The activities of the cyber criminal are both deliberate and hostile, and they can be compared to military operations. Many people in business understand that the insights from the classics of military strategy are as relevant to modern commerce as they are to war. It is clear that organisations need to develop a view of cyber security that goes beyond technology - all staff in the organisation have a role to play and it is the senior managers who must ensure, like generals marshalling their forces, that all staff know the cyber security policies that explain what to do when under attack. With this in mind, the authors of this book have drawn on the work of Clausewitz and Sun Tzu and applied it to the understanding of information security they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict. Building on the success of the first edition, this new edition covers the most recent developments in the threat landscape and the best practice advice available in the latest version of ISO27001:2013.

The human factor Information security is not painting by numbers. You can tick all the right boxes and acquire the latest technology, and you may fail all the same. This is because information security is ultimately a human problem, not a technical one. In the end, the threats to your information security come from human beings, not from machines. Although one problem you will face is simple human error, the major threat to your business information is from the criminal. Fight Cybercrime Cybercrime is on the move. It is in a state of constant evolution, capable of adapting both to developments in technology and to whatever security measures its targets have already put in place. It will seek out your weak points in order to exploit them for its own advantage. However, although the people who want to harm your business will try to take you by surprise, they are also bound to have weaknesses of their own. Because the activity of the cybercriminal is both deliberate and hostile, they can be compared to a military adversary. So if you want to defend yourself from cybercrime you can learn from military strategy. Leadership Fighting cybercrime is about more than bureaucracy and compliance. Your company's approach to information security has to be integrated with your overall business goals. The people at the top have to provide leadership, while the people at the bottom need to understand the company's information security policy and be able to show initiative when faced with an unexpected attack. If you want to take active steps to deter the cybercriminal, then this book is for you. It will help you plan the right strategy for defending your business from cybercrime. Strategy Business is an intensely competitive environment. This is why so many executives enjoy the insights that the classics of military strategy, such as Clausewitz and Sun Tzu, provide on how to win. The authors of this book have drawn on Clausewitz in order to interpret the detailed knowledge of information security they have built up through their extensive experience in the field. The result is expert guidance on information security, underpinned by a profound understanding of human conflict.

Implement bulletproof Cisco security the battle-tested "Hacking Exposed" way. .

Defend against the sneakiest attacks by looking at your Cisco network and devices through the eyes of the intruder. "Hacking Exposed Cisco Networks" shows you, step-by-step, how hackers target exposed systems, gain access, and pilfer compromised networks. All device-specific and network-centered security issues are covered alongside real-world examples, in-depth case studies, and detailed countermeasures. Its all here--from switch, router, firewall, wireless, and VPN vulnerabilities to Layer 2 man-in-the-middle, VLAN jumping, BGP, DoS, and DDoS attacks. Youll prevent tomorrows catastrophe by learning how new flaws in Cisco-centered networks are discovered and abused by cyber-criminals. Plus, youll get undocumented Cisco commands, security evaluation templates, and vital security tools from hackingexposedcisco.com.. . . Use the tried-and-true "Hacking Exposed" methodology to find, exploit, and plug security holes in Cisco devices and networks. Locate vulnerable Cisco networks using Google and BGP queries, wardialing, fuzzing, host fingerprinting, and portscanning. Abuse Cisco failover protocols, punch holes in firewalls, and break into VPN tunnels . Use blackbox testing to uncover data input validation errors, hidden backdoors, HTTP, and SNMP vulnerabilities. Gain network access using password and SNMP community guessing, Telnet session hijacking, and searching for open TFTP servers. Find out how IOS exploits are written and if a Cisco router can be used as an attack platform. Block determined DoS and DDoS attacks using Cisco proprietary safeguards, CAR, and NBAR. Prevent secret keys cracking, sneakydata link attacks, routing protocol exploits, and malicious physical access. . . .