4 Things The Movie Rogue One Teaches Us About Cyber Security

leisure

Rogue One: A Star Wars Story, which opens in theaters this weekend, shows how the Rebel Alliance steals architectural plans for the Death Star in order to eventually destroy it.

According to a cybersecurity expert, there are real-life lessons to learn from Empire’s downfall.

Hsinchun Chen, professor of management information systems at the University of Arizona, has spent 27 years researching cyber security and leads a project called “Hacker Web” to explore international hacker communities, including those in Russia, China, and the United States.

Chen says the theft of architectural plans isn’t just the stuff of fiction and, in fact, “probably the most obvious case for why countries hack each other is intellectual property, or IP. Deliberately stealing information about your drawings or your engineering designs or your scientific instruments, that’s all intellectual property.”

In government, he adds, this kind of theft is virtually inevitable.

“There are only two types of organizations: Those who have lost their data and know it, and those who have lost their data but don’t know it,” Chen says.

While we don’t yet know how the Rebel Alliance managed to succeed, Chen knows exactly what he would have told the Empire to avoid theft of its IP.

1. You’re only as strong as your weakest link.

Within companies, governments, and universities, all it takes is one person to allow a breach. “In a big organization with thousands of employees or more, like a government, you will be breached, and you’re only as strong as your weakest link,” Chen says.

How could the Empire rid itself of weak links? “Education and rigorous information assurance practices help,” Chen says.

2. Know their strengths—and your weaknesses.

“Unfortunately, the adversaries are getting more sophisticated and more interconnected—they’re always exchanging information,” Chen says. “You have to be very diligent in collecting information about your vulnerabilities and your adversaries.”

The Empire should have invested a significant amount of time, money, and effort to understand its enemy’s strengths and its own weaknesses.

3. Protect what matters most.

The Empire may have had masses of data, but not all data is created equal. Chen believes that dedicating your best security resources to your most valuable data—such as the plans for the Death Star—is paramount. “Protect your most important, critical assets,” he says.

4. Don’t just defend, prevent.

“Cybersecurity has changed from a very defensive mentality to a more holistic and more preventative mentality,” Chen says.

While the Empire ends up fighting to protect the Death Star (and losing), Chen recommends taking stronger preventative security measures from the start.

Source: University of Arizona

Related Books

Cybersecurity for Beginners

leisureAuthor: Raef Meeuwisse
Binding: Paperback
Studio: Cyber Simplicity Ltd
Label: Cyber Simplicity Ltd
Publisher: Cyber Simplicity Ltd
Manufacturer: Cyber Simplicity Ltd

Buy Now
Editorial Review:
This book provides an easy insight into the essentials of cybersecurity, even if you have a non-technical background. You may be a business person keen to understand this important subject area or an information security specialist looking to update your knowledge.

'The world has changed more in the past 10 years than in any 10 year period in human history... Technology is no longer a peripheral servant, it shapes our daily lives.

Companies that can use technology wisely and well are booming, companies that make bad or no technology choices collapse and disappear.

The cloud, smart devices and the ability to connect almost any object to the internet are an essential landscape to use but are also fraught with new risks and dangers of a magnitude never seen before.

ALSO featuring an alphabetical section at the back of the book to help you translate many of the main cybersecurity technical terms into plain, non-technical English.

This is the second edition of this book with updates and additional content.

If you are looking for a book on personal cybersecurity steps, try my other publication "How to Keep Your Stuff Safe Online"




Cybersecurity – Attack and Defense Strategies: Infrastructure security with Red Team and Blue Team tactics

leisureAuthor: Yuri Diogenes
Binding: Paperback
Studio: Packt Publishing
Label: Packt Publishing
Publisher: Packt Publishing
Manufacturer: Packt Publishing

Buy Now
Editorial Review:

Enhance your organization's secure posture by improving your attack and defense strategies

Key Features

  • Gain a clear understanding of the attack methods, and patterns to recognize abnormal behavior within your organization with Blue Team tactics.
  • Learn to unique techniques to gather exploitation intelligence, identify risk and demonstrate impact with Red Team and Blue Team strategies.
  • A practical guide that will give you hands-on experience to mitigate risks and prevent attackers from infiltrating your system.

