Cyber Adversary Characterization
: This book has some great insight into quantifying the hacker threat
: Uneven in places
: A good book for taking a methodical view of their company's risk assessment.
A book about the inner workings of the hacker's mind would not be complete without mentioning the world's most famous hacker, Kevin Mitnick. This book does not disappoint in that respect. This book deals with getting inside the mind of a hacker. It a kind of "know your enemy"-type book.
It deals with all manner of hacker from the script kiddie to the so-called cyber terrorist. But more than just "this is how attacks occur and this is how to deal with them", it goes into mathematical analysis of the components of a hacker attack so the reader can weigh up the different scenarios against each other. Taking all the different components, the authors come up with a formula that can be used to give a numeric value. Of course, some of it is open to interpretation, and not everyone will agree, but it is at least a thorough attempt at quantifying the relative threats.
Another chapter (chapter eight) deals with the insider threat. Disgruntled employees can not only bring systems to a crashing halt but can also cause safety problems. One case study describes how one employee withheld a password to a control system at an oil refinery as his suspension loomed. The chapter breaks down the different traits of insider threats and steps to combat them. But most of this boils sown to increased awareness and education of different members within an organization. It also points to greater cooperation between different departments to ensure "difficult"people are not taken on as employees. It makes you wonder why some companies still take on ex-hackers.
On the whole this is a useful book and it takes a different angle from most others dealing with this subject.
However, the author rather spoils the effect by tacking on a final chapter that offers a fictional account of a hacker attack. The book doesn't need it.