Shostack A. The new school of information security / Shostack A., Stewart A. - Upper Saddle River; Boston: Addison-Wesley, 2008. - xiv, 238 p. - Bibliogr.: p.213-228. - Ind.: p.229-238. - ISBN 0321-50278-7; ISBN-13 978-0-50278-0  Место хранения:   01 | ГПНТБ СО РАН | Новосибирск

Оглавление / Contents

OBSERVING THE WORLD AND ASKING WHY Spam, and Other Problems with Email ............................. 4 Hostile Code .................................................... 7 Security Breaches ............................................... 9 Identity and the Theft of Identity ............................. 11 Should We Just Start Over? ..................................... 14 The Need for a New School ...................................... 15 THE SECURITY INDUSTRY Where the Security Industry Comes From ......................... 19 Orientations and Framing ....................................... 25 What Does the Security Industry Sell? .......................... 27 How Security Is Sold ........................................... 33 ON EVIDENCE The Trouble with Surveys ....................................... 46 The Trade Press ................................................ 50 Vulnerabilities ................................................ 52 Instrumentation on the Internet ................................ 54 Organizations and Companies with Data .......................... 55 THE RISE OF THE SECURITY BREACH How Do Companies Lose Data? .................................... 64 Disclose Breaches .............................................. 68 Possible Criticisms of Breach Data ............................. 70 Moving from Art to Science ..................................... 74 Get Involved ................................................... 76 AMATEURS STUDY CRYPTOGRAPHY The Economics of Information Security .......................... 82 PROFESSIONALS STUDY ECONOMICS Psychology ....................... 95 Sociology ...................................................... 99 SPENDING Reasons to Spend on Security Today ............................ 106 Non-Reasons to Spend on Security .............................. 110 Emerging Reasons to Spend ..................................... 112 How Much Should a Business Spend on Security? ................. 116 The Psychology of Spending .................................... 122 On What to Spend .............................................. 126 LIFE IN THE NEW SCHOOL People Are People ............................................. 132 Breach Data Is Not Actuarial Data ............................. 136 Powerful Externalities ........................................ 137 The Human Computer Interface and Risk Compensation ............ 139 The Use and Abuse of Language ................................. 142 Skills Shortages, Organizational Structure, and Collaboration ................................................. 144 A CALL TO ACTION Join the New School ........................................... 149 Embrace the New School ........................................ 153 Make Money from the New School ................................ 157 Final Words ................................................... 159 ENDNOTES ...................................................... 161 BIBLIOGRAPHY .................................................. 213 INDEX ......................................................... 229