Professional Documents
Culture Documents
Textbook Cognitive Hack The New Battleground in Cybersecurity The Human Mind 1St Edition Bone Ebook All Chapter PDF
Textbook Cognitive Hack The New Battleground in Cybersecurity The Human Mind 1St Edition Bone Ebook All Chapter PDF
https://textbookfull.com/product/the-embodied-mind-cognitive-
science-and-human-experience-francisco-j-varela/
https://textbookfull.com/product/the-cognitive-humanities-
embodied-mind-in-literature-and-culture-1st-edition-peter-
garratt-eds/
https://textbookfull.com/product/cognitive-neuroscience-the-
biology-of-the-mind-5th-edition-michael-gazzaniga/
https://textbookfull.com/product/the-new-reflectionism-in-
cognitive-psychology-why-reason-matters-1st-edition-gordon-
pennycook/
https://textbookfull.com/product/the-neurodynamic-soul-new-
directions-in-philosophy-and-cognitive-science-1st-edition-
gillett/
https://textbookfull.com/product/cognitive-neuroscience-5th-ed-
the-biology-of-the-mind-5th-edition-michael-s-gazzaniga/
https://textbookfull.com/product/advances-in-human-factors-in-
cybersecurity-ahfe-2020-virtual-conference-on-human-factors-in-
cybersecurity-july-16-20-2020-usa-isabella-corradini/
https://textbookfull.com/product/cultural-zoo-animals-in-the-
human-mind-and-its-sublimation-1st-edition-salman-akhtar/
Cognitive Hack
The New Battleground in
Cybersecurity… the Human Mind
Internal Audit and IT Audit
Series Editor: Dan Swanson
Cognitive Hack: The New Battleground in Internal Audit Practice from A to Z
Cybersecurity ... the Human Mind Patrick Onwura Nzechukwu
James Bone ISBN 978-1-4987-4205-4
ISBN 978-1-4987-4981-7
Leading the Internal Audit Function
The Complete Guide to Cybersecurity Lynn Fountain
Risks and Controls ISBN 978-1-4987-3042-6
Anne Kohnke, Dan Shoemaker, Mastering the Five Tiers
and Ken E. Sigler of Audit Competency:
ISBN 978-1-4987-4054-8 The Essence of Effective Auditing
Ann Butera
Corporate Defense and the Value
ISBN 978-1-4987-3849-1
Preservation Imperative:
Bulletproof Your Corporate Operational Assessment of IT
Defense Program Steve Katzman
Sean Lyons ISBN 978-1-4987-3768-5
ISBN 978-1-4987-4228-3 Operational Auditing:
Data Analytics for Internal Auditors Principles and Techniques for
Richard E. Cascarino a Changing World
Hernan Murdock
ISBN 978-1-4987-3714-2
ISBN 978-1-4987-4639-7
Ethics and the Internal Auditor’s
Practitioner’s Guide to Business Impact
Political Dilemma:
Analysis
Tools and Techniques to Evaluate Priti Sikdar
a Company’s Ethical Culture ISBN 978-1-4987-5066-0
Lynn Fountain
ISBN 978-1-4987-6780-4 Securing an IT Organization through
Governance, Risk Management,
A Guide to the National Initiative and Audit
for Cybersecurity Education (NICE) Ken E. Sigler and James L. Rainey, III
Cybersecurity Workforce ISBN 978-1-4987-3731-9
Framework (2.0)
Security and Auditing of Smart Devices:
Dan Shoemaker, Anne Kohnke,
Managing Proliferation of Confidential Data
and Ken Sigler
on Corporate and BYOD Devices
ISBN 978-1-4987-3996-2 Sajay Rai, Philip Chukwuma,
Implementing Cybersecurity: and Richard Cozart
A Guide to the National Institute ISBN 978-1-4987-3883-5
of Standards and Technology Risk Software Quality Assurance:
Management Framework Integrating Testing, Security, and Audit
Anne Kohnke, Ken Sigler, and Dan Shoemaker Abu Sayed Mahfuz
ISBN 978-1-4987-8514-3 ISBN 978-1-4987-3553-7
Cognitive Hack
The New Battleground in
Cybersecurity… the Human Mind
James Bone
CRC Press
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
This book contains information obtained from authentic and highly regarded sources. Reasonable efforts
have been made to publish reliable data and information, but the author and publisher cannot assume
responsibility for the validity of all materials or the consequences of their use. The authors and publishers
have attempted to trace the copyright holders of all material reproduced in this publication and apolo-
gize to copyright holders if permission to publish in this form has not been obtained. If any copyright
material has not been acknowledged please write and let us know so we may rectify in any future reprint.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted,
or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented,
including photocopying, microfilming, and recording, or in any information storage or retrieval system,
without written permission from the publishers.
For permission to photocopy or use material electronically from this work, please access www.copyright
.com (http://www.copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood
Drive, Danvers, MA 01923, 978-750-8400. CCC is a not-for-profit organization that provides licenses and
registration for a variety of users. For organizations that have been granted a photocopy license by the CCC,
a separate system of payment has been arranged.
Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used
only for identification and explanation without intent to infringe.
Prologue vii
Author xi
Introduction xiii
C h ap t e r 2 C o g n i t iv e B e h avi o r : A d va n c e s
i n S i t uat i o n a l A wa r e n e s s 23
C h ap t e r 3 Th e C y b e r Pa r a d o x : W h y M o r e
( o f t h e S am e ) I s L e s s 59
C h ap t e r 4 Th e R i s k o f W e i g h i n g the Th r e at
by t h e N u m b e rs 101
C h ap t e r 6 C o g n i t iv e R i s k F r am e w o r k f o r
C y b e r s e c u r i t y: R e d e s i g n i n g R i s k
M a n ag e m e n t a n d I n t e r n a l C o n t ro l s D e s i g n 133
Bounded Rationality: Executive Summary 133
The Five Pillars of a Cognitive Risk Framework 143
Intentional Controls Design 145
Cognitive Informatics Security (Security Informatics) 150
Cyber Risk Governance 152
v
vi C o n t en t s
B i b l i o g r ap h y 165
Index 173
Prologue
vii
viii P r o l o gue
* http://www.huffingtonpost.com/2014/03/11/dianne-feinstein-cia_n_4941352.html
P r o l o gue ix
xi
x ii Au t h o r
x iii
xiv In t r o d u c ti o n
* http://www.internetsociety.org/internet/what-internet/history-internet/brief-history
-internet
xvi In t r o d u c ti o n
* http://www.isoc.org/internet/history/brief.html
† http://gilc.org/privacy/survey/intro.html
In t r o d u c ti o n x vii
* http://www.informationshield.com/intprivacylaws.html
† https://en.wikipedia.org/wiki/History_of_cryptography
x viii In t r o d u c ti o n
* https://webfoundation.org/
xx In t r o d u c ti o n
The Internet that we all know and love is called the Surface Web
where we search for what we are looking for through “indexed” websites
using search engines, such as Google, Yahoo, or Bing. Indexing each
website makes them visible to the search engine’s botnets, or “crawling
technology,” which reads the content in the site.
The Deep Web is anything the search engine cannot find. Search
engines index links and key words to navigate the web. Browsers are
used to search websites. Search engines cannot find information in a
web sites’ search box unless you have permission to access the site and
use the site’s search box. Quick visits to Hotels.com or Verizon.com sites
demonstrate the point! The Deep Web is sometimes confused with the
Dark Web.
The Dark Web is classified as a small portion of the Deep Web that
has been intentionally hidden and is inaccessible through standard web
browsers. The TOR network is the most well known content site in the
Dark Web. Tor is a group of volunteer-operated servers that allow peo-
ple to improve their privacy and security on the Internet. Tor’s users
employ this network by connecting through a series of virtual tunnels
rather than making a direct connection, thus allowing both organiza-
tions and individuals to share information over public networks without
compromising their privacy. However, there are many legitimate uses
for the Dark Web including sites used by law enforcement, the mili-
tary, news reporters, sovereign governments, nonprofits and legitimate
In t r o d u c ti o n xxi
* https://brightplanet.com/2014/03/clearing-confusion-deep-web-vs-dark-web/
† https://www.torproject.org/about/sponsors.html.en
x x ii In t r o d u c ti o n
the bad players whose intention is to steal corporate and customer data
as part of a quasi-commercial enterprise. Simple descriptions fail to
explain the sophistication of technique and technology in use today
by hackers with the skill to make most security defenses a temporary
nuisance toward achieving their goals.
The question is, Will cybercrime limit the next generation of inno-
vation on the web? The utopian vision of Licklider and Berners-Lee’s
Internet is still incomplete given large portions of the world still do
not have open and unrestricted access to the World Wide Web. The
progress that has been made is being threatened as local and foreign
governments increase surveillance or attempt to control access to the
Internet and restrict foreign intervention in their home markets.
So what is the nature of cybercrime and how does vulnerability in
cyberspace threaten us?
1
C ybersecurit y
Understanding Vulnerability
1
2 C o g niti v e H ac k
* http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_exec
_summary_internet_security_threat_report_xiii_04-2008.en-us.pdf
Cy bersec urit y 3
* http://www.computerweekly.com/news/4500273520/Encrypted-traffic-security
-analysis-a-top-priority-for-2016-says-Dell-Security
† http://w w w.reuters.com/article/cybersecurity-routers-cisco-systems-upda-id
USL5N11L0VM20150915
Cy bersec urit y 5
* http://uk.reuters.com/article/us-cybersecurity-routers-cisco-systems-idUKKC
N0RF0N420150915
6 C o g niti v e H ac k
* http://www.bloomberg.com/news/articles/2016-06-23/the-right-to-be-forgotten
-and-other-cyberlaw-cases-go-to-court
Another random document with
no related content on Scribd:
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back
back