The Security Intelligence Handbook is your definitive guide for proactive risk reduction. This edition has been updated to include a new foreword about the unprecedented state of cyber and physical security, a sharpened focus on six critical security functions, an expanded discussion of security intelligence’s applications for specific teams, and a new conclusion that explores the results you may achieve with security intelligence.

In 2014, the world witnessed the start of a mysterious series of cyberattacks. Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes grew ever more brazen. They culminated in the summer of 2017, when the malware known as NotPetya was unleashed, penetrating, disrupting, and paralyzing some of the world's largest businesses—from drug manufacturers to software developers to shipping companies. At the attack's epicenter in Ukraine, ATMs froze. The railway and postal systems shut down. Hospitals went dark.

Before the internet became widely known as a global tool for terrorists, one perceptive US citizen recognized its ominous potential. Armed with clear evidence of computer espionage, he began a highly personal quest to expose a hidden network of spies that threatened national security. But would the authorities back him up? Cliff Stoll's dramatic firsthand account is "a computer-age detective story, instantly fascinating [and] astonishingly gripping" - Smithsonian.

In The Art of Attack: Attacker Mindset for Security Professionals, Maxie Reynolds untangles the threads of a useful, sometimes dangerous, mentality. The book shows ethical hackers, social engineers, and pentesters what an attacker mindset is and how to and how to use it to their advantage.

In Project Zero Trust: A Story About a Strategy for Aligning Security and the Business, George Finney, chief security officer at Southern Methodist University, delivers an insightful and practical discussion of Zero Trust implementation. Presented in the form of a fictional narrative involving a breach at a company, the book tracks the actions of the company's new IT security director. Listeners will learn John Kindervag's 5-Step methodology for implementing Zero Trust, the four Zero Trust design principles, and how to limit the impact of a breach.

Over the last decade, a single innovation has massively fueled digital black markets: cryptocurrency. Crime lords inhabiting lawless corners of the internet have operated more freely—whether in drug dealing, money laundering, or human trafficking—than their analog counterparts could have ever dreamed of. By transacting not in dollars or pounds but in currencies with anonymous ledgers, overseen by no government, beholden to no bankers, these black marketeers have sought to rob law enforcement of their chief method of cracking down on illicit finance: following the money.

Like it or not, your every move is being watched and analyzed. Consumers' identities are being stolen, and a person's every step is being tracked and stored. What once might have been dismissed as paranoia is now a hard truth, and privacy is a luxury few can afford or understand. In this explosive yet practical book, Kevin Mitnick illustrates what is happening without your knowledge - and he teaches you "the art of invisibility".

Clarke and Knake take us inside quantum-computing labs racing to develop cyber superweapons; bring us into the boardrooms of the many firms that have been hacked and the few that have not; and walk us through the corridors of the US intelligence community with officials working to defend America's elections from foreign malice. With a focus on solutions over scaremongering, they make a compelling case for "cyber resilience" - building systems that can resist most attacks, raising the costs on cyber criminals and the autocrats who often lurk behind them, and avoiding...overreaction.

How can we apply technology to drive business value? For years we've been told that the performance of software delivery teams doesn't matter - that it can't provide a competitive advantage to our companies. Through four years of groundbreaking research to include data collected from the State of DevOps reports conducted with Puppet, Dr. Nicole Forsgren, Jez Humble, and Gene Kim set out to find a way to measure software delivery performance - and what drives it - using rigorous statistical methods.

Thoroughly updated for the latest release of the Certified Information Systems Security Professional exam, this comprehensive resource covers all objectives in the 2021 CISSP exam developed by the International Information Systems Security Certification Consortium (ISC)2®. CISSP All-in-One Exam Guide, Ninth Edition features learning objectives at the beginning of each chapter, exam tips, practice questions, and in-depth explanations.

It’s a signal paradox of our times that we live in an information society but do not know how it works. And without understanding how our information is stored, used, and protected, we are vulnerable to having it exploited. In Fancy Bear Goes Phishing, Scott J. Shapiro draws on his popular Yale University class about hacking to expose the secrets of the digital age. With lucidity and wit, he establishes that cybercrime has less to do with defective programming than with the faulty wiring of our psyches and society.

Essential CISM has been written with a single goal in mind - to present the CISM material in a way that is easy to absorb without leaving any content behind. Plenty of examples are included to drive the points home so that when it comes time to take the CISM exam, you are ready! The book is broken down into two sections. Section 1 covers basic concepts you will need to understand before hitting each domain. The CISM official exam guide is redundant across the domains, and so in this book you will encounter each topic once instead of having to rehash the same subject in different ways.

Social Engineering: The Science of Human Hacking reveals the craftier side of the hacker's repertoire - why hack into something when you could just ask for access? Undetectable by firewalls and antivirus software, social engineering relies on human fault to gain access to sensitive spaces; in this book, renowned expert Christopher Hadnagy explains the most commonly used techniques that fool even the most robust security personnel and reveals how these techniques have been used in the past.

A straightforward look at the four domains of the ISACA Certified Information Security Manager exam. This book will help you get a firm grasp on the key topics needed for success with the exam. Included are over 120 practice questions covering the four domains of ISACA's CISM.

Scattered across the world, an elite team of code crackers is working tirelessly to thwart the defining cyber scourge of our time. You’ve probably never heard of them. But if you work for a school, a business, a hospital, or a municipal government, or simply cherish your digital data, you may be painfully familiar with the team’s sworn enemy: ransomware. Again and again, an unlikely band of misfits, mostly self-taught and often struggling to make ends meet, have outwitted the underworld of hackers who lock computer networks and demand huge payments in return for the keys.