operations conducted within cyberspace to deny an adversary, whether a state or non-state actor, the effective use of information systems and weapons, or systems controlled by information technology, in order to achieve a political end.

    As such, cybersecurity has been identified as one of the most serious economic and national security challenges facing the nation.

    THE COMPREHENSIVE NATIONAL CYBERSECURITY INITIATIVE

    In order to achieve cybersecurity, from individual, national, organizational, or global perspectives, a proposed set of major goals has been developed:

    To establish a front line of defense against

    today’s immediate threats

    To defend against the full spectrum of threats

    To strengthen the future cybersecurity environment

    Starting from the top, the President has directed the release of a summary description of the Comprehensive National Cybersecurity Initiatives, summarized as follows:

    Initiative #1. Manage the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections.

    Initiative #2. Deploy an intrusion detection system of sensors across the Federal enterprise.

    Initiative #3. Pursue deployment of intrusion prevention systems across the Federal enterprise.

    Initiative #4. Coordinate and redirect research and development (R&D) efforts.

    Initiative #5. Connect current cyber ops centers to enhance situational awareness.

    Initiative #6. Develop and implement a government-wide cyber counterintelligence (CI) plan.

    Initiative #7. Increase the security of our classified networks.

    Initiative #8. Expand cyber education.

    Initiative #9. Define and develop enduring leap-ahead technology, strategies, and programs.

    Initiative #10. Define and develop enduring deterrence strategies and programs.

    Initiative #11. Develop a multi-pronged approach for global supply chain risk management.

    Initiative #12. Define the Federal role for extending cybersecurity into critical infrastructure domains.

    The basic idea of the twelve initiatives is to address current and future cybersecurity issues by combining the resources of

    Enjoying the preview?
    Page 1 of 1