Carry On. Sound Advice from Schneier on Security

01.01.2014

Englisch

9781118790816

John Wiley & Sons

Bruce Schneier

384

Gebundene Ausgabe

Introduction xv 1 The Business and Economics of Security 1 Consolidation: Plague or Progress 1 Prediction: RSA Conference Will Shrink Like a Punctured Balloon 2 How to Sell Security 4 Why People Are Willing to Take Risks 4 How to Sell Security 6 Why Do We Accept Signatures by Fax? 7 The Pros and Cons of LifeLock 9 The Problem Is Information Insecurity 12 Security ROI: Fact or Fiction? 14 The Data Imperative 15 Caveat Emptor 16 Social Networking Risks 17 Do You Know Where Your Data Are? 18 Be Careful When You Come to Put Your Trust in the Clouds 21 Is Perfect Access Control Possible? 22 News Media Strategies for Survival for Journalists 24 Security and Function Creep 26 Weighing the Risk of Hiring Hackers 27 Should Enterprises Give In to IT Consumerization at the Expense of Security? 29 The Vulnerabilities Market and the Future of Security 30 So You Want to Be a Security Expert 33 When It Comes to Security, We're Back to Feudalism 34 I Pledge Allegiance to the United States of Convenience 35 The Good, the Bad, and the Ugly 36 You Have No Control Over Security on the Feudal Internet 37 2 Crime, Terrorism, Spying, and War 41 America's Dilemma: Close Security Holes, or Exploit Them Ourselves 41 Are Photographers Really a Threat? 43 CCTV Doesn't Keep Us Safe, Yet the Cameras Are Everywhere 45 Chinese Cyberattacks: Myth or Menace? 47 How a Classic Man-in-the-Middle Attack Saved Colombian Hostages 48 How to Create the Perfect Fake Identity 51 A Fetishistic Approach to Security Is a Perverse Way to Keep Us Safe 52 The Seven Habits of Highly Ineffective Terrorists 54 Why Society Should Pay the True Costs of Security 56 Why Technology Won't Prevent Identity Theft 58 Terrorists May Use Google Earth, but Fear Is No Reason to Ban It 60 Thwarting an Internal Hacker 62 An Enterprising Criminal Has Spotted a Gap in the Market 65 We Shouldn't Poison Our Minds with Fear of Bioterrorism 66 Raising the Cost of Paperwork Errors Will Improve Accuracy 68 So-Called Cyberattack Was Overblown 70 Why Framing Your Enemies Is Now Virtually Child's Play 72 Beyond Security Theater 73 Feeling and Reality 74 Refuse to Be Terrorized 76 Cold War Encryption Is Unrealistic in Today's Trenches 77 Profiling Makes Us Less Safe 80 Fixing Intelligence Failures 81 Spy Cameras Won't Make Us Safer 82 Scanners, Sensors Are Wrong Way to Secure the Subway 84 Preventing Terrorist Attacks in Crowded Areas 86 Where Are All the Terrorist Attacks? 87 Hard to Pull Off 88 Few Terrorists 88 Small Attacks Aren't Enough 89 Worst-Case Thinking Makes Us Nuts, Not Safe 89 Threat of "Cyberwar" Has Been Hugely Hyped 92 Cyberwar and the Future of Cyber Conflict 94 Why Terror Alert Codes Never Made Sense 96 Debate Club: An International Cyberwar Treaty Is the Only Way to Stem the Threat 97 Overreaction and Overly Specific Reactions to Rare Risks 99 Militarizing Cyberspace Will Do More Harm Than Good 101 Rhetoric of Cyber War Breeds Fear--and More Cyber War 103 Attacks from China 103 GhostNet 104 Profitable 105 The Boston Marathon Bombing: Keep Calm and Carry On 105 Why FBI and CIA Didn't Connect the Dots 107 The FBI's New Wiretapping Plan Is Great News for Criminals 109 US Offensive Cyberwar Policy 112 3 Human Aspects of Security 117 Secret Questions Blow a Hole in Security 117 When You Lose a Piece of Kit, the Real Loss Is the Data It Contains 118 The Kindness of Strangers 120 Blaming the User Is Easy--But It's Better to Bypass Them Altogether 122 The Value of Self-Enforcing Protocols 123 Reputation Is Everything in IT Security 125 When to Change Passwords 127 The Big Idea: Bruce Schneier 129 High-Tech Cheats in a World of Trust 131 Detecting Cheaters 134 Lance Armstrong and the Prisoner's Dilemma of Doping in Professional Sports 137 The Doping Arms Race as Prisoner's Dilemma 138 The Ever-Evolving Problem 139 Testing and Enforcing 140 Trust and Society 141 How Secure Is the Papal Election? 143 The Court of Public Opinion 147 On Security Awareness Training 150 Our New Regimes of Trust 152 4 Privacy and Surveillance 155 The Myth of the "Transparent Society" 155 Our Data, Ourselves 157 The Future of Ephemeral Conversation 158 How to Prevent Digital Snooping 160 Architecture of Privacy 162 Privacy in the Age of Persistence 164 Should We Have an Expectation of Online Privacy? 