Cybersecurity All-in-One For Dummies
- Length: 720 pages
- Edition: 1
- Language: English
- Publisher: For Dummies
- Publication Date: 2023-02-07
- ISBN-10: 139415285X
- ISBN-13: 9781394152858
- Sales Rank: #369710 (See Top 100 Books)
Over 700 pages of insight into all things cybersecurity
Cybersecurity All-in-One For Dummies covers a lot of ground in the world of keeping computer systems safe from those who want to break in. This book offers a one-stop resource on cybersecurity basics, personal security, business security, cloud security, security testing, and security awareness. Filled with content to help with both personal and business cybersecurity needs, this book shows you how to lock down your computers, devices, and systems―and explains why doing so is more important now than ever. Dig in for info on what kind of risks are out there, how to protect a variety of devices, strategies for testing your security, securing cloud data, and steps for creating an awareness program in an organization.
- Explore the basics of cybersecurity at home and in business
- Learn how to secure your devices, data, and cloud-based assets
- Test your security to find holes and vulnerabilities before hackers do
- Create a culture of cybersecurity throughout an entire organization
This For Dummies All-in-One is a stellar reference for business owners and IT support pros who need a guide to making smart security choices. Any tech user with concerns about privacy and protection will also love this comprehensive guide.
Title Page Copyright Page Table of Contents Introduction About This Book Foolish Assumptions Icons Used in This Book Beyond the Book Where to Go from Here 1 Cybersecurity Basics Chapter 1 What Exactly Is Cybersecurity? Cybersecurity Means Different Things to Different Folks Cybersecurity Is a Constantly Moving Target Technological changes Digital data The Internet Cryptocurrency Mobile workforces and ubiquitous access Smart devices Big data The COVID-19 pandemic Social shifts Economic model shifts Political shifts Data collection Election interference Hacktivism Greater freedom Sanctions New balances of power Looking at the Risks Cybersecurity Mitigates The goal of cybersecurity: The CIA Triad From a human perspective Chapter 2 Getting to Know Common Cyberattacks Attacks That Inflict Damage Denial-of-service (DoS) attacks Distributed denial-of-service (DDoS) attacks Botnets and zombies Data destruction attacks Is That Really You? Impersonation Phishing Spear phishing CEO fraud Smishing Vishing Pharming Whaling: Going for the “big fish” Messing around with Other People’s Stuff: Tampering Captured in Transit: Interception Man-in-the-middle attacks Taking What Isn’t Theirs: Data Theft Personal data theft Business data theft Data exfiltration Compromised credentials Forced policy violations Cyberbombs That Sneak into Your Devices: Malware Viruses Worms Trojans Ransomware Scareware Spyware Cryptocurrency miners Adware Blended malware Zero-day malware Fake malware on computers Fake malware on mobile devices Fake security subscription renewal notifications Poisoned Web Service Attacks Network Infrastructure Poisoning Malvertising Drive-by downloads Stealing passwords Exploiting Maintenance Difficulties Advanced Attacks Opportunistic attacks Targeted attacks Blended (opportunistic and targeted) attacks Some Technical Attack Techniques Rootkits Brute-force attacks Injection attacks Cross-site scripting SQL injection Session hijacking Malformed URL attacks Buffer overflow attacks Chapter 3 The Bad Guys You Must Defend Against Bad Guys and Good Guys Are Relative Terms Bad Guys Up to No Good Script kiddies Kids who are not kiddies Terrorists and other rogue groups Nations and states Corporate spies Criminals Hacktivists Terrorists Rogue insiders Cyberattackers and Their Colored Hats How Cybercriminals Monetize Their Actions Direct financial fraud Indirect financial fraud Profiting off illegal trading of securities Stealing credit card, debit card, and other payment-related information Stealing goods Stealing data Ransomware Cryptominers Not All Dangers Come From Attackers: Dealing with Nonmalicious Threats Human error Humans: The Achilles’ heel of cybersecurity Social engineering External disasters Natural disasters Pandemics Environmental problems caused by humans Cyberwarriors and cyberspies The impotent Fair Credit Reporting Act Expunged records are no longer really expunged Social Security numbers Social media platforms Google’s all-knowing computers Mobile device location tracking Defending against These Attackers 2 Personal Cybersecurity Chapter 1 Evaluating Your Current Cybersecurity Posture Don’t be Achilles: Identifying Ways You May Be Less than Secure Your home computer(s) Your mobile devices Your Internet of Things (IoT) devices Your networking equipment Your work environment Identifying Risks Protecting against Risks Perimeter defense Firewall/router Security software