Click on a book cover for more information or to order.
SAVE 20% AND GET FREE SHIPPING when you order these or any book online! Simply enter this code--813DA--when you checkout.
The Evolution of Cybersecurity and the Rise of Threat Hunting
There's one thing for certain, hackers will continue to evolve their techniques and organizations must acknowledge that. It has become imperative to organizations to embrace the Zero Trust Model. This article explains why threat hunting can't be a one-time exercise. Instead, organizations must continuously verify endpoints to determine if they've been compromised, so quick action can be taken to limit damage and restore network integrity if a threat is detected.
12 Tips for Building Trusting Relationships Across Your Virtual Team
To build healthy relationships and cultivate trust among virtual teams, here are a few tips from Nancy Settle-Murphy.
Recently Released GAO Reports: Policies and Procedures, Internet of Things, Identity Theft Risks, Identity Fraud, Cyber-Threat Nations, and Data Privacy
Information Security: the Dismal Discipline?
Read this chapter from Why CISOs Fail: The Missing Link in Security Management--and How to Fix It and understand why the author likes to call information security the "dismal discipline," and why this perception needs to change.
A Review of Intrusion Detection and Prevention on Mobile Devices: The Last Decade
This chapter from Intrusion Detection and Prevention for Mobile Ecosystems introduces the background of IDSs/IPSs and then investigates the development of IDS/IPS on mobile devices within the last decade by examining notable work in the literature. Then, it identifies the issues and challenges of designing such defense mechanisms on mobile devices, describe several potential solutions, and analyze the future directions in this field.
Introduction to Big Data and Agile Business
The strategic approach to Big Data is aimed at extracting business value from the dynamically changing data. The chapter from Big Data Strategies for Agile Business introduces a framework that can convert the "potential" hidden in Big Data into "kinetic" value. It also discusses reducing the risks to businesses associated with adopting any new and disruptive technology, like Big Data.
Call for Chapter Proposals: Computer and Cyber Security: Principles, Algorithm, Applications and Perspectives
The main objective of the book is to provide relevant theoretical frameworks and the latest empirical research findings in the area. It will be written for professionals who want to improve their understanding of the principles, challenges and applications of computer and cyber security. The book will help to identify the interesting and exciting areas of future research to apply these techniques. In addition, it will be an excellent book to teach a course on computer and cyber security. The material will prepare the students for exercising better protection in terms of understanding the motivation of the attackers and how to deal with and mitigate the situation in a better manner. The chapter proposals will be selected in the following categories to make a balance of theory, future research directions, and practical use cases; i.e., original research articles, case studies, and review articles in the aforementioned domain.
Mirai Goes Open Source and Morphs into Persirai
The Mirai malware has become notorious for recruiting IoT devices to form botnets that have launched some of the largest distributed denial of service (DDoS) attacks we have recorded. Mirai came onto the scene in late-2016 as the malware behind very large DDoS attacks, including a 650 Mbps attack on the Krebs on Security site. It is also purported to have been the basis of the attack in October 2016 that brought down many sites including Twitter, Netflix, and Airbnb. Since then, Mirai has morphed into an even more aggressive and effective botnet tool.
How Long Can Resources in Short Supply Last?
Smart Energy: From Fire Making to the Post-Carbon World first traces the history of mankind's discovery and use of energy. It then reviews contemporary issues such as global warming, environmental deterioration, depletion of carbon energy sources, and energy disputes. Next, it evaluates technical innovations, system change, and international cooperation. Then, it tackles how civilization will continue to evolve in light of meeting future energy needs, how Smart Energy will meet these needs, and defines the global mission. The book closes with a summary of China’s dream of Smart Energy. This chapter considers how long petroleum, coal, and other carbon-based resources can last.
Understanding the Organizational Context for a Business Impact Analysis
Conducting a business impact analysis (BIA) for an organization makes it imperative for a practitioner to understand the business and the manifold dependencies and relationships and to study the enterprise as an extended enterprise. This chapter from Practitioner's Guide to Business Impact Analysis explains the organizational context for conducing a BIA.
