Vi hittar inte den utgåva du söker efter, kanske funkar den här lika bra?

Fighting Phishing

Everything You Can Do to Fight Social Engineering and Phishing

Häftad, Engelska, 2024

259 kr

Beställningsvara. Skickas inom 7-10 vardagar. Fri frakt för medlemmar vid köp för minst 249 kr.

Keep valuable data safe from even the most sophisticated social engineering and phishing attacks Fighting Phishing: Everything You Can Do To Fight Social Engineering and Phishing serves as the ideal defense against phishing for any reader, from large organizations to individuals. Unlike most anti-phishing books, which focus only on one or two strategies, this book discusses all the policies, education, and technical strategies that are essential to a complete phishing defense. This book gives clear instructions for deploying a great defense-in-depth strategy to defeat hackers and malware. Written by the lead data-driven defense evangelist at the world's number one anti-phishing company, KnowBe4, Inc., this guide shows you how to create an enduring, integrated cybersecurity culture. Learn what social engineering and phishing are, why they are so dangerous to your cybersecurity, and how to defend against themEducate yourself and other users on how to identify and avoid phishing scams, to stop attacks before they beginDiscover the latest tools and strategies for locking down data when phishing has taken place, and stop breaches from spreadingDevelop technology and security policies that protect your organization against the most common types of social engineering and phishingAnyone looking to defend themselves or their organization from phishing will appreciate the uncommonly comprehensive approach in Fighting Phishing.

Produktinformation

Utgivningsdatum2024-02-15
Mått152 x 229 x 28 mm
Vikt476 g
FormatHäftad
SpråkEngelska
Antal sidor448
FörlagJohn Wiley & Sons Inc
ISBN9781394249206

Tillhör följande kategorier

Media och underhållning inom Ekonomi och Ledarskap
Nätverk och kommunikation inom Data och IT
IT-säkerhet inom Data och IT

Introduction xiiiPart I Introduction to Social Engineering Security 1Chapter 1 Introduction to Social Engineering and Phishing 3What Are Social Engineering and Phishing? 3How Prevalent Are Social Engineering and Phishing? 8Chapter 2 Phishing Terminology and Examples 23Social Engineering 23Phish 24Well- Known Brands 25Top Phishing Subjects 26Stressor Statements 27Malicious Downloads 30Malware 31Bots 31Downloader 32Account Takeover 32Spam 33Spear Phishing 34Whaling 35Page Hijacking 35SEO Pharming 36Calendar Phishing 38Social Media Phishing 40Romance Scams 41Vishing 44Pretexting 46Open- Source Intelligence 47Callback Phishing 47Smishing 49Business Email Compromise 51Sextortion 53Browser Attacks 53Baiting 56QR Phishing 56Phishing Tools and Kits 57Summary 59Chapter 3 3x3 Cybersecurity Control Pillars 61The Challenge of Cybersecurity 61Compliance 62Risk Management 65Defense-In-Depth 683x3 Cybersecurity Control Pillars 70Summary 72Part II Policies 73Chapter 4 Acceptable Use and General Cybersecurity Policies 75Acceptable Use Policy (AUP) 75General Cybersecurity Policy 79Summary 88Chapter 5 Anti-Phishing Policies 89The Importance of Anti-Phishing Policies 89What to Include 90Summary 109Chapter 6 Creating a Corporate SAT Policy 111Getting Started with Your SAT Policy 112Necessary SAT Policy Components 112Example of Security Awareness Training Corporate Policy 128Acme Security Awareness Training Policy: Version 2.1 128Summary 142Part III Technical Defenses 145Chapter 7 DMARC, SPF, and DKIM 147The Core Concepts 147A US and Global Standard 149Email Addresses 151Sender Policy Framework (SPF) 159Domain Keys Identified Mail (DKIM) 165Domain- based Message Authentication, Reporting, and Conformance (DMARC) 169Configuring DMARC, SPF, and DKIM 174Putting It All Together 175DMARC Configuration Checking 176How to Verify DMARC Checks 177How to Use DMARC 179What DMARC Doesn’t Do 180Other DMARC Resources 181Summary 182Chapter 8 Network and Server Defenses 185Defining Network 186Network Isolation 187Network-Level Phishing Attacks 187Network- and Server-Level Defenses 190Summary 214Chapter 9 Endpoint Defenses 217Focusing on Endpoints 217Anti- Spam and Anti- Phishing Filters 218Anti- Malware 218Patch Management 218Browser Settings 219Browser Notifications 223Email Client Settings 225Firewalls 227Phishing- Resistant MFA 227Password Managers 228VPNs 230Prevent Unauthorized External Domain Collaboration 231DMARC 231End Users Should Not Be Logged on as Admin 232Change and Configuration Management 232Mobile Device Management 233Summary 233Chapter 10 Advanced Defenses 235AI- Based Content Filters 235Single-Sign-Ons 237Application Control Programs 237Red/Green Defenses 238Email Server Checks 242Proactive Doppelganger Searches 243Honeypots and Canaries 244Highlight New Email Addresses 246Fighting USB Attacks 247Phone- Based Testing 249Physical Penetration Testing 249Summary 250Part IV Creating a Great Security Awareness Program 251Chapter 11 Security Awareness Training Overview 253What Is Security Awareness Training? 253Goals of SAT 256Senior Management Sponsorship 260Absolutely Use Simulated Phishing Tests 260Different Types of Training 261Compliance 274Localization 274SAT Rhythm of the Business 275Reporting/Results 277Checklist 277Summary 278Chapter 12 How to Do Training Right 279Designing an Effective Security Awareness Training Program 280Building/Selecting and Reviewing Training Content 295Additional References 303Summary 304Chapter 13 Recognizing Rogue URLs 305How to Read a URL 305Most Important URL Information 313Rogue URL Tricks 315Summary 334Chapter 14 Fighting Spear Phishing 335Background 335Spear Phishing Examples 337How to Defend Against Spear Phishing 345Summary 347Chapter 15 Forensically Examining Emails 349Why Investigate? 349Why You Should Not Investigate 350How to Investigate 351Examining Emails 352Clicking on Links and Running Malware 373Submit Links and File Attachments to AV 374The Preponderance of Evidence 375A Real- World Forensic Investigation Example 376Summary 378Chapter 16 Miscellaneous Hints and Tricks 379First- Time Firing Offense 379Text- Only Email 381Memory Issues 382SAT Counselor 383Annual SAT User Conference 384Voice- Call Tests 385Credential Searches 385Dark Web Searches 386Social Engineering Penetration Tests 386Ransomware Recovery 387Patch, Patch, Patch 387CISA Cybersecurity Awareness Program 388Passkeys 388Avoid Controversial Simulated Phishing Subjects 389Practice and Teach Mindfulness 392Must Have Mindfulness Reading 393Summary 393Chapter 17 Improving Your Security Culture 395What Is a Security Culture? 396Seven Dimensions of a Security Culture 397Improving Security Culture 401Other Resources 404Summary 404Conclusion 405Acknowledgments 407About the Author 411Index 413