Your physical computer(s) and any other endpoints Backups Detecting Responding Recovering Improving Evaluating Your Current Security Measures Software Hardware Insurance Education Privacy Think before you share Think before you post General privacy tips Banking Online Safely Safely Using Smart Devices Cryptocurrency Security Chapter 2 Enhancing Physical Security Understanding Why Physical Security Matters Taking Inventory Stationary devices Mobile devices Locating Your Vulnerable Data Creating and Executing a Physical Security Plan Implementing Physical Security Security for Mobile Devices Realizing That Insiders Pose the Greatest Risks Chapter 3 Cybersecurity Considerations When Working from Home Network Security Concerns Device Security Concerns Location Cybersecurity Shoulder surfing Eavesdropping Theft Human errors Video Conferencing Cybersecurity Keep private stuff out of camera view Keep video conferences secure from unauthorized visitors Social Engineering Issues Regulatory Issues Chapter 4 Securing Your Accounts Realizing You’re a Target Securing Your External Accounts Securing Data Associated with User Accounts Conduct business with reputable parties Use official apps and websites Don’t install software from untrusted parties Don’t root your phone Don’t provide unnecessary sensitive information Use payment services that eliminate the need to share credit card numbers Use one-time, virtual credit card numbers when appropriate Monitor your accounts Report suspicious activity ASAP Employ a proper password strategy Utilize multifactor authentication Log out when you’re finished Use your own computer or phone Lock your computer Use a separate, dedicated computer for sensitive tasks Use a separate, dedicated browser for sensitive web-based tasks Secure your access devices Keep your devices up to date Don’t perform sensitive tasks over public Wi-Fi Never use public Wi-Fi in high-risk places Access your accounts only in safe locations Use appropriate devices Set appropriate limits Use alerts Periodically check access device lists Check last login info Respond appropriately to any fraud alerts Never send sensitive information over an unencrypted connection Beware of social engineering attacks Establish voice login passwords Protect your cellphone number Don’t click on links in emails or text messages Securing Data with Parties You’ve Interacted With Securing Data at Parties You Haven’t Interacted With Securing Data by Not Connecting Hardware with Unknown Pedigrees Chapter 5 Passwords Passwords: The Primary Form of Authentication Avoiding Simplistic Passwords Password Considerations Easily guessable personal passwords Complicated passwords aren’t always better Different levels of sensitivity Your most sensitive passwords may not be the ones you think You can reuse passwords — sometimes Consider using a password manager Creating Memorable, Strong Passwords Knowing When to Change Passwords Changing Passwords after a Breach Providing Passwords to Humans Storing Passwords Storing passwords for your heirs Storing general passwords Transmitting Passwords Discovering Alternatives to Passwords Biometric authentication SMS-based authentication App-based one-time passwords Hardware token authentication USB-based authentication Chapter 6 Preventing Social Engineering Attacks Don’t Trust Technology More than You Would People Types of Social Engineering Attacks Six Principles Social Engineers Exploit Don’t Overshare on Social Media Your schedule and travel plans Financial information Personal information Information about your children Information about your pets Work information Possible cybersecurity issues Crimes and minor infractions Medical or legal advice Your location Your birthday Your “sins” Leaking Data by Sharing Information as Part of Viral Trends Identifying Fake Social Media Connections Photo Verification Friends or connections in common Relevant posts Number of connections Industry and location Similar people Duplicate contact Contact details Premium status LinkedIn endorsements Group activity Appropriate levels of relative usage Human activities Cliché names Poor contact information Skill sets Spelling Age of an account Suspicious career or life path Level or celebrity status Using Bogus Information Using Security Software General Cyberhygiene Can Help Prevent Social Engineering 3 Securing a Business Chapter 1 Securing Your Small Business Making Sure Someone Is In Charge Watching Out for Employees Incentivize employees Avoid giving out the keys to the castle Give everyone separate credentials Restrict administrators Limit access to corporate accounts Implement employee policies Enforce social media policies Monitor employees Dealing with a Remote Workforce Use work devices and separate work networks Set up virtual private networks Create standardized communication protocols Use a known network Determine how backups are handled Be careful where you work remotely