Microsoft Technologies Basics
This chapter from Introduction to Middleware provides an overview of some Windows technologies that you'll need to understand Microsoft middleware technologies. And what's more important, it will give you some essential background you may need later on when you actually use these Microsoft middleware technologies.
Rebecca Herold's June Privacy Professor Tips
This month's Tips cover a wide range of topics, including privacy concerns on the dark web, fake emails that look totally real, security threats from your (not so smart) used car, considering if you could lose your new home to hackers, yet another public employee under fire for personal email use, yet more surveillance considerations, as well as healthcare security and privacy news. Plus, her current list of recent publications and upcoming events.
Basic Mechanisms and Principles of Mobile Cloud Computing
This chapter from Mobile Cloud Computing: Models, Implementation, and Security introduces the development of mobile cloud computing and the key techniques, describes the nature of mobile cloud computing, identifies advantages and disadvantages, and describes basic considerations of deploying mobile cloud computing. It then introduces the main mobile techniques implemented in practice and the key features, defines wireless networking characteristics and ways of development, describes the main operating systems, and reviews the different generations of mobile devices. Finally. it introduces the mobile Internet and its characteristics, including Web services, wireless networks, and key techniques; describes the evolution of the mobile Internet, and details wireless access and prevailing standards.
How Special Interest Groups Use Social Media as a Weapon
There are hundreds of special interest groups involved in a wide variety of interests ranging from commerce, health, or art, to community development or religion. There are also groups that are involved in political and social causes. This excerpt from Social Media Warfare: Equal Weapons for All examines well-established special interest groups and the various types of special interest groups, as well as issues related to these groups: health care; guns, hate, and social media warfare; abortion debates and violent acts of extremists; environmentalists and eco-terrorists; lesbian, gay, bisexual and transsexual (LGBT) rights and social media warfare; and religious bias and discrimination in social media warfare.
Factoring Cloud Service Quality Risks
Cloud user service quality risks potentially impact service reliability, latency, availability, or overall quality delivered to cloud service users. The excerpt from Risk Thinking for Cloud-Based Application Services discusses risk capture, the differences between virtualized network function and physical network function deployments, and the ETSI Network Functions Virtualization Quality Accountability Framework.
Overview of Model-Based Testing
Model-based testing is an application of model-based design for designing and, optionally, executing artifacts to perform software testing or system testing. Tester can use models to represent the desired behavior of a System Under Test (SUT) or represent testing strategies and a test environment. This excerpt from Paul C. Jorgensen's new book, The Craft of Model-Based Testing, introduces the concepts and clarifies the vocabulary and the components of model-based testing.
Introduction to Software Self-Adaptation
Software sdaptation promotes the use of adaptors; i.e., specific computational entities guaranteeing that software components will interact in the right way not only at the signature level, but also at the behavioural, semantic and service levels. This excerpt from Software Adaptation in an Open Environment: A Software Architecture Perspective is a general introduction to the research on software self-adaptation. It introduces some new computing paradigms and methodologies emerged in open environments. Then it explains some basic concepts of self-adaptation, and the problems of self-adaptation in an open environment.
A New Profession: The Data Protection Officer
Chapter IV, Section 4 of the new General Data Protection Regulation (GDPR) creates the new professional role of and requirement for organizations to designate a formal data protection officer for the organization. This essentially creates a new profession, described in this excerpt from The Data Protection Officer: Profession, Rules, and Role, perhaps one of a number of new professions and career paths related to data protection issues and the new data protection regime.
IoT Threats Underline the Need for Modern DDoS Defense
A chilling new report from Deloitte warns that the proliferation of IoT devices in 2017 will raise the threat of Distributed Denial of Service (DDoS) attacks. The scale and nature of the evolving DDoS threat means that companies need to modernize and implement new defense strategies if they want to avoid bad outcomes. This article discusses how, in the age of DDoS, big data power is a key ingredient to modern defense.
Introduction to Onion Routing
This chapter from Anonymous Communication Networks: Protecting Privacy on the Web explains how onion routing works and the second generation Tor.
