Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Big Breaches
Cybersecurity Lessons for Everyone
Taschenbuch von Moudy Elbayadi (u. a.)
Sprache: Englisch

41,75 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

Lieferzeit 1-2 Wochen

Kategorien:
Beschreibung
The cybersecurity industry has seen an investment of over [...] billion in the past 15 years. Hundreds of thousands of jobs in the field remain unfilled amid breach after breach, and the problem has come to a head. It is time for everyone¿not just techies¿to become informed and empowered on the subject of cybersecurity.
In engaging and exciting fashion, Big Breaches covers some of the largest security breaches and the technical topics behind them such as phishing, malware, third-party compromise, software vulnerabilities, unencrypted data, and more. Cybersecurity affects daily life for all of us, and the area has never been more accessible than with this [...] will obtain a confident grasp on industry insider knowledge such as effective prevention and detection countermeasures, the meta-level causes of breaches, the seven crucial habits for optimal security in your organization, and much more. These valuable lessons are applied to real-world cases, helping you deduce just how high-profile mega-breaches at Target, JPMorgan Chase, Equifax, Marriott, and more were able to occur.

Whether you are seeking to implement a stronger foundation of cybersecurity within your organization or you are an individual who wants to learn the basics, Big Breaches ensures that everybody comes away with essential knowledge to move forward successfully. Arm yourself with this book¿s expert insights and be prepared for the future of cybersecurity.

Who This Book Is For

Those interested in understanding what cybersecurity is all about, the failures have taken place in the field to date, and how they could have been avoided. For existing leadership and management in enterprises and government organizations, existing professionals in the field, and for those who are considering entering the field, this book covers everything from how to create a culture of security to the technologies and processes you can employ to achieve security based on lessons that can be learned from past breaches.
The cybersecurity industry has seen an investment of over [...] billion in the past 15 years. Hundreds of thousands of jobs in the field remain unfilled amid breach after breach, and the problem has come to a head. It is time for everyone¿not just techies¿to become informed and empowered on the subject of cybersecurity.
In engaging and exciting fashion, Big Breaches covers some of the largest security breaches and the technical topics behind them such as phishing, malware, third-party compromise, software vulnerabilities, unencrypted data, and more. Cybersecurity affects daily life for all of us, and the area has never been more accessible than with this [...] will obtain a confident grasp on industry insider knowledge such as effective prevention and detection countermeasures, the meta-level causes of breaches, the seven crucial habits for optimal security in your organization, and much more. These valuable lessons are applied to real-world cases, helping you deduce just how high-profile mega-breaches at Target, JPMorgan Chase, Equifax, Marriott, and more were able to occur.

Whether you are seeking to implement a stronger foundation of cybersecurity within your organization or you are an individual who wants to learn the basics, Big Breaches ensures that everybody comes away with essential knowledge to move forward successfully. Arm yourself with this book¿s expert insights and be prepared for the future of cybersecurity.

Who This Book Is For

Those interested in understanding what cybersecurity is all about, the failures have taken place in the field to date, and how they could have been avoided. For existing leadership and management in enterprises and government organizations, existing professionals in the field, and for those who are considering entering the field, this book covers everything from how to create a culture of security to the technologies and processes you can employ to achieve security based on lessons that can be learned from past breaches.
Über den Autor
¿Dr. Neil Daswani is Co-Director of the Stanford Advanced Security Certification program, and is President of Daswani Enterprises, his security consulting and training firm. He has served in a variety of research, development, teaching, and executive management roles at Symantec, LifeLock, Twitter, Dasient, Google, Stanford University, NTT DoCoMo USA Labs, Yodlee, and Telcordia Technologies (formerly Bellcore). At Symantec, he was Chief Information Security Officer (CISO) for the Consumer Business Unit, and at LifeLock he was the company-wide CISO. Neil has served as Executive-in-Residence at Trinity Ventures (funders of Auth0, New Relic, Aruba, Starbucks, and Bulletproof). He is an investor in and advisor to several cybersecurity startup companies and venture capital funds, including Benhamou Global Ventures, Firebolt, Gravity Ranch Ventures, Security Leadership Capital, and Swift VC. Neil is also co-author of Foundations of Security: What Every Programmer Needs to Know(Apress).
Neil's DNA is deeply rooted in security research and development. He has dozens of technical articles published in top academic and industry conferences (ACM, IEEE, USENIX, RSA, BlackHat, and OWASP), and he has been granted over a dozen US patents. He frequently gives talks at industry and academic conferences, and has been quoted by publications such as The New York Times, USA Today, and CSO Magazine. He earned PhD and MS degrees in computer science at Stanford University, and he holds a BS in computer science with honors with distinction from Columbia University.