Book Description

The book will start talking about the security posture before moving to Red Team tactics, where you will learn the basic syntax for the Windows and Linux tools that are commonly used to perform the necessary operations. You will also gain hands-on experience of using new Red Team techniques with powerful tools such as python and PowerShell, which will enable you to discover vulnerabilities in your system and how to exploit them. Moving on, you will learn how a system is usually compromised by adversaries, and how they hack user's identity, and the various tools used by the Red Team to find vulnerabilities in a system.

In the next section, you will learn about the defense strategies followed by the Blue Team to enhance the overall security of a system. You will also learn about an in-depth strategy to ensure that there are security controls in each network layer, and how you can carry out the recovery process of a compromised system. Finally, you will learn how to create a vulnerability management strategy and the different techniques for manual log analysis.

By the end of this book, you will be well-versed with Red Team and Blue Team techniques and will have learned the techniques used nowadays to attack and defend systems.

What you will learn

  • Learn the importance of having a solid foundation for your security posture
  • Understand the attack strategy using cyber security kill chain
  • Learn how to enhance your defense strategy by improving your security policies, hardening your network, implementing active sensors, and leveraging threat intelligence
  • Learn how to perform an incident investigation
  • Get an in-depth understanding of the recovery process
  • Understand continuous security monitoring and how to implement a vulnerability management strategy
  • Learn how to perform log analysis to identify suspicious activities

Who This Book Is For

This book aims at IT professional who want to venture the IT security domain. IT pentester, Security consultants, and ethical hackers will also find this course useful. Prior knowledge of penetration testing would be beneficial.

Table of Contents

  1. Secure Posture
  2. Incident Response Process
  3. Understanding the Cybersecurity Kill Chain
  4. Reconnaissance
  5. Compromising the system
  6. Chasing User's Identity
  7. Lateral Movement
  8. Privilege Escalation
  9. Security Policy
  10. Network segmentation
  11. Active sensors
  12. Threat Intelligence
  13. Investigating an Incident
  14. Recovery Process
  15. Vulnerability management
  16. Log Analysis




Effective Cybersecurity: A Guide to Using Best Practices and Standards

leisureAuthor: William Stallings
Binding: Paperback
Studio: Addison-Wesley Professional
Label: Addison-Wesley Professional
Publisher: Addison-Wesley Professional
Manufacturer: Addison-Wesley Professional

Buy Now
Editorial Review: The Practical, Comprehensive Guide to Applying Cybersecurity Best Practices and Standards in Real Environments

In Effective Cybersecurity, William Stallings introduces the technology, operational procedures, and management practices needed for successful cybersecurity. Stallings makes extensive use of standards and best practices documents that are often used to guide or mandate cybersecurity implementation. Going beyond these, he offers in-depth tutorials on the “how” of implementation, integrated into a unified framework and realistic plan of action.

Each chapter contains a clear technical overview, as well as a detailed discussion of action items and appropriate policies. Stallings offers many pedagogical features designed to help readers master the material: clear learning objectives, keyword lists, review questions, and QR codes linking to relevant standards documents and web resources.

Effective Cybersecurity aligns with the comprehensive Information Security Forum document “The Standard of Good Practice for Information Security,” extending ISF’s work with extensive insights from ISO, NIST, COBIT, other official standards and guidelines, and modern professional, academic, and industry literature.

• Understand the cybersecurity discipline and the role of standards and best practices
• Define security governance, assess risks, and manage strategy and tactics
• Safeguard information and privacy, and ensure GDPR compliance
• Harden systems across the system development life cycle (SDLC)
• Protect servers, virtualized systems, and storage
• Secure networks and electronic communications, from email to VoIP
• Apply the most appropriate methods for user authentication
• Mitigate security risks in supply chains and cloud environments

This knowledge is indispensable to every cybersecurity professional. Stallings presents it systematically and coherently, making it practical and actionable.





leisure
enafarzh-CNzh-TWtlfrdehiiditjamsptrues

follow InnerSelf on

google-plus-iconfacebook-icontwitter-iconrss-icon

 Get The Latest By Email

{emailcloak=off}

follow InnerSelf on

google-plus-iconfacebook-icontwitter-iconrss-icon

 Get The Latest By Email

{emailcloak=off}