Selecting Platforms to Optimize IT Operations
A modernized IT operation that minimizes server and storage capacity, maximizes energy efficiency, improves the customer experience through higher service levels, enables your IT operation to scale cost-effectively, and helps your in-house IT team do more with less. Piece of cake, right? Read on for insight on how to make it happen in your organization.
Design of Virtual Machine Execution Engine
This chapter from Advanced Design and Implementation of Virtual Machines covers design of a VM execution engine. An execution engine is the component that performs the actual operations of the application code. Because the ultimate purpose of an application is to execute, an execution engine is usually considered the core component of a virtual machine (VM), and the other components support the execution engine. Sometimes, the design of the execution engine largely dictates the design of a VM. The two basic execution mechanisms are interpretation and compilation.
The Case for Managed Application and Infrastructure Performance
Any organization that relies on IT solutions, either to engage with their customers or keep their employees connected and productive, has a critical need for application and infrastructure performance monitoring. Now that 2017 is here, your organization should assess how it addresses application downtime from both a budget and operations perspective. Here are questions you should ask about your IT systems.
Exploring Mobile Authentication Mechanisms from Personal Identification Numbers to Biometrics
This chapter from Protecting Mobile Networks and Devices highlights the strength and the weakness of the current authentication schemes, from the simpler ones such as personal identification number to the more complex biometric systems such as fingerprints. The authors evaluate the usability of these schemes for the user based on both existing and new criteria.
An Overview of End-to-End Verifiable Voting Systems
This excerpt from Real-World Electronic Voting: Design, Analysis and Deployment provides a comprehensive high-level introduction to the field of E2E voting. In this chapter, Syed Taha Ali and Judy Murray introduce security properties of voting systems; summarize the workings of some twenty of the most influential E2E voting systems, classified into four distinct categories, as per their reliance on cryptography (cryptographic and non-cryptographic systems), ballot format (physical and electronic ballots) and mode of voting (precinct-based and remote voting); and discuss open challenges to mainstream deployment of E2E voting systems.
Watch the Cloud Computing Space in 2017 and the Way It Will Improve Business
The cloud computing space is changing andimproving by the day. From affordability to flexibility, there is endless list of reasons why more and more businesses, regardless of nature and size, are moving to the cloud. So, with current development and evolution of the cloud space in mind, let's take a look at how cloud computing can improve businesses in 2017.
Big Data Strategies for Agile Business: Beyond Hadoop and Net Promoter Scores
While both analytics and technologies are vital ingredients of big data, neither alone are likely to provide the crucial business value big data can unleash. In this webinar, Cutter Senior Consultant Bhuvan Unhelkar goes beyond descriptive and predictive analytics, beyond Hadoop/HDFS distributed data architectures, to help you focus on a strategic framework for adopting big data. His book, Big Data Strategies for Agile Business will be published in May 2017.
What Is Uncertainty in Machine Learning?
Uncertainty is a common phenomenon in machine learning, which can be found in every phase of learning, such as data preprocessing, algorithm design, and model selection. The representation, measurement, and handling of uncertainty have a significant impact on the performance of a learning system. There are four common uncertainties in machine learning. This chapter from Learning with Uncertainty introduces the first three kinds of uncertainty, briefly lists the fourth uncertainty, and gives a short discussion about the relationships among the four uncertainties.
Cognitive Hack: The New Battleground in Cybersecurity
Here's an interview with James Bone, author of "Cognitive Hack: The New Battleground in Cybersecurity - The Human Mind"(https://www.crcpress.com/9781498749817).
"Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program Cited" in Keynote Address
In a recent address, "The Future of Audit," at ACCA-Grant Thornton Future of Audit Conference Brussels, Belgium, Arnold Schilder, chairman of the International Auditing and Assurance Standards Board (IAASB), quoted from Sean Lyons' new book, Corporate Defense and the Value Preservation Imperative: Bulletproof Your Corporate Defense Program.
Security of Smart Devices: Hardware Features
Smart devices use a combination of hardware and software to combat the security challenges that the device users face today. This chapter from Security and Auditing of Smart Devices: Managing Proliferation of Confidential Data on Corporate and BYOD Devices discusses the hardware features that help secure smart devices.