Dr. Moudy Elbayadi has more than 20 years of experience and has worked with a number of high-growth companies and across a variety of industries, including mobile and SaaS consumer services, and security and financial services. Having held C-level positions for leading solution providers, Dr. Elbayadi has a unique 360-degree view of consumer and enterprise SaaS businesses. Hehas a consistent track record of defining technology and product strategies that accelerate growth.
As CTO of Shutterfly, Dr. Elbayadi oversees all technology functions including product development, cybersecurity, DevOps, and machine learning/AI R&D functions. In this capacity he is leading the technology platform transformation. Prior to Shutterfly, Dr. Elbayadi held the position of SVP, Product & Technology for Brain Corp, a San Diego-based AI company creating transformative core technology for the robotics industry.
As advisor, Dr. Elbayadi has been engaged by CEOs and senior executives of companies ranging from [...]M to $2B in revenues. Representative engagements include public cloud strategy, platform integration and M&A strategy. He has advised numerous VC firms on technology and prospective investments.
Dr. Elbayadi earned a doctorate in leadership and change from Antioch University, a master's degree in organizational leadership from Chapman University, and a master's degree in business administration from the University of Redlands.
Inhaltsverzeichnis

Part I: The Biggest Breaches

The goal of this part is to explain, in plain English, the biggest breaches in recent years, focusing on what has resulted in everything from exposure of the majority of American consumers' financial identities to a foreign power more than significantly "influencing" the election of our most recent President. The breaches will be covered in reverse chronological order of the years in which the breaches were made public (even though some of them occurred prior), and in the summary section, I'll also comment on the relevance and implications of the actual years in which the breaches took place.

Chapter 1: The Five Key Root Causes

This chapter reviews the five basic root causes that we'll see in all the mega-breaches that will be reviewed in subsequent chapters.

  1. Phishing
  2. Malware
  3. Third-party compromise (suppliers, customers, and partners, as well as acquisitions)
  4. Software Vulnerabilities (application security as well as third-party vulnerabilities)
  5. Inadvertent employee mistakes

Chapter 2: The Capital One Breach in 2019

On July 29, 2019, court documents were released regarding a security breach at Capital One that exposed data for over 105 million people. A lone hacker gained access to highly sensitive data including names, social security numbers, addresses, and dates of birth. This hack is just one example in which over a hundred million customer records have been exposed to the entire Internet.

  1. The Modern Day Datacenter: The Cloud and Hybrid Clouds
  2. Erratic: Former Amazon Web Services employee
  3. The Firewall Hack
  4. The Ex-Filtration
  5. The Simple Mistakes
  6. The Charges & The Fallout

Chapter 3: Cambridge Analytica & Facebook



The goal of this chapter is to cover two issues that both involved Facebook. The first issue is how Cambridge Analytica, a data analytics firm that assisted President Trump's presidential campaign, abused Facebook to harvest data on 70 million U.S. consumers to create psychographic profiles of them and target ads to influence voting. The second issue is how a vulnerability in Facebook's "View As" feature (that allows users to see how their profiles look to the public) was exploited to allow for the take over of approximately 50 million Facebook accounts. The sections in this chapter will also set the groundwork for the Facebook hacking of the 2016 election by the Russians.

  1. How Facebook Works
  2. How Facebook Makes Money Through Ads
  3. Political Ads
  4. Security Challenges with Ads: Abusive Targeting, Bad Ads, Malvertising, and Click Fraud
  5. Facebook's Third-Party Apps and APIs
  6. Cambridge Analytica Harvesting
  7. Bungled Remediation of Harvested Data
  8. The "View As..." Vulnerability
  9. Remediation of the "View As..." Vulnerability

Chapter 4: The Marriott Hack in 2018



The Marriott hack disclosed in 2018 has been the second largest breach of all time as it involved 383 million records, and is only second to Yahoo's hack of 3 billion email accounts which we'll describe in see Chapter 8. Passport numbers, and the location history of hundreds of millions of people was amongst the data stolen in the breach. Combined with stolen data from the US Government's Office of Personnel Management breach (described in Chapter 7), one can even derive the location histories or potentially even impersonate some CIA agents and spies.

  1. Marriott and Starwood
  2. DBA Account Takeover
  3. Malware: Remote Access Trojan and Mimikatz
  4. Starwood Guest Reservation Database Exfiltration

Chapter 5: The Equifax Hack in 2017

The credit histories of 145M+ American consumers were stolen in 2017 in the largest breach of financial identity in history.