Be extra vigilant regarding social engineering Considering Cybersecurity Insurance Complying with Regulations and Compliance Protecting employee data PCI DSS Breach disclosure laws GDPR HIPAA Biometric data Anti-money laundering laws International sanctions Handling Internet Access Segregate Internet access for personal devices Create bring your own device (BYOD) policies Properly handle inbound access Protect against denial-of-service attacks Use https Use a VPN Run penetration tests Be careful with IoT devices Use multiple network segments Be careful with payment cards Managing Power Issues Chapter 2 Cybersecurity and Big Businesses Utilizing Technological Complexity Managing Custom Systems Continuity Planning and Disaster Recovery Looking at Regulations Sarbanes Oxley Stricter PCI requirements Public company data disclosure rules Breach disclosures Industry-specific regulators and rules Fiduciary responsibilities Deep pockets Deeper Pockets — and Insured Considering Employees, Consultants, and Partners Dealing with internal politics Offering information security training Replicated environments Looking at the Chief Information Security Officer’s Role Overall security program management Test and measurement of the security program Human risk management Information asset classification and control Security operations Information security strategy Identity and access management Data loss prevention Fraud prevention Incident response plan Disaster recovery and business continuity planning Compliance Investigations Physical security Security architecture Geopolitical risks Ensuring auditability of system administrators Cybersecurity insurance compliance Chapter 3 Identifying a Security Breach Identifying Overt Breaches Ransomware Defacement Claimed destruction Detecting Covert Breaches Your device seems slower than before Your Task Manager doesn’t run Your Registry Editor doesn’t run Your device starts suffering from latency issues Your device starts suffering from communication and buffering issues Your device’s settings have changed Your device is sending or receiving strange email messages Your device is sending or receiving strange text messages New software (including apps) is installed on your device — and you didn’t install it Your device’s battery seems to drain more quickly than before Your device seems to run hotter than before File contents have been changed Files are missing Websites appear different than before Your Internet settings show a proxy, and you never set one up Some programs (or apps) stop working properly Security programs have turned off An increased use of data or text messaging (SMS) Increased network traffic Unusual open ports Your device starts crashing Your cellphone bill shows unexpected charges up to here Unknown programs request access External devices power on unexpectedly Your device acts as if someone else were using it New browser search engine default Your device password has changed Pop-ups start appearing New browser add-ons appear New browser home page Your email from the device is getting blocked by spam filters Your device is attempting to access “bad” sites You’re experiencing unusual service disruptions Your device’s language settings changed You see unexplained activity on the device You see unexplained online activity Your device suddenly restarts You see signs of data breaches and/or leaks You are routed to the wrong website Your hard drive or SSD light never seems to turn off Other abnormal things happen Chapter 4 Recovering from a Security Breach An Ounce of Prevention Is Worth Many Tons of Response Stay Calm and Act Now with Wisdom Bring in a Pro Recovering from a Breach without a Pro’s Help Step 1: Figure out what happened or is happening Step 2: Contain the attack Step 3: Terminate and eliminate the attack Boot the computer from a security software boot disk Back up Delete junk (optional) Run security software Reinstall Damaged Software Restart the system and run an updated security scan Erase all potentially problematic System Restore points Restore modified settings Rebuild the system Dealing with Stolen Information Paying ransoms Consult a cybersecurity expert Consult a lawyer Learning for the future Recovering When Your Data Is Compromised at a Third Party Reason the notice was sent Scams Passwords Payment card information Government-issued documents School or employer-issued documents Social media accounts Chapter 5 Backing Up Backing Up Is a Must Backing Up Data from Apps and Online Accounts SMS texts Social media WhatsApp Google Photos Other apps Backing Up Data on Smartphones Android Automatic backups Manual backups Apple Backing up to iCloud Backing up using iTunes Conducting Cryptocurrency Backups Backing Up Passwords Looking at the Different Types of Backups Full backups of systems Original system images Later system images Original installation media Downloaded software Full backups of data Incremental