The Internal Audit Charter
The Internal Audit Charter, also referred to as "terms of reference," spells out the purpose, authority, and responsibility of the internal audit function of any organization. The charter provides the framework for the conduct of the internal audit function in any organization. It also provides a basis for the appraisal of the operations of the internal audit function and acts as a formal written agreement with management about the role and responsibility of the internal audit within the organization. This chapter from Internal Audit Practice from A to Z discusses the purpose, scope, authority, and responsibility of an internal audit charter.
Today's Software Development Landscape and How It Will Change
Software testing is at a crucial cross-road today. It has changed dramatically over the last decade, and now is the time where the future is being defined. There is a lot of ambiguity today in the industry with developer-tester role mergers, and in some sense there is an identity crisis for testers. Software Testing 2020: Preparing for New Roles talks about all of these along with inputs from industry veterans, helping identify what the future beholds and how to prepare for it. This chapter from the book describes today's software development landscape.
Introduction to Behavioral Biometrics
New Directions in Behavioral Biometrics presents the concept of behavioral biometrics on the basis of some selected features like signature, keystroke dynamics, gait, and voice. This excerpt from the book provides a brief overview of behavioral biometrics.
Situational Project Management
In this video, Ginger Levin and Oliver Lehmann discuss Situational Project Management, the subject of his new book. They cover how to identify projects by type and how to manage them accordingly; the skill set required to lead projects successfully; how to use lessons learned to avoid future failed projects; how to apply life experiences to improve your ability of manage projects successfully; and how to manage a project according to the situation and the environment in which it exists.
Risk and Trust Assessment: Schemes for Cloud Services
Both risk and trust have been extensively studied in various contexts for hundreds of years. Risk management, and specifically risk assessment for IT, has also been a hot research topic for several decades. On the other hand, modeling risk and trust for cloud computing has attracted researchers only recently. This chapter from Cloud Computing Security: Foundations and Challenges provides a survey on cloud risk assessments made by various organizations, as well as risk and trust models developed for the cloud.
Benefits Realization Management
Organizations succeed by mastering the management of their strategic changes, with project, program, and portfolio management as the recognized set of processes and tools to manage such changes. However, projects still fail on a large scale. Benefits Realization Management: Strategic Value from Portfolios, Programs, and Projects presents benefits realization management as a set of practices that has been shown to increase project success rates from a strategic perspective. This introduction provides background information that explains this.
Overview of Mobile Apps and Interfaces
This chapter from Mobile Applications Development with Android: Technologies and Algorithms introduces the mobile system; mobile interface and applications in mobile system; optimization in mobile system; mobile embedded system; mobile cloud computing; big data in mobile systems; data security and privacy protection in mobile system; mobile app; and Android.
Introduction to Project Portfolio Management
This chapter from Project Portfolio Management in Theory and Practice: Thirty Case Studies from around the World looks at the definition of PPM and discusses several examples of portfolio value, balance, and strategic alignment. It then examines the effect the absence of PPM has on the organizations, including thinly spread resources, longer time-to-market, and poor quality of final products and services. Finally, it examines two research initiatives and compares them to demonstrate that although PPM has made bold strides in the last ten years, but there is a lot of work to be done.
Preservation and Management of Documents
One of the most important tasks an organization or individual will face when dealing with electronic evidence is the preservation of that data in a way that ensures the integrity and availability of the data. This chapter from Electronically Stored Information, Second Edition looks at all of the aspects of that task and discuss the tools and requirements that you should be considering.
Introduction to Machine Learning
Machine learning is a branch of artificial intelligence that aims at enabling machines to perform their jobs skillfully by using intelligent software. This excerpt from Machine Learning: Algorithms and Applications present an introduction to machine learning including the use of machine learning algorithms and present and future applications.
Introduction to Certificateless Cryptography
In this excerpt from Introduction to Certificateless Cryptography, authors Hu Xiong, Zhen Qin, and Athanasios V. Vasilakos present a brief introduction to symmetric cryptography, discuss the setting of asymmetric public key cryptography, and argue why you should care about certificateless PKC.