  1. Vulnerability Management Problems
  2. Apache Struts and CVE-2017-5638
  3. The Overall State of Information Security at Equifax
  4. The Hack
  5. The Blundered Response
  6. The Impact

Chapter 6: The Facebook Hack in the 2016 Presidential Election

This chapter describes the organized Russian disinformation campaign in which Facebook was weaponized to distribute over 5 million paid ads that focused on dividing the American public and influencing votes in the 2016 Presidential election.

    Dezinformatsiya: Inherently Russian
  1. Lack of Regulatory Oversight for Social Media (as compared to TV advertising)
  2. Russian Facebook Ads
  3. The Internet Research Agency: Kremlin-backed Online Troll Farm (amongst 228 groups)
  4. Weaponization of Ad Targeting: Swing States (Pennsylvania, Virginia, and Wisconsin)
  5. Suspicious Advertisers: Over 9,500
  6. Fancy Bear: Indictments of 13 Russian Individuals

Chapter 7: The Democratic National Committee Hack in 2016

Just as significant as the disinformation advertising campaign was the infiltration and subsequent leaks of over 150,000 emails from the Democratic National Committee.

  1. Trump's Request
  2. Massive Phishing Campaign
  3. How John Podesta Got Phished: 60,000 Emails Stolen
  4. Additional Phishing Emails: 150,000 Emails Stolen
  5. Guccifer 2.0
  6. WikiLeaks
  7. Key Emails and Information Leaked
  8. Impact

Chapter 8: The Office of Personnel Management Hack in 2015

The SF-86 background check files of over 20 million government employees (including CIA, NSA, FBI, and other agents) which also included information about their friends, family, and neighbors, as well as over 5 million fingerprints were stolen and exfiltrated by a foreing nation state.

  1. What was stolen
  2. Impact
  3. Root causes
  4. How it could have been prevented

Chapter 9: The Yahoo Hack in 2013 and 2014 (made public in 2016)

The largest breach in the history of the Internet and the world occured in 2013 and 2014 when attackers compromised Yahoo's email and other systems.

  1. Spear phishing
  2. Malware to grow footprint
  3. Cookie minting
  4. Yahoo Account Management Tool Compromise
  5. Targeting of Politicians and Diplomats
  6. Financial Impact and Verizon Acquisition
  7. Former KGB Agents and Indictments

Chapter 10: Holistic Implications

  1. Political Impact
  2. Financial Impact
  3. Regulatory Impact
  4. Technology Impact

Part II: How to Recover



For each of the root causes of breaches, we'll suggest countermeasures for each going forward. Phishing attacks can be successfully combated with better preventative countermeasures. Malware can unfortunately only be detected better, as no one can altogether stop adversaries from authoring malicious software. Existing software vulnerabilities also cannot be prevented, but their detection, containment, and recovery can be managed much more reliably or automated. Vulnerabilities in new applications, as well as other types of software, can be prevented through the introduction of building codes for software, as well as tools to support the development of software that meets those building codes. Finally, vulnerabilities in third-party suppliers can be recursively managed using the approaches that we've outlined here.

In this second part of the book, technologies that are critical to the roadmap to recovery are explained in plain English. In addition, the contributions that people in various roles need to make and the processes that need to be put in place by those people will also be covered.

Chapter 11: Better Preventative Countermeasures

    Password Managers, Multi-factor Authentication, and Yubico-like Hardware Tokens
  1. Authentication Providers (Current as well as potential future e.g. FIDO Alliance)
  2. Automated Patching: Endpoints, Servers, and IoT. Browsers (e.g., Chrome) are a great example of how this can be done right. Mac OS X updates are also a great example, even if a bit inconvenient sometimes. Servers and IoT need help. Mirai botnet from 2016 exhibits the urgency. IoT Guidelines.
  3. Building Codes for Software

Chapter 12: Detection: Identity Monitoring

  1. Difference between credit monitoring and identity monitoring
  2. Dark Web Monitoring
  3. New Account Creation Vs. Account Takeover

Chapter 13: Detection: Bad Ads, Fake News, and Anti-Malvertising

The goal of this chapter is to focus on detection of bad ads, fake news, and malware that attempt to enter and distribute itself through the online advertising ecosystem.

