This book tackles the problem of complexity within IT environments, i.e., "Cybercomplexity," which is generally recognized as a principal source of cybersecurity risk. The book first defines complexity and simplifies its analysis by assuming a probabilistic approach to security risk management. It then proposes a simple model of cybercomplexity that is based on Shannon entropy, a basic concept in information theory. The key drivers of cybercomplexity emerge from this model, where these drivers reveal the scale-dependence of cybersecurity risk and explain why macroscopic security controls are required to address cybersecurity risk on an enterprise scale. The significant operational implications of cybercomplexity are also discussed, thereby providing both a theoretical framework and a practical guide to addressing this longstanding problem in cybersecurity risk management.

Presents a genuinely risk-based characterization of cyber security risk Enables reasoning about cyber security risk from first principles A technology-agnostic approach to assessing and managing cyber security risk

Autorentext

Carl S. Young has held senior security-related positions in the US government, the financial sector, consulting, and academia. He is the author of four previous reference books on science applied to security risk management as well as numerous technical papers. He has been an adjunct professor at the John Jay College of Criminal Justice and is the co-founder of Consilience 360, a security risk consulting firm located in New York City. Mr. Young earned undergraduate and graduate degrees in mathematics and physics from the Massachusetts Institute of Technology (MIT).

Inhalt

1. Risk Fundamentals.- 2. Cyber Security Fundamentals.- 3. Cyber security criteria.- 4. Root Causes of Cyber Security Risk.- 5. IT Environment Risk Factors.- 6. Identity Uncertainty.- 7. Communicator Integrity.- 8. Exploitation of Uncertainty in Identity.- 9. Root Cause Effects and the Exploitation of IT Risk Factors; Compromises of IT Integrity.- 10. Integrity Flaws and Exploitation of Human Vulnerabilities.