Pierre-Luc Pomerleau, David Maimon

Evidence-Based Cybersecurity (eBook, PDF)

Foundations, Research, and Practice

• Format: PDF

Produktbeschreibung

The prevalence of cyber-dependent crimes and illegal activities that can only be performed using a computer, computer networks, or other forms of information communication technology has significantly increased during the last two decades in the USA and worldwide. As a result, cybersecurity scholars and practitioners have developed various tools and policies to reduce individuals' and organizations' risk of experiencing cyber-dependent crimes. However, although cybersecurity research and tools production efforts have increased substantially, very little attention has been devoted to identifying potential comprehensive interventions that consider both human and technical aspects of the local ecology within which these crimes emerge and persist. Moreover, it appears that rigorous scientific assessments of these technologies and policies "in the wild" have been dismissed in the process of encouraging innovation and marketing. Consequently, governmental organizations, public, and private companies allocate a considerable portion of their operations budgets to protecting their computer and internet infrastructures without understanding the effectiveness of various tools and policies in reducing the myriad of risks they face. Unfortunately, this practice may complicate organizational workflows and increase costs for government entities, businesses, and consumers.

The success of the evidence-based approach in improving performance in a wide range of professions (for example, medicine, policing, and education) leads us to believe that an evidence-based cybersecurity approach is critical for improving cybersecurity efforts. This book seeks to explain the foundation of the evidence-based cybersecurity approach, review its relevance in the context of existing security tools and policies, and provide concrete examples of how adopting this approach could improve cybersecurity operations and guide policymakers' decision-making process. The evidence-based cybersecurity approach explained aims to support security professionals', policymakers', and individual computer users' decision-making regarding the deployment of security policies and tools by calling for rigorous scientific investigations of the effectiveness of these policies and mechanisms in achieving their goals to protect critical assets. This book illustrates how this approach provides an ideal framework for conceptualizing an interdisciplinary problem like cybersecurity because it stresses moving beyond decision-makers' political, financial, social, and personal experience backgrounds when adopting cybersecurity tools and policies. This approach is also a model in which policy decisions are made based on scientific research findings.

---

Dieser Download kann aus rechtlichen Gründen nur mit Rechnungsadresse in A, B, BG, CY, CZ, D, DK, EW, E, FIN, F, GR, HR, H, IRL, I, LT, L, LR, M, NL, PL, P, R, S, SLO, SK ausgeliefert werden.

Produktdetails

• Verlag: Taylor & Francis eBooks
• Seitenzahl: 250
• Erscheinungstermin: 23. Juni 2022
• Englisch
• ISBN-13: 9781000600872
• Artikelnr.: 63970523

Autorenporträt

Dr. Pierre-Luc Pomerleau is a Partner at VIDOCQ. His role consists of assisting VIDOCQ'S clients in growing their business and innovating while managing their risks and protecting their assets. He does so by bringing years of experience and deep expertise in cybercrime, investigation, fraud prevention, anti-money laundering, physical security, business administration, technology, and risk management. Before joining VIDOCQ, he was Vice President at National Bank of Canada, managing the Financial Crime and Corporate Security division, including data analytics and innovation.

Dr. Pomerleau holds a Ph.D. in Business Administration with a specialization in Homeland Security from Northcentral University (USA), an MBA from the University of Sherbrooke (Canada), and a bachelor's degree in criminology from the University of Montreal (Canada). He holds various security and financial crime professional certifications such as the CPP, PSP, PCI, CFE, CAMS, CCCI & CFCI certifications. In addition to his role with VIDOCQ, Dr. Pomerleau is currently an adjunct in cybersecurity at Polytechnique Montreal. From 2020 to 2021, he was a postdoctoral researcher and a research associate in cybercrime at Georgia State University (USA). In 2020, he published his book Countering Cyber Threats to Financial Institutions; A Private and Public Partnership Approach to Critical Infrastructure. From 2015 to 2018, he was the President of the Association of Certified Fraud Examiner Montreal Chapter. In October 2016, he was awarded an honorary diploma by the University of Montreal School of Criminology for his exemplary contribution to the advancement of society.