167 Offhand but On Record 168 Google's and Facebook's Privacy Illusion 171 The Internet: Anonymous Forever 173 A Taxonomy of Social Networking Data 175 The Difficulty of Surveillance Crowdsourcing 177 The Internet Is a Surveillance State 179 Surveillance and the Internet of Things 181 Government Secrets and the Need for Whistleblowers 184 Before Prosecuting, Investigate the Government 187 5 Psychology of Security 189 The Security Mindset 189 The Difference between Feeling and Reality in Security 191 How the Human Brain Buys Security 194 Does Risk Management Make Sense? 195 How the Great Conficker Panic Hacked into Human Credulity 197 How Science Fiction Writers Can Help, or Hurt, Homeland Security 198 Privacy Salience and Social Networking Sites 201 Security, Group Size, and the Human Brain 203 People Understand Risks--But Do Security Staff Understand People? 205 Nature's Fears Extend to Online Behavior 206 6 Security and Technology 209 The Ethics of Vulnerability Research 209 I've Seen the Future, and It Has a Kill Switch 211 Software Makers Should Take Responsibility 212 Lesson from the DNS Bug: Patching Isn't Enough 214 Why Being Open about Security Makes Us All Safer in the Long Run 216 Boston Court's Meddling with "Full Disclosure" Is Unwelcome 218 Quantum Cryptography: As Awesome as It Is Pointless 220 Passwords Are Not Broken, but How We Choose Them Sure Is 222 America's Next Top Hash Function Begins 223 Tigers Use Scent, Birds Use Calls--Biometrics Are Just Animal Instinct 225 The Secret Question Is: Why Do IT Systems Use Insecure Passwords? 227 The Pros and Cons of Password Masking 229 Technology Shouldn't Give Big Brother a Head Start 231 Lockpicking and the Internet 233 The Battle Is On against Facebook and Co. to Regain Control of Our Files 235 The Difficulty of Un-Authentication 237 Is Antivirus Dead? 238 Virus and Protocol Scares Happen Every Day-- but Don't Let Them Worry You 240 The Failure of Cryptography to Secure Modern Networks 242 The Story behind the Stuxnet Virus 244 The Dangers of a Software Monoculture 247 How Changing Technology Affects Security 249 The Importance of Security Engineering 251 Technologies of Surveillance 253 When Technology Overtakes Security 255 Rethinking Security 255 7 Travel and Security 259 Crossing Borders with Laptops and PDAs 259 The TSA's Useless Photo ID Rules 261 The Two Classes of Airport Contraband 262 Fixing Airport Security 264 Laptop Security while Crossing Borders 265 Breaching the Secure Area in Airports 268 Stop the Panic on Air Security 269 A Waste of Money and Time 271 Why the TSA Can't Back Down 273 The Trouble with Airport Profiling 275 8 Security, Policy, Liberty, and Law 279 Memo to Next President: How to Get Cybersecurity Right 279 CRB Checking 281 State Data Breach Notification Laws: Have They Helped? 283 How to Ensure Police Database Accuracy 285 How Perverse Incentives Drive Bad Security Decisions 287 It's Time to Drop the "Expectation of Privacy" Test 288 Who Should Be in Charge of Cybersecurity? 291 Coordinate, but Distribute Responsibility 294 "Zero Tolerance" Really Means Zero Discretion 295 US Enables Chinese Hacking of Google 297 Should the Government Stop Outsourcing Code Development? 299 Punishing Security Breaches 300 Three Reasons to Kill the Internet Kill Switch Idea 302 Internet without Borders 302 Unpredictable Side Effects 303 Security Flaws 303 Web Snooping Is a Dangerous Move 304 The Plan to Quarantine Infected Computers 307 Close the Washington Monument 310 Whitelisting and Blacklisting 312 Securing Medical Research: a Cybersecurity Point of View 313 Fear Pays the Bills, but Accounts Must Be Settled 317 Power and the Internet 319 Danger Lurks in Growing New Internet Nationalism 321 IT for Oppression 323 The Public/Private Surveillance Partnership 325 Transparency and Accountability Don't Hurt Security-- They're Crucial to It 327 It's Smart Politics to Exaggerate Terrorist Threats 329 References 333 Index 347 11187943893ENList of Figures and Tables Preface Acknowledgments Part I Book Overview and Background Introduction Adventures in Twitter Data Discovery Contemporary Dataviz 101 Primary Objective Benefits More Important Than Ever Revenge of the Laggards: The Current State of Dataviz Book Overview Defining the Visual Organization Central Thesis of Book Cui Bono? Methodology: Story Matters Here The Quest for Knowledge and Case Studies Differentiation: A Note on Other Dataviz Texts Plan of Attack Next Notes Chapter 1: The Ascent of the Visual Organization The Rise of Big Data Open Data The Burgeoning Data Ecosystem The New Web: Semantic, Visual, and API-Driven The Arrival of the Visual Web Linked Data and a More Semantic Web The Relative Ease of Accessing Data Greater Efficiency via Clouds and Data Centers Better Data Tools Greater Organizational Transparency The Copycat