backups Differential backups Mixed backups Continuous backups Partial backups Folder backups Drive backups Virtual drive backups Exclusions In-app backups Figuring Out How Often You Should Backup Exploring Backup Tools Backup software Drive-specific backup software Windows Backup Smartphone/tablet backup Manual file or folder copying backups Automated task file or folder copying backups Creating a Boot Disk Knowing Where to Back Up Local storage Offsite storage Cloud Network storage Mixing locations Knowing Where Not to Store Backups Encrypting Backups Testing Backups Disposing of Backups Chapter 6 Resetting Your Device Exploring Two Types of Resets Soft resets Older devices Windows computers Mac computers Android devices iPhones Hard resets Resetting a Windows device Resetting a modern Android device Resetting a Mac Resetting an iPhone Rebuilding Your Device after a Hard Reset Chapter 7 Restoring from Backups You Will Need to Restore Wait! Do Not Restore Yet! Restoring Data to Apps Restoring from Full Backups of Systems Restoring to the computing device that was originally backed up Restoring to a different device than the one that was originally backed up Original system images Later system images Installing security software Original installation media Downloaded software Restoring from full backups of data Restoring from Incremental Backups Incremental backups of data Incremental backups of systems Differential backups Continuous backups Partial backups Folder backups Drive backups Virtual-drive backups Restoring the entire virtual drive Restoring files and/or folders from the virtual drive Dealing with Deletions Excluding Files and Folders Understanding Archives Multiple files stored within one file Old live data Old versions of files, folders, or backups Restoring Using Backup Tools Restoring from a Windows backup Restoring to a system restore point Restoring from a smartphone/tablet backup Restoring from manual file or folder copying backups Utilizing third-party backups of data hosted at third parties Returning Backups to Their Proper Locations Network storage Restoring from a combination of locations Restoring to Non-Original Locations Never Leave Your Backups Connected Restoring from Encrypted Backups Testing Backups Restoring Cryptocurrency Booting from a Boot Disk 4 Securing the Cloud Chapter 1 Clouds Aren’t Bulletproof Knowing Your Business Discovering the company jewels Initiating your plan Automating the discovery process AWS Discovery Service Google Cloud Discovery Service Knowing Your SLA Agreements with Service Providers Where is the security? Knowing your part Building Your Team Finding the right people Including stakeholders Creating a Risk Management Plan Identifying the risks Assessing the consequences of disaster Pointing fingers at the right people Disaster planning When Security Is Your Responsibility Determining which assets to protect Using an automation tool Letting ITAM help you comply Applications designed to manage and protect your company’s assets Knowing your possible threat level Van Gogh with it (paint a picture of your scenario) Setting up a risk assessment database Confidential data loss Integrity loss Data access loss Avoiding Security Work with the Help of the Cloud Having someone else ensure physical security Making sure providers have controls to separate customer data Recognizing that cloud service providers can offer better security Chapter 2 Getting Down to Business Negotiating the Shared Responsibility Model Coloring inside the lines Learning what to expect from a data center Taking responsibility for your 75 percent SaaS, PaaS, IaaS, AaaA! SaaS SaaS security PaaS PaaS security IaaS IaaS security FaaS SaaS, PaaS, IaaS, FaaS responsibilities Managing Your Environment Restricting access Assessing supply chain risk Managing virtual devices Application auditing Managing Security for Devices Not Under Your Control Inventorying devices Using a CASB solution Applying Security Patches Looking Ahead Chapter 3 Developing Secure Software Turbocharging Development No more waterfalls CI/CD: Continuous integration/continuous delivery Shifting left and adding security in development Tackling security sooner rather than later Putting security controls in place first Circling back Implementing DevSecOps Automating Testing during Development Using static and dynamic code analysis Taking steps in automation Leveraging software composition analysis Security holes in open-source code Dependency tracking Security holes and how to plug them Proving the job has been done right Logging and monitoring Ensuring data accountability, data assurance, and data dependability Running Your Applications Taking advantage of cloud agnostic integration Recognizing the down sides of cloud agnostic development Getting started down the cloud agnostic path Like DevOps but for Data Testing, 1-2-3 Is this thing working? Working well with others Baking in trust