E-Book, Englisch, 136 Seiten
Reihe: Management for Professionals
Abolhassan Cyber Security. Simply. Make it Happen.
1. Auflage 2017
ISBN: 978-3-319-46529-6
Verlag: Springer Nature Switzerland
Format: PDF
Kopierschutz: 1 - PDF Watermark
Leveraging Digitization Through IT Security
E-Book, Englisch, 136 Seiten
Reihe: Management for Professionals
ISBN: 978-3-319-46529-6
Verlag: Springer Nature Switzerland
Format: PDF
Kopierschutz: 1 - PDF Watermark
This book provides a practical and strategic perspective on IT and cyber security for corporations and other businesses. Leading experts from industry, politics and research discuss the status quo and future prospects of corporate cyber security. They answer questions such as: How much will IT security cost? Who will provide IT security? Can security even be fun? The book claims that digitization will increasingly pervade all areas of the economy, as well as our daily professional and personal lives. It will produce speed, agility and cost efficiency, but also increasing vulnerability in the context of public, corporate and private life. Consequently, cyber security is destined to become the great facilitator of digitization, providing maximum protection for data, networks, data centres and terminal devices.
Dr. Ferri Abolhassan is a member of the T-Systems Board of Management, responsible for the IT Division and Telekom Security. From 1985 to 1988, Dr. Ferri Abolhassan completed a bachelor's degree in computer science at Saarland University in Saarbrücken, Germany. After graduating, he worked at Siemens and IBM prior to completing his doctorate in 1992. He held various senior positions at SAP and IDS Scheer, before joining T-Systems in September 2008 as Head of Systems Integration and a member of the Board of Management. In late 2010, Abolhassan took on the role of Head of Production, before becoming Director of Delivery in 2013. In January 2015, Abolhassan was appointed Director of the T-Systems IT Division, with responsibility for approximately 30,000 employees and some 6,000 customers. Moreover, to address new IT imperatives, Deutsche Telekom has created an organizational unit for security solutions, to be headed up by Abolhassan. The new business will combine all of Deutsche Telekom's security activities, and will market its cyber security offerings.
Autoren/Hrsg.
Weitere Infos & Material
1;Foreword;6
1.1;Trust Is the Basis of Digitization;6
1.1.1;Digitization Offers Great Opportunities;6
1.1.2;Data Protection and Digital Business Models Are Not in Opposition;7
1.1.3;Security Has to Be Simple;7
2;Contents;10
3;1: Security: The Real Challenge for Digitalization;15
3.1;1.1 Introduction;15
3.2;1.2 Status Quo: The Cloud Is the Backbone of Digitalization;16
3.3;1.3 Data Security: Only a Secure Cloud Will Lead to Secure Digitalization;17
3.3.1;1.3.1 Risk Transformation: It Has to Be Easy to Get into the Cloud;18
3.3.2;1.3.2 Risk of an Incident: Making Sure the Cloud Doesn´t Crash;19
3.3.3;1.3.3 Risk of Technical/Physical Attack: A Castle Wall Alone Isn´t Enough;20
3.3.4;1.3.4 Risk of a Cyberattack: Ensuring Data and Devices Aren´t Casualties;21
3.4;1.4 Looking to the Future;23
3.5;1.5 Conclusion;23
3.6;References;24
4;2: Security Policy: Rules for Cyberspace;26
4.1;2.1 Taking Stock: Digital Warfare in the 21st Century;27
4.2;2.2 Challenges for the Political Sphere: Rules, Resources and Expertise;28
4.3;2.3 Outlook: A Strategy for the Digital Age;31
4.4;References;32
5;3: Data Protection Empowerment;34
5.1;3.1 Code Is Law;35
5.2;3.2 Empowerment;36
5.3;3.3 Information Technology and Social Values;39
5.4;References;39
6;4: Red Teaming and Wargaming: How Can Management and Supervisory Board Members Become More Involved in Cybersecurity?;40
6.1;4.1 Cybersecurity: A Management Board Issue;40
6.2;4.2 Integrating the Management Board into Existing Cybersecurity Strategies;41
6.3;4.3 Red Teaming and Wargaming;41
6.3.1;4.3.1 Red Teaming Defined;42
6.3.2;4.3.2 Wargaming Defined;42
6.3.3;4.3.3 Differences Compared with Methods Currently in Use;42
6.4;4.4 Use of Red Teaming in Combination with Wargaming at Companies;43
6.4.1;4.4.1 Classification;44
6.4.2;4.4.2 Definition of a Target;44
6.4.3;4.4.3 Composition of the Teams;45
6.4.4;4.4.4 Analysis: Data Collection and Evaluation;45
6.4.5;4.4.5 Wargaming;46
6.4.6;4.4.6 Report;47
6.5;4.5 Conclusion;47
6.6;References;47
7;5: The Law and Its Contribution to IT Security: Legal Framework, Requirements, Limits;49
7.1;5.1 Key Features of the Existing Legal Framework;50
7.1.1;5.1.1 IT Compliance: A Challenge for Management Boards and Executives;50
7.1.1.1;5.1.1.1 The Cornerstone of IT Compliance: IT Security;50
7.1.1.2;5.1.1.2 Liability of the Management Board and Executives;51