Corporate Defense Framework
The delivery of sustainable stakeholder value requires a subtle balance between the focus on value creation and value preservation In this video, Sean Lyons, author of Corporate Defense and the Value Preservation Imperative, explains what is required for effective corporate defense rather than the illusion of corporate defense. He presents an integrated corporate defense framework required in order to align an organization's critical corporate defense components. This multi-centric approach can help you develop a more holistic view of corporate defense.
Scala Programming Basics
This excerpt from Introduction to Programming and Problem-Solving Using Scala, Second Edition introduces the basics of the Scala programming language.
Stop Squandering Time with All Talk and No Action
True or false: If a meeting ends with no actions, you didn't really need the meeting in the first place. Nancy Settle-Murphy's vote: Mostly true. Although some meetings may be held simply to cross-pollinate information or brainstorm new ideas, the goal of most meetings is to get something concrete accomplished. A resulting list of actions is often the most reliable barometer of progress. Why then do so many meetings end up with few, if any, action items? I have some suspicions. Simply put, she thinks that many of us give up too easily, offering a variety of excuses, some of which she enumerated in this article. For every excuse, she's provided at least a couple of choices.
Storage and Database Management for Big Data
The ability to collect and analyze large amounts of data is a growing problem within enterprise of all types. es faced by big data volume, velocity, and variety. While there has been great progress in the world of database technologies in the past few years, there are still many fundamental considerations that must be made. This chapter from Big Data: Storage, Sharing, and Security aims to address many of the pressing questions faced by people interested in using storage or database technologies to solve their big data problems.
Solving the Legacy Platform Problem
Legacy platforms are a major drag on the performance and cost of IT infrastructure. They must be retired to generate the ROI expected from upgrades and new hardware purchases, but frequently they hang on for years—adding power, maintenance, and support needs as well as security risks and other complications. Reasons for legacy leftovers range from dependency on busy development teams for migration projects, to a server-by-server migration approach that fails to account for complex workloads that traverse multiple servers. This article discusses the problems created by retaining workloads or data on old infrastructure as well as strategies for putting old platforms and applications out to pasture.
Authentication is the process that deals with the establishment of identities. Claims-based authorization, at its simplest, checks the value of a claim and allows access to a resource based upon that value. A claim is a name-value pair that represents what the subject is, not what the subject can do. Clear as mud, right? Read this chapter from Enterprise Level Security for total clarity on claims-based authorization.
Instantly Improve Your Team Communications by Overturning 9 Dangerous Myths
Whether running a project team or managing a group, most team leaders assume that their communications skills are pretty decent. So when they send emails, post documents, ping people on IM, or lead team meetings, they imagine that people are ready, willing and able to hear what they have to say. Magical thinking? You bet. This article shares some common instances of wishful thinking, or irrationally optimistic assumptions, which often lead to frustration and disappointment for leaders and their teams. As a counterpoint, it provides a tips to ground that wishful thinking more in reality, resulting in communications that actually may be nothing short of magical.
The IIA defines operational auditing as "Defining, measuring, evaluating, and improving the economy, efficiency, and performance effectiveness of the organization's operations and constituent activities irrespective of function, purpose, or level within the organizational structure." The chapter from Operational Assessment of IT explains what this means and how to apply it in the context of operational assessment of ICT.
Software Quality Assurance: Defect Management
This chapter from Software Quality Assurance: Integrating Testing, Security, and Audit deals with the conceptual aspects of defect management. There are three parts in this chapter. Part 1 discusses the basic concepts of a defect and why a defect happens. Part 2 introduces the practical methodologies of how to manage the defects. In this section, some sample documents and templates are provided to manage the defect properly. Part 3 discusses and analyzes the root causes of defects and provides recommendations of how to prevent defects in the future.
Introduction to Systematic Strategic Planning
This chapter from Case Studies in Strategic Planning discusses systematic strategic planning (SSP) This is the pattern of procedures by which an organization defines its current status, opportunities, long-term goals, and the strategies for which to achieve them. SSP is based on the principles of PxD (Planning by Design). SSP consists of a framework of phases through which each project passes, a pattern of sections for straightforward planning, and the fundamentals involved in any strategic planning project.