Dr. David Maimon is an Associate Professor in the Department of Criminal Justice and Criminology at Georgia State University (GSU) and the director of the Evidence-Based Cybersecurity research group (see ebcs.gsu.edu). He received his Ph.D. in Sociology from the Ohio State University in 2009. Prior to joining GSU, Dr. Maimon held academic position in the Department of Criminology and Criminal Justice in the University of Maryland, and the Department of Sociology in the University of Miami. In 2015 he was awarded the "Young Scholar Award" from the "White-Collar Crime Research Consortium of the National White-Collar Crime Center" for his cybercrime research. Throughout his career he has raised more than $3 million to conduct Evidence-Based Cybersecurity research. Since joining GSU, Dr. Maimon has established the Evidence-Based Cybersecurity Research Group, where he and his researchers seek to produce and review multi- and interdisciplinary empirical evidence about the effectiveness of cybersecurity tools and policies. The group and its unique approach to cybersecurity education and research have been acknowledged on popular media platforms (https://edtechmagazine.com/higher/article/2020/09/training-next-generation-cyber-professionals). Moreover, the group's close relationships with cybersecurity professionals in several industries and law enforcement agencies have led to the adoption of the Evidence-Based Cybersecurity approach by several organizations. Dr. Maimon teaches the course "Intro to Evidence-Based Cybersecurity" at the undergraduate level, and "Evidence-Based Cybersecurity" at the graduate level.

Inhaltsangabe

1. The Case for an Evidence-Based Approach to Cybersecurity

2. Computers, Computers Networks, the Internet, and Cybersecurity

3. Human Behavior in Cyberspace

4. Criminological, Sociological, Psychological, Ethical and Biological Models Relevant to Cybercrime and Cybercriminals

5. Science and Cybersecurity

6. Network Security and Intrusion Detection Systems

7. The Internet of Things (IoT), Data and Website Security

8. Data Privacy, Training, and Awareness and Cybersecurity Frameworks

9. Risk and Threat Intelligence: The Effectiveness of Online Threat Intelligence in Guiding Financial Institutions' Incident Response to Online Banking Account Takeovers

10. The Future of Evidence-Based Cybersecurity

---

1. The Case for an Evidence-Based Approach to Cybersecurity
2. Computers, Computers Networks, the Internet, and Cybersecurity
3. Human Behavior in Cyberspace
4. Criminological, Sociological, Psychological, Ethical and Biological
Models Relevant to Cybercrime and Cybercriminals
5. Science and Cybersecurity
6. Network Security and Intrusion Detection Systems
7. The Internet of Things (IoT), Data and Website Security
8. Data Privacy, Training, and Awareness and Cybersecurity Frameworks
9. Risk and Threat Intelligence: The Effectiveness of Online Threat
Intelligence in Guiding Financial Institutions' Incident Response to Online
Banking Account Takeovers
10. The Future of Evidence-Based Cybersecurity

Rezensionen

"This is a tremendous resource for every security professional and organization whose goal is to improve their cybersecurity posture. The evidence-based cybersecurity approach ties the criticality of understanding human behavior with the technical aspects of cyber-crime. A true data centric treasure trove of valuable knowledge."





- Kausar Kenning, Executive Director, Cyber Security, Morgan Stanley

"Despite its technical nature, the evidence base supporting cybersecurity as a field of practice remains flimsy, at best. Some have even compared cybersecurity to "medieval witchcraft". This timely and essential book provides a much needed and comprehensive overview of the available evidence and of the knowledge gaps that persist, also charting the path ahead for a more scientific approach to the design, implementation, and evaluation of cybersecurity measures."

- Dr. Benoît Dupont, Professor of Criminology, University of Montreal, Canada, and Canada Research Chair in Cybersecurity.

"Dr. Pomerleau does a masterful job of deep diving into the realm of contemporary Cybersecurity. Beyond recounting the historical evolution of Cybersecurity, Pomerleau astutely weaves together a traditional IT risk management system approach with a multi-faceted humanistic approach (with ethical, sociological, psychological, and criminal elements) to present a comprehensive how-to guide for evidence-based Cybersecurity analysis."

- Dr. David L. Lowery, Full Professor of Homeland Security & Public Administration, Northcentral University