Economy: Monkey See, Monkey Do Data Journalism and the Nate Silver Effect Digital Man The Arrival of the Visual Citizen Mobility The Visual Employee: A More Tech- and Data-Savvy Workforce Navigating Our Data-Driven World Next Notes Chapter 2: Transforming Data into Insights: The Tools Dataviz: Part of an Intelligent and Holistic Strategy The Tyranny of Terminology: DataViz, BI, Reporting, Analytics, and KPIs Do Visual Organizations Eschew All Tried-and-True Reporting Tools? Drawing Some Distinctions The Dataviz Fab Five Applications from Large Enterprise Software Vendors LESVs: The Case For LESVs: The Case Against Best-of-Breed Applications Cost Ease of Use and Employee Training Integration and the Big Data World Popular Open Source Tools D3.js R Others Design Firms Startups, Web Services, and Additional Resources The Final Word: One Size Doesn't Fit All Next Notes Part II Introducing The Visual Organization Chapter 3: The Quintessential Visual Organization Netflix 1.0: Upsetting the Applecart Netflix 2.0: Self-Cannibalization Dataviz: Part of a Holistic Big Data Strategy Dataviz: Imbued in the Netflix Culture Customer Insights Better Technical and Network Diagnostics Embracing the Community Lessons Next Notes Chapter 4: Dataviz in the DNA The Beginnings: Using Dataviz to Create a Compelling User Experience The Plumbing Embracing Open Source Tools Extensive Use of APIs Lessons Next Note Chapter 5: Transparency in Texas Background Early Dataviz Efforts Embracing Traditional BI Data Discovery Better Visibility into Student Life Expansion: Spreading Dataviz Throughout the System Results Lessons Next Notes Part III Getting Started: Becoming a Visual Organization Chapter 6: The Four-Level Visual Organization Framework Big Disclaimers A Simple Model Limits and Clarifications Progression Is Progression Always Linear? Can a Small Organization Best Position Itself to Reach Levels 3 and 4? If So, How? Can an Organization Start at Level 3 or 4 and Build from the Top Down? Is Intra-Level Progression Possible? Are Intra- and Inter-Level Progression Inevitable? Can Different Parts of the Organization Exist on Different Levels? Should an Organization Struggling with Levels 1 and 2 Attempt to Move to Level 3 or 4? Regression: Reversion to Lower Levels Complements, Not Substitutes Accumulated Advantage The Limits of Lower Levels Relativity and Sub-Levels Should Every Organization Aspire to Level 4? Next Chapter 7: WWVOD? Visualizing the Impact of a Reorg Visualizing Employee Movement Starting Down the Dataviz Path Results and Lessons Future A Marketing Example Next Notes Chapter 8: Building the Visual Organization Data Tips and Best Practices Data: The Primordial Soup Walk Before You Run...At Least for Now A Dataviz Is Often Just the Starting Point Visualize Both Small and Big Data Don't Forget the Metadata Look Outside of the Enterprise The Beginnings: All Data Is Not Required Visualize Good and Bad Data Enable Drill-Down Design Tips and Best Practices Begin with the End in Mind (Sort of) Subtract When Possible UX: Participation and Experimentation Are Paramount Encourage Interactivity Use Motion and Animation Carefully Use Relative--Not Absolute--Figures Technology Tips and Best Practices Where Possible, Consider Using APIs Embrace New Tools Know the Limitations of Dataviz Tools Be Open Management Tips and Best Practices Encourage Self-Service, Exploration, and Data Democracy Exhibit a Healthy Skepticism Trust the Process, Not the Result Avoid the Perils of Silos and Specialization If Possible, Visualize Seek Hybrids When Hiring Think Direction First, Precision Later Next Notes Chapter 9: The Inhibitors: Mistakes, Myths, and Challenges Mistakes Falling into the Traditional ROI Trap Always--and Blindly--Trusting a Dataviz Ignoring the Audience Developing in a Cathedral Set it and Forget it Bad Dataviz TMI Using Tiny Graphics Myths Data Visualizations Guarantee Certainty and Success Data Visualization Is Easy Data Visualizations Are Projects There Is One "Right" Visualization Excel Is Sufficient Challenges The Quarterly Visualization Mentality Data Defiance Unlearning History: Overcoming the Disappointments of Prior Tools Next Notes Part IV Conclusion and the Future of DataViz Coda: We're Just Getting Started Four Critical Data-Centric Trends Wearable Technology and the Quantified Self Machine Learning and the Internet of Things Multi-Dimensional Data The Forthcoming Battle Over Data Portability and Ownership Final Thoughts: Nothing Stops This Train Notes Afterword: My Life in Data Appendix: Supplemental Dataviz Resources Bibliography About the Author Index

235 mm

16 cm