Dissemination and Reporting of Electronically Stored Information
This chapter from the new, second edition of Electronically Stored Information discusses the reasons and the methods for sharing the data we have so carefully acquired, preserved, and managed. There are several reasons and each may engender different approaches or procedures appropriate to the specific needs of those situations. These approaches include the format in which the data are produced, the content, the timing of release, and the actual physical media and process for delivering the electronic information. It also discusses reporting protocols and suggest some ideas to ensure that the reports you create are clear and concise. Finally, it presents tips for participating in depositions or as an expert witness.
How to Stop a Cultural Collision in Its Tracks
The only way team members will be enthusiastic about collaborating is to openly talk through the cultural differences, as well as their respective organizations' values and beliefs. This will not be an easy conversation, and it won't be a short one either, given the number of differences standing in the way. Where do you start? Here are some questions to ask team members during your next team meeting to open the conversation and acknowledge the elephant in the room. Encourage examples and stories, to help the group understand what's really behind their differences. This will pave the way for your team to create its own team charter that blends the best of both cultures.
Combat Rude Behavior with Radical Civility
The ability to thrive is the best way to ward off the negative effects of bad behavior. Two related, but distinct, paths can help get you there. Thriving cognitively occurs when we focus on improving our performance, learning new things, and finding ways to propel ourselves forward. Thriving affectively means that we are healthy of body and mind, and feel energized both inside and outside of work. These tips, taken together, can help you create a kind of personal armor that can help repel the damaging effects of rude behavior.
Today's Big Trends in Robotics: The Robolution
In their surveys, McKinsey and many other analysts are promising the massive arrival of robots in our factories, our service companies, our cities, our countrysides, and our homes. Whatever the editorial stance and target audience, all of the media are talking about robotics in just about every issue or report published. Yet the reality of the robotics transformation varies depending on the country and continent, and many innovations are having a hard time carving out a significant place for themselves on the market. Everyone keeps talking over and over about the Robolution, but where does it really stand as we speak?"
Analyzing and Securing Social Networks
This chapter from Analyzing and Securing Social Networks sets the stage to discuss both social media analytics and security. It discusses various applications of social media analytics. Then it considers applying various data mining techniques for social network analysis (SNA), before discussing security and privacy aspects.
To Get People Talking, Try Asking the Right Questions
It's happened to all of us: You pose a carefully-worded question, pause and wait for someone to respond. And then you hear nothing, other than an awkward, prolonged silence. In reality, if our entreaties are met by silence, it's because we simply haven't figured out how to invite people into the conversation the right way. Here are a few guidelines from Nancy Settle-Murphy to help you coax willing participation, most of the time, from even the most reticent virtual meeting participants. (These tips also work well when you're meeting face to face.)
Tackling Tough Issues Remotely, When Your Boss Is the Problem
We hear a lot about how virtual leaders can deal effectively with workplace conflicts and performance problems. But we don't hear nearly as much about how to confront tough issues from the remote worker's point of view. And that's precisely what Sue Shellenbarger, Work and Family columnist for the Wall Street Journal, wanted to know when she contacted Nancy Settle-Murphy recently for an interview. Since Sue's questions were so insightful, Nancy has paraphrased three of them here, along with a few replies.
5G Overview: Key Technologies
There are some main expectations from the 5G network to present a better telecommunication network. To achieve these goals, the 5G network must have the several characteristics. This chapter from Opportunities in 5G Networks: A Research and Development Perspective, discusses the characteristics and requirements for the coming 5G network.
Developments and Challenges in Location Mining
Identifying the location of social media users would enable, say, law enforcement to determine where the users are if they have committed a crime. On the other hand, we may want to protect the location of innocent users. This excerpt from Analyzing and Securing Social Networks discusses the importance of location mining and provides an overview of the related efforts on this topic. It then discusses the challenges in location mining, as well as aspects of geospatial proximity and friendship.