Cyber Security Essentials: Understanding Risk and Controls

About the Authors
Introduction

1 ­ The Scope of Cybercrime
 Computer Intrusion, or Hacking
 Spoofing and Phishing
 Business Email Compromise
 Social Engineering
 Third-Party Fraud and Identity Theft
 Intellectual Property Theft
 Ransomware
 Insider Threats
 Money Laundering and Money Mules
 Phantom Incident Extortion
 Cryptocurrency Mining
 Legacy Software
 The Internet of Things and Cybersecurity

2 Know Your Cyber-Enemy
 The Internet Is Anonymous
 The Internet Is Ubiquitous
 The Internet Is Self-Regulated
 Who Are the Cybercriminals?
 Threat Actors, Cybercriminals, and Hackers
 Surface Web, Deep Web, and Dark Web
 Cryptocurrency

3 Who Is Liable – Can A Victim Be Guilty?
 Health Insurance Portability and Accountability Act (HIPAA)
 Data Breach Notification Laws
 Within the Organization
 Duty of Care
Wire Fraud
 Debit Cards and Credit Card Accounts
 Application Fraud
 Law Enforcement and Cybercrime

4 How to Assess Risk, and Plan and Implement the Best Cybersecurity Strategy for Your Business
 Elements of Cybersecurity
 Understanding Your Risk From Cyberattacks
 Implementing a Cybersecurity Strategy
 Cybersecurity Standards

5 Principles for Managing Cybersecurity
 Cyberattack is a Business Risk
 Cybersecurity Flows from the Top Down
 Treat Cybersecurity as Part of Your Business Model
 Do Not Leave Cybersecurity Up to the IT Department
 Good Cybersecurity Requires Good Leadership
 Compliance with Standards Does Not Guarantee Security
 Any New Business Practice Presents a Cybersecurity Threat
 Monitor Shadow IT

6 Cybersecurity Best Practices
 Asset Management
 Software Management
 Continuous Vulnerability Management
 Control of Permissions and Administrative Privileges
 Secure Configuration of Software and Hardware
 Collect, Maintain, and Analyze Audit Logs
 Protect Email and Web Browsers
 Defend Against Malware
 Control the Use of Network Ports, Protocols, and Services
 Back Up Data and Software
 Organize and Protect Your Data
 Manage Wireless
 User Accounts
 Software Security and Maintenance
 Employee Security Awareness
 Build Cyber Resiliency with an Incident Response Plan

7 Cybersecurity Incident Response
 Cybersecurity Incident Response Plan
 Testing and Maintaining Your CSIRP
 Cybersecurity Insurance—How to Transfer Risk
 How to Report a Cybercrime

8 Creating a Culture of Behavioral Cybersecurity
 Technical Barriers
 Employee Education
 Behavioral Cybersecurity
 Employee Handbook
 Password Policies
 Whistleblower Hotlines

9 Cybersecurity for Small Businesses
 Identify Digital Assets and Assess Risk
 Segment Your Business and Limit Employee Access to Data and Information
 Protect Your WiFi and Your Network
 Back Up Your Data
 Install and Set Up Soft ware and Hardware Firewalls
 Secure Your Power Supply
 Set Up Web and Email Filters
 Keep Your Soft ware Updated
 Get Good Help
 Cybersecurity as a Service
 Train Your Employees: Behavioral Cybersecurity
 Develop and Incident Response Plan

10 Our Data-Driven World
 Advertising and Marketing
 Economics, Research, and Surveillance
 Data Brokers

11 How to Protect Your Private Life
 Your Personally Identifiable Information (PII)
 Your Reputation
 Social Media
 Think Before You Sync
 Protecting Your Home Network
 How Do You Know When You Have Been Hacked?
Be Proactive
 Famliar Fraud

12 Romance Scams
 Legal Consequences for Money Mules
 Fake Online Profiles
 Romance Scams as a Business

13 Protecting Yourself
 Online Dating
 Advance Fee Scams
 Nigerian Letters or “419” Fraud
 Ecommerce Fraud
 Online Shopping

14 Protecting Your Family
 Control Access to Internet Devices in Your Home
 Control Your Public Profile
 Control Your Social Media Presence
 Your Children and the Internet

Conclusion
Further Reading
Glossary
Index