  • Bad Ads
  • Fake News
  • Malicious software: cannot be prevented, only detection. Not to mention Turing undecidability.
  • Chapter 14: Containment and Recovery: How to Make the Stolen Data Useless



    For any and all information that has been stolen to date, we should attempt to make the stolen data useless. While that can't be done for all data, and time will be required for some data (perhaps even a generation or two) to become fully obsolete, as in the case of stolen background information, it is will worth the effort to render certain data to be ineffective. For instance, SSNs are currently treated as secrets and are used for authentication of users. However, since most of the SSNs in the country have been stolen, they should not be treated as secrets, and alternative methods for actual authentication should be used. SSNs can still be used as identifiers, but knowledge of someone's SSN should not allow you to transact as then. A similar argument can be made for the typical questions asked in KBA (knowledge based answer)...
    Details
    Erscheinungsjahr: 2021
    Genre: Importe, Informatik
    Rubrik: Naturwissenschaften & Technik
    Medium: Taschenbuch
    Inhalt: xlvii
    427 S.
    41 s/w Illustr.
    427 p. 41 illus.
    ISBN-13: 9781484266540
    ISBN-10: 1484266544
    Sprache: Englisch
    Ausstattung / Beilage: Paperback
    Einband: Kartoniert / Broschiert
    Autor: Elbayadi, Moudy
    Daswani, Neil
    Auflage: 1st ed.
    Hersteller: Apress
    Apress L.P.
    Maße: 235 x 155 x 26 mm
    Von/Mit: Moudy Elbayadi (u. a.)
    Erscheinungsdatum: 25.02.2021
    Gewicht: 0,715 kg
    Artikel-ID: 119083662
    Über den Autor
    ¿Dr. Neil Daswani is Co-Director of the Stanford Advanced Security Certification program, and is President of Daswani Enterprises, his security consulting and training firm. He has served in a variety of research, development, teaching, and executive management roles at Symantec, LifeLock, Twitter, Dasient, Google, Stanford University, NTT DoCoMo USA Labs, Yodlee, and Telcordia Technologies (formerly Bellcore). At Symantec, he was Chief Information Security Officer (CISO) for the Consumer Business Unit, and at LifeLock he was the company-wide CISO. Neil has served as Executive-in-Residence at Trinity Ventures (funders of Auth0, New Relic, Aruba, Starbucks, and Bulletproof). He is an investor in and advisor to several cybersecurity startup companies and venture capital funds, including Benhamou Global Ventures, Firebolt, Gravity Ranch Ventures, Security Leadership Capital, and Swift VC. Neil is also co-author of Foundations of Security: What Every Programmer Needs to Know(Apress).
    Neil's DNA is deeply rooted in security research and development. He has dozens of technical articles published in top academic and industry conferences (ACM, IEEE, USENIX, RSA, BlackHat, and OWASP), and he has been granted over a dozen US patents. He frequently gives talks at industry and academic conferences, and has been quoted by publications such as The New York Times, USA Today, and CSO Magazine. He earned PhD and MS degrees in computer science at Stanford University, and he holds a BS in computer science with honors with distinction from Columbia University.

    Dr. Moudy Elbayadi has more than 20 years of experience and has worked with a number of high-growth companies and across a variety of industries, including mobile and SaaS consumer services, and security and financial services. Having held C-level positions for leading solution providers, Dr. Elbayadi has a unique 360-degree view of consumer and enterprise SaaS businesses. Hehas a consistent track record of defining technology and product strategies that accelerate growth.
    As CTO of Shutterfly, Dr. Elbayadi oversees all technology functions including product development, cybersecurity, DevOps, and machine learning/AI R&D functions. In this capacity he is leading the technology platform transformation. Prior to Shutterfly, Dr. Elbayadi held the position of SVP, Product & Technology for Brain Corp, a San Diego-based AI company creating transformative core technology for the robotics industry.
    As advisor, Dr. Elbayadi has been engaged by CEOs and senior executives of companies ranging from [...]M to $2B in revenues. Representative engagements include public cloud strategy, platform integration and M&A strategy. He has advised numerous VC firms on technology and prospective investments.
    Dr. Elbayadi earned a doctorate in leadership and change from Antioch University, a master's degree in organizational leadership from Chapman University, and a master's degree in business administration from the University of Redlands.
    Inhaltsverzeichnis

    Part I: The Biggest Breaches

    The goal of this part is to explain, in plain English, the biggest breaches in recent years, focusing on what has resulted in everything from exposure of the majority of American consumers' financial identities to a foreign power more than significantly "influencing" the election of our most recent President. The breaches will be covered in reverse chronological order of the years in which the breaches were made public (even though some of them occurred prior), and in the summary section, I'll also comment on the relevance and implications of the actual years in which the breaches took place.