7.1.2;5.1.2 Who Is Responsible?;51
7.1.2.1;5.1.2.1 Requirements for Software Manufacturers;51
7.1.2.2;5.1.2.2 Requirements for Network and Platform Operators;52
7.1.2.3;5.1.2.3 Legal Framework for Providers of IT Services;52
7.1.3;5.1.3 Regulation on Determining Critical Infrastructure;53
7.1.4;5.1.4 Controversial: Changes Affecting Telemedia Services;54
7.2;5.2 International Issues: The European Union´s Directive on Security of Network and Information Systems (NIS Directive);54
7.3;5.3 Data Protection and Data Security in the United States;55
7.4;5.4 Data Exchange Between EU and US Companies;55
7.4.1;5.4.1 Safe Harbor;56
7.4.2;5.4.2 Privacy Shield;56
7.5;5.5 Conclusion: Many Legal Issues to Consider;56
7.6;References;57
8;6: IT Security: Stronger Together;59
8.1;6.1 The Trinity of IT Security;60
8.2;6.2 CSSA - Security Through Collaboration;61
8.2.1;6.2.1 Targeted Interaction;62
8.2.2;6.2.2 Network of Trust;62
8.3;6.3 The Six Elements of an Integrated Defense Strategy;63
8.3.1;6.3.1 Prevention Is Better Than the Cure;64
8.3.2;6.3.2 Knowledge Is Power;65
8.3.3;6.3.3 IT Security Is Not an End in Itself;66
8.3.4;6.3.4 It´s Only a Matter of Time: Incident Management;67
8.3.5;6.3.5 Fitness Training: Prepare for Emergencies;68
8.3.6;6.3.6 Stronger Together;68
8.4;6.4 Conclusion;68
8.5;References;69
9;7: The German Security Market: Searching for the Complete Peace-of-Mind Service;70
9.1;7.1 Challenges for IT Security Managers;70
9.2;7.2 Choosing the Right Protection in a Fragmented Market;72
9.2.1;7.2.1 Data Leakage/Loss Prevention (DLP);72
9.2.2;7.2.2 Security Information and Event Management (SIEM);72
9.2.3;7.2.3 Email/Web/Collaboration Security;72
9.2.4;7.2.4 Endpoint Security;73
9.2.5;7.2.5 Identity and Access Management (IAM);73
9.2.6;7.2.6 Mobile Security - Are Employees Really the Biggest Risk?;74
9.2.7;7.2.7 Network Security;75
9.2.8;7.2.8 Conclusion;76
9.3;7.3 Security from a Single Source: Managed Security Services;76
9.3.1;7.3.1 Managed Service or Cloud Solution?;77
9.3.2;7.3.2 Selection Criteria;78
9.3.3;7.3.3 Assessment of Deutsche Telekom/T-Systems as a Managed Security Services Provider;78
9.3.4;7.3.4 Specialized Managed Security Services;80
10;8: CSP, not 007: Integrated Cybersecurity Skills Training;82
10.1;8.1 The New Profession of Cybersecurity Specialist: From IT Worker to IT Security Expert;82
10.2;8.2 Hands-on Experience in All-Round Security;83
10.3;8.3 Cybersecurity Expertise for Managers, too;84
10.4;8.4 Conclusion;84
10.5;Reference;85
11;9: Human Factors in IT Security;86
11.1;9.1 IT Security Is Just Not Very People-Centric;86
11.1.1;9.1.1 The Thing with Passwords;87
11.1.2;9.1.2 The ``Security versus Productivity´´ Dilemma;88
11.2;9.2 Social Engineering;88
11.3;9.3 Human ``Weaknesses´´ Are Often Social Norms or Simple Instincts;90
11.3.1;9.3.1 Would You Mind Installing This Malware on Your Computer?;90
11.3.2;9.3.2 Excuse Me, What Exactly Is Your Password?;92
11.4;9.4 Would You Please Transfer Me a Few Million?;93
11.5;9.5 Defensive Measures;94
11.5.1;9.5.1 Recognizing Social Engineering;95
11.5.2;9.5.2 The Learning Objective: Reporting Suspicious Activity;95
11.5.3;9.5.3 Practice Makes Perfect;96
11.6;9.6 Conclusion: IT Must Work for and Not against Users;97
11.7;Reference;97
12;10: Secure and Simple: Plug-and-Play Security;98
12.1;10.1 Data Security in the Danger Zone;99
12.2;10.2 Digitalization Needs New Security Concepts;102
12.3;10.3 Digital Identity Is the New Currency;103
12.4;10.4 Does Absolute Protection Exist?;104
12.5;10.5 This Is What Attack Scenarios Look Like Today;105
12.6;10.6 In Need of Improvement: Security at SMEs;106
12.7;10.7 Expensive Does Not Necessarily Mean Secure: Gaps in Security at Large Companies;107
12.8;10.8 The ``Made in Germany´´ Stamp of Quality;107
12.9;10.9 Companies Want the Cloud - But Securely;108
12.10;References;109
13;11: Cybersecurity - What's Next?;111
13.1;11.1 The Motives of Attackers Are Becoming More Malicious with Each Passing Generation;111
13.2;11.2 Cybersecurity - The Sleeping Giant in the Company;116
13.3;11.3 What Will Protect Us?;118
13.4;11.4 Conclusion;121
13.5;References;121
14;12: Conclusion;123
14.1;12.1 The Internet Has Become Ubiquitous;123
14.2;12.2 Good Internet, Bad Internet;124
14.3;12.3 Cyberhare vs. Cybertortoise;124
14.4;12.4 Simple and Secure Is the Motto;126
14.5;References;127
15;Appendix;128
15.1;Eleven Rules for a Secure Internet of Things (IoT);128
15.2;The Magenta Security Portfolio;129
15.3;Technical Literature;129
15.4;Practical Report from the Graduates;131
15.4.1;Practical Projects as the Focus of Instruction;131
15.4.2;Virtual Detective Work as Final Module Assignment;132
15.4.3;Cyber Security Professional Training for Jobs of the Future;132
16;Glossary;134
