Theoretical Cybersecurity: Principles and Advanced Concepts (理論網路安全:原則與進階概念)
Oakley, Jacob G., Butler, Michael, York, Wayne
相關主題
商品描述
There is a distinct lack of theoretical innovation in the cybersecurity industry. This is not to say that innovation is lacking, as new technologies, services, and solutions (as well as buzzwords) are emerging every day. This book will be the first cybersecurity text aimed at encouraging abstract and intellectual exploration of cybersecurity from the philosophical and speculative perspective. Technological innovation is certainly necessary, as it furthers the purveying of goods and services for cybersecurity producers in addition to securing the attack surface of cybersecurity consumers where able.
The issue is that the industry, sector, and even academia are largely technologically focused. There is not enough work done to further the trade--the craft of cybersecurity. This book frames the cause of this and other issues, and what can be done about them. Potential methods and directions are outlined regarding how the industry can evolve to embrace theoretical cybersecurity innovation as it pertains to the art, as much as to the science.
To do this, a taxonomy of the cybersecurity body of work is laid out to identify how the influences of the industry's past and present constrain future innovation. Then, cost-benefit analysis and right-sizing of cybersecurity roles and responsibilities--as well as defensible experimentation concepts--are presented as the foundation for moving beyond some of those constraining factors that limit theoretical cybersecurity innovation. Lastly, examples and case studies demonstrate future-oriented topics for cybersecurity theorization such as game theory, infinite-minded methodologies, and strategic cybersecurity implementations.
What you'll learn
- The current state of the cybersecurity sector and how it constrains theoretical innovation How to understand attacker and defender cost benefit
- The detect, prevent, and accept paradigm
- How to build your own cybersecurity box
- Supporting cybersecurity innovation through defensible experimentation
- How to implement strategic cybersecurity
- Infinite vs finite game play in cybersecurity
Who This Book Is For
This book is for both practitioners of cybersecurity and those who are required to, or choose to, employ such services, technology, or capabilities.
商品描述(中文翻譯)
在資訊安全領域中,理論創新明顯不足。這並不意味著缺乏創新,因為每天都有新的技術、服務、解決方案(以及流行語詞彙)出現。本書將是第一本旨在從哲學和推測的角度鼓勵對資訊安全進行抽象和智力探索的資訊安全教材。技術創新當然是必要的,因為它不僅促進了資訊安全生產者的商品和服務,還保護了資訊安全消費者的攻擊面。
問題在於該行業、部門甚至學術界主要關注技術。並未有足夠的工作來推動資訊安全的技藝。本書將解釋這些問題的原因以及如何解決它們。將概述行業如何發展以接納與藝術相關的理論資訊安全創新,而不僅僅是科學。
為了做到這一點,本書提出了資訊安全工作的分類法,以確定行業過去和現在的影響如何限制未來的創新。然後,本書提出成本效益分析和權衡資訊安全角色和責任的概念,作為超越限制理論資訊安全創新的因素的基礎。最後,通過示例和案例研究,展示了資訊安全理論化的未來導向主題,如博弈論、無限思維方法論和戰略資訊安全實施。
你將學到什麼:
- 資訊安全行業的現狀以及如何限制理論創新
- 如何理解攻擊者和防禦者的成本效益
- 檢測、預防和接受範式
- 如何建立自己的資訊安全框架
- 通過可辯護的實驗來支持資訊安全創新
- 如何實施戰略資訊安全
- 資訊安全中的無限對有限遊戲
本書適合資訊安全從業人員以及那些需要或選擇使用此類服務、技術或能力的人。