    Chapter 1: The Five Key Root Causes

    This chapter reviews the five basic root causes that we'll see in all the mega-breaches that will be reviewed in subsequent chapters.

    1. Phishing
    2. Malware
    3. Third-party compromise (suppliers, customers, and partners, as well as acquisitions)
    4. Software Vulnerabilities (application security as well as third-party vulnerabilities)
    5. Inadvertent employee mistakes

    Chapter 2: The Capital One Breach in 2019

    On July 29, 2019, court documents were released regarding a security breach at Capital One that exposed data for over 105 million people. A lone hacker gained access to highly sensitive data including names, social security numbers, addresses, and dates of birth. This hack is just one example in which over a hundred million customer records have been exposed to the entire Internet.

    1. The Modern Day Datacenter: The Cloud and Hybrid Clouds
    2. Erratic: Former Amazon Web Services employee
    3. The Firewall Hack
    4. The Ex-Filtration
    5. The Simple Mistakes
    6. The Charges & The Fallout

    Chapter 3: Cambridge Analytica & Facebook



    The goal of this chapter is to cover two issues that both involved Facebook. The first issue is how Cambridge Analytica, a data analytics firm that assisted President Trump's presidential campaign, abused Facebook to harvest data on 70 million U.S. consumers to create psychographic profiles of them and target ads to influence voting. The second issue is how a vulnerability in Facebook's "View As" feature (that allows users to see how their profiles look to the public) was exploited to allow for the take over of approximately 50 million Facebook accounts. The sections in this chapter will also set the groundwork for the Facebook hacking of the 2016 election by the Russians.

    1. How Facebook Works
    2. How Facebook Makes Money Through Ads
    3. Political Ads
    4. Security Challenges with Ads: Abusive Targeting, Bad Ads, Malvertising, and Click Fraud
    5. Facebook's Third-Party Apps and APIs
    6. Cambridge Analytica Harvesting
    7. Bungled Remediation of Harvested Data
    8. The "View As..." Vulnerability
    9. Remediation of the "View As..." Vulnerability

    Chapter 4: The Marriott Hack in 2018



    The Marriott hack disclosed in 2018 has been the second largest breach of all time as it involved 383 million records, and is only second to Yahoo's hack of 3 billion email accounts which we'll describe in see Chapter 8. Passport numbers, and the location history of hundreds of millions of people was amongst the data stolen in the breach. Combined with stolen data from the US Government's Office of Personnel Management breach (described in Chapter 7), one can even derive the location histories or potentially even impersonate some CIA agents and spies.

    1. Marriott and Starwood
    2. DBA Account Takeover
    3. Malware: Remote Access Trojan and Mimikatz
    4. Starwood Guest Reservation Database Exfiltration

    Chapter 5: The Equifax Hack in 2017

    The credit histories of 145M+ American consumers were stolen in 2017 in the largest breach of financial identity in history.

    1. Vulnerability Management Problems
    2. Apache Struts and CVE-2017-5638
    3. The Overall State of Information Security at Equifax
    4. The Hack
    5. The Blundered Response
    6. The Impact

    Chapter 6: The Facebook Hack in the 2016 Presidential Election

    This chapter describes the organized Russian disinformation campaign in which Facebook was weaponized to distribute over 5 million paid ads that focused on dividing the American public and influencing votes in the 2016 Presidential election.

      Dezinformatsiya: Inherently Russian
    1. Lack of Regulatory Oversight for Social Media (as compared to TV advertising)
    2. Russian Facebook Ads
    3. The Internet Research Agency: Kremlin-backed Online Troll Farm (amongst 228 groups)
    4. Weaponization of Ad Targeting: Swing States (Pennsylvania, Virginia, and Wisconsin)
    5. Suspicious Advertisers: Over 9,500
    6. Fancy Bear: Indictments of 13 Russian Individuals

    Chapter 7: The Democratic National Committee Hack in 2016

    Just as significant as the disinformation advertising campaign was the infiltration and subsequent leaks of over 150,000 emails from the Democratic National Committee.

    1. Trump's Request
    2. Massive Phishing Campaign
    3. How John Podesta Got Phished: 60,000 Emails Stolen
    4. Additional Phishing Emails: 150,000 Emails Stolen
    5. Guccifer 2.0
    6. WikiLeaks
    7. Key Emails and Information Leaked
    8. Impact

    Chapter 8: The Office of Personnel Management Hack in 2015

    The SF-86 background check files of over 20 million government employees (including CIA, NSA, FBI, and other agents) which also included information about their friends, family, and neighbors, as well as over 5 million fingerprints were stolen and exfiltrated by a foreing nation state.