DevSecOps for DataOps Considering data security Ending data siloes Developing your data store Meeting the Challenges of DataSecOps Understanding That No Cloud Is Perfect Chapter 4 Restricting Access Determining the Level of Access Required Catching flies with honey Determining roles Auditing user requirements Understanding Least Privilege Policy Granting just-in-time privileges The need-to-know strategy Granting access to trusted employees Restricting access to contractors Implementing Authentication Multifactor authentication (Or, who’s calling me now?) Authenticating with API keys Using Firebase authentication Employing OAuth Google and Facebook authentication methods Introducing the Alphabet Soup of Compliance Global compliance Complying with PCI Complying with GDPR HIPAA compliance Government compliance Compliance in general Maintaining Compliance and CSPM Discovering and remediating threats with CSPM applications Automating Compliance Integrating with DevOps Controlling Access to the Cloud Using a cloud access security broker (CASB) Middleware protection systems Employing a secure web gateway (SWG) Data loss prevention (DLP) systems Using a Firewall as a Service (FWaaS) Secure Access Service Edge (SASE) Identifying user behavior Carrying out forensic investigations Using a managed service provider Getting Certified ISO 27001 Compliance SOC 2 compliance Certifying security Certifying availability Certifying processing integrity Certifying confidentiality Certifying privacy PCI certification Chapter 5 Implementing Zero Trust Making the Shift from Perimeter Security Examining the Foundations of Zero Trust Philosophy Two-way authentication Endpoint device management End-to-end encryption Public key/private key encryption A scary bit about email Policy based access Accountability Guarding against external threats with SIEM Protecting against internal threats with UEBA Least privilege Network access control and beyond CSPM risk automation Dealing with Zero Trust Challenges Choose a roadmap Take a simple, step-by-step approach Keep in mind some challenges you face in implementing zero trust Dealing with change Integrating legacy systems Creating full visibility Building DIY solutions Zero trust and the cloud: Using a third-party solution Enabling business collaboration Making zero trust agile Building the right team Chapter 6 Using Cloud Security Services Customizing Your Data Protection Validating Your Cloud Multifactor authentication One-time passwords Managing file transfers HSM: Hardware Security Modules for the Big Kids Looking at HSM cryptography Managing keys with an HSM A little bit about keys Bitcoin and other cryptocurrency Building in tamper resistance Using HSMs to manage your own keys Meeting financial data security requirements with HSMs DNSSEC OpenDNSSEC Evaluating HSM products Looking at cloud HSMs KMS: Key Management Services for Everyone Else SSH compliance The encryption-key lifecycle Setting Up Crypto Service Gateways 5 Testing Your Security Chapter 1 Introduction to Vulnerability and Penetration Testing Straightening Out the Terminology Hacker Malicious user Recognizing How Malicious Attackers Beget Ethical Hackers Vulnerability and penetration testing versus auditing Policy considerations Compliance and regulatory concerns Understanding the Need to Hack Your Own Systems Understanding the Dangers Your Systems Face Nontechnical attacks Network infrastructure attacks Operating system attacks Application and other specialized attacks Following the Security Assessment Principles Working ethically Respecting privacy Not crashing your systems Using the Vulnerability and Penetration Testing Process Formulating your plan Selecting tools Executing the plan Evaluating results Moving on Chapter 2 Cracking the Hacker Mindset What You’re Up Against Who Breaks into Computer Systems Hacker skill levels Hacker motivations Why They Do It Planning and Performing Attacks Maintaining Anonymity Chapter 3 Developing Your Security Testing Plan Establishing Your Goals Determining Which Systems to Test Creating Testing Standards Timing your tests Running specific tests Conducting blind versus knowledge assessments Picking your location Responding to vulnerabilities you find Making silly assumptions Selecting Security Assessment Tools Chapter 4 Hacking Methodology Setting the Stage for Testing Seeing What Others See Scanning Systems Hosts Open ports Determining What’s Running on Open Ports Assessing Vulnerabilities Penetrating the System Chapter 5 Information Gathering Gathering Public Information Social media Web search Web crawling Websites Mapping the Network WHOIS Privacy policies Chapter 6 Social Engineering Introducing Social Engineering Starting Your Social Engineering Tests Knowing Why Attackers Use Social Engineering Understanding the Implications Building trust Exploiting the relationship Deceit through words and actions Deceit through technology Performing Social Engineering Attacks Determining a goal Seeking information Using the Internet Dumpster diving Phone systems Phishing emails Social Engineering Countermeasures Policies User awareness and training Chapter 7 Physical Security Identifying Basic Physical Security Vulnerabilities Pinpointing Physical Vulnerabilities in Your Office Building infrastructure Attack points Countermeasures Utilities Attack points Countermeasures Office layout and use Attack points Countermeasures Network components and computers Attack points Countermeasures 6 Enhancing Cybersecurity Awareness Chapter 1 Knowing How Security Awareness Programs Work Understanding the Benefits of Security Awareness Reducing losses from phishing attacks Reducing losses by reducing risk Grasping how users initiate loss Knowing How Security Awareness Programs Work Establishing and measuring goals Showing users how to “do things right” Recognizing the Role of Awareness within a Security Program Disputing the Myth of the Human Firewall Chapter 2 Creating a Security Awareness Strategy Identifying the Components of an Awareness Program Choosing effective communications tools Picking topics based on business drivers Knowing when you’re a success Figuring Out How to Pay for It All Chapter 3 Determining Culture and Business Drivers Understanding Your Organization’s Culture Determining security culture Recognizing how culture relates to business drivers Identifying Subcultures Interviewing Stakeholders Requesting stakeholder interviews Scheduling the interviews Creating interview content Taking names Partnering with Other Departments Chapter 4 Choosing the Best Tools for the Job Identifying Security Ambassadors Finding ambassadors Maintaining an ambassador program Knowing the Two Types of Communications Tools Reminding users to take action Requiring interaction from users Exploring Your Communications Arsenal Knowledgebase Posters Hardcopy newsletters Monitor displays Screen savers Pamphlets Desk drops Table tents Coffee cups or sleeves Stickers Mouse pads Pens and other useful giveaways Camera covers Squishy toys and other fun giveaways Active communications tools Computer based training Contests Events Chapter 5 Measuring Performance Knowing the Hidden Cost of Awareness Efforts Meeting Compliance Requirements Collecting Engagement Metrics Attendance metrics Likability metrics Knowledge metrics Measuring Improved Behavior Tracking the number of incidents Examining behavior with simulations Tracking behavior with gamification Demonstrating a Tangible Return on Investment Recognizing Intangible Benefits of Security Awareness Knowing Where You Started: Day 0 Metrics Chapter 6 Assembling Your Security Awareness Program Knowing Your Budget Finding additional sources for funding Securing additional executive support Coordinating with other departments Allocating for your musts Limiting your discretionary budget Appreciating your team as your most valuable resource Choosing to Implement One Program or Multiple Programs Managing multiple programs Beginning with one program Gaining Support from Management Devising a Quarterly Delivery Strategy Ensuring that your message sticks Distributing topics over three months Deciding Whether to Include Phishing Simulations Planning Which Metrics to Collect and When Considering metrics versus topics Choosing three behavioral metrics Incorporating Day 0 metrics Scheduling periodic updates Biasing your metrics Branding Your Security Awareness Program Creating a theme Maintaining brand consistency Coming up with a catchphrase and logo Promoting your program with a mascot Chapter 7 Running Your Security Awareness Program Nailing the Logistics Determining sources or vendors Scheduling resources and distribution Contracting vendors Recognizing the role of general project management Getting All Required Approvals Getting the Most from Day 0 Metrics Creating Meaningful Reports Presenting reports as a graphical dashboard Adding index scores Creating an awareness index Reevaluating Your Program Reconsidering your metrics Evaluating your communications tools Measuring behavioral changes Redesigning Your Program Anything stand out? Adding subcultures Adding, deleting, and continuing metrics Adding and discontinuing communications tools Revisiting awareness topics Considering Breaking News and Incidents Chapter 8 Implementing Gamification Understanding Gamification Identifying the Four Attributes of Gamification Figuring Out Where to Gamify Awareness Examining Some Tactical Gamification Examples Phishing reporting Clean desk drops Tailgating exercises USB drop reporting Reporting security incidents Ad hoc gamification Putting Together a Gamification Program Determining reward tiers Assigning point levels Creating a theme Offering valid rewards Assigning points to behaviors Tracking users and the points they earn Promoting the Program Index EULA
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.