    1. What was stolen
    2. Impact
    3. Root causes
    4. How it could have been prevented

    Chapter 9: The Yahoo Hack in 2013 and 2014 (made public in 2016)

    The largest breach in the history of the Internet and the world occured in 2013 and 2014 when attackers compromised Yahoo's email and other systems.

    1. Spear phishing
    2. Malware to grow footprint
    3. Cookie minting
    4. Yahoo Account Management Tool Compromise
    5. Targeting of Politicians and Diplomats
    6. Financial Impact and Verizon Acquisition
    7. Former KGB Agents and Indictments

    Chapter 10: Holistic Implications

    1. Political Impact
    2. Financial Impact
    3. Regulatory Impact
    4. Technology Impact

    Part II: How to Recover



    For each of the root causes of breaches, we'll suggest countermeasures for each going forward. Phishing attacks can be successfully combated with better preventative countermeasures. Malware can unfortunately only be detected better, as no one can altogether stop adversaries from authoring malicious software. Existing software vulnerabilities also cannot be prevented, but their detection, containment, and recovery can be managed much more reliably or automated. Vulnerabilities in new applications, as well as other types of software, can be prevented through the introduction of building codes for software, as well as tools to support the development of software that meets those building codes. Finally, vulnerabilities in third-party suppliers can be recursively managed using the approaches that we've outlined here.

    In this second part of the book, technologies that are critical to the roadmap to recovery are explained in plain English. In addition, the contributions that people in various roles need to make and the processes that need to be put in place by those people will also be covered.

    Chapter 11: Better Preventative Countermeasures

      Password Managers, Multi-factor Authentication, and Yubico-like Hardware Tokens
    1. Authentication Providers (Current as well as potential future e.g. FIDO Alliance)
    2. Automated Patching: Endpoints, Servers, and IoT. Browsers (e.g., Chrome) are a great example of how this can be done right. Mac OS X updates are also a great example, even if a bit inconvenient sometimes. Servers and IoT need help. Mirai botnet from 2016 exhibits the urgency. IoT Guidelines.
    3. Building Codes for Software

    Chapter 12: Detection: Identity Monitoring

    1. Difference between credit monitoring and identity monitoring
    2. Dark Web Monitoring
    3. New Account Creation Vs. Account Takeover

    Chapter 13: Detection: Bad Ads, Fake News, and Anti-Malvertising

    The goal of this chapter is to focus on detection of bad ads, fake news, and malware that attempt to enter and distribute itself through the online advertising ecosystem.

  • Bad Ads
  • Fake News
  • Malicious software: cannot be prevented, only detection. Not to mention Turing undecidability.
  • Chapter 14: Containment and Recovery: How to Make the Stolen Data Useless



    For any and all information that has been stolen to date, we should attempt to make the stolen data useless. While that can't be done for all data, and time will be required for some data (perhaps even a generation or two) to become fully obsolete, as in the case of stolen background information, it is will worth the effort to render certain data to be ineffective. For instance, SSNs are currently treated as secrets and are used for authentication of users. However, since most of the SSNs in the country have been stolen, they should not be treated as secrets, and alternative methods for actual authentication should be used. SSNs can still be used as identifiers, but knowledge of someone's SSN should not allow you to transact as then. A similar argument can be made for the typical questions asked in KBA (knowledge based answer)...
    Details
    Erscheinungsjahr: 2021
    Genre: Importe, Informatik
    Rubrik: Naturwissenschaften & Technik
    Medium: Taschenbuch
    Inhalt: xlvii
    427 S.
    41 s/w Illustr.
    427 p. 41 illus.
    ISBN-13: 9781484266540
    ISBN-10: 1484266544
    Sprache: Englisch
    Ausstattung / Beilage: Paperback
    Einband: Kartoniert / Broschiert
    Autor: Elbayadi, Moudy
    Daswani, Neil
    Auflage: 1st ed.
    Hersteller: Apress
    Apress L.P.
    Maße: 235 x 155 x 26 mm
    Von/Mit: Moudy Elbayadi (u. a.)
    Erscheinungsdatum: 25.02.2021
    Gewicht: 0,715 kg
    Artikel-ID: 119083662
    Warnhinweis

    Ähnliche Produkte

    Ähnliche Produkte