Cham, Switzerland : , : Springer, , [2022]

©2022

9783031069949

9783031069932

1 online resource (183 pages)

Advanced Sciences and Technologies for Security Applications

658.477

Computer security

Data protection

Inglese

Intro -- Foreword -- Preface -- Acknowledgements -- Introduction -- Contents -- About the Author -- Part I Security Risk Fundamentals -- 1 Core Concepts -- 1.1 Introduction -- 1.2 IT Environments Versus Threat Scenarios -- 1.3 The Components of Risk -- 1.4 Risk Factors and Risk-Relevance -- 1.5 Residual Risk -- 1.6 Risk Assessment Universality -- 1.7 Risk Calibration and Variability -- 2 Representing Cybersecurity Risk -- 2.1 Introduction -- 2.2 Linearity and Non-linearity -- 2.3 Security Risk Models -- 2.4 Security Risk Categorization -- 3 Scale and Scaling Relations -- 3.1 Introduction -- 3.2 Cybersecurity Risk and Perspective -- 3.3 Risk-Relevant Time and Distance Scales -- 3.4 Power Laws and Scaling Relations -- 3.5 The Power of Scaling Relations -- 3.6 Authentication and Scale -- 4 IT Environment Dimensions and Risk Factors -- 4.1 Introduction -- 4.2 Information Management -- 4.3 Information Technology -- 4.4 Network Users -- Part II Stochastic Security Risk Management -- 5 Security Risk Management Statistics -- 5.1 Introduction -- 5.2 IT Environment States -- 5.3 Information Content and Message Source Uncertainty -- 6 Information Entropy -- 6.1 Introduction -- 6.2 Ergodicity -- 6.3 Introduction to Information Entropy -- 6.4 Applying Information Entropy -- 6.5 Information Entropy and Security Risk Management -- Part III Enterprise Cybersecurity Risk -- 7 Complexity

and Cybercomplexity -- 7.1 Introduction -- 7.2 Security Risk Management Uncertainty -- 7.3 Uncertainty, Diversity and Complexity -- 7.4 A Cybercomplexity Scaling Relation -- 8 Cybercomplexity Metrics -- 8.1 Introduction -- 8.2 Absolute Complexity -- 8.3 Relative Complexity -- 8.4 The Density of States -- 8.5 Non-binary Security Risk Management -- 8.6 Information Entropy Calibration -- Part IV Cybercomplexity Genesis and Management -- 9 Cybercomplexity Root Causes.

9.1 Introduction -- 9.2 The Organizational Tolerance for Risk -- 9.3 Convenience-Driven Culture -- 9.4 Structural and Functional Anomalies -- 9.5 Exception-Based Processes -- 9.6 Inconsistent Identity and Access Management -- 9.7 Liberal Internet and Information Access -- 9.8 Under-Resourced IT Departments -- 10 Macroscopic Security Controls -- 10.1 Introduction -- 10.2 Security Acculturation -- 10.3 Centralized Security Governance -- 10.4 Standardization and Compression -- 10.5 Role-Based Identity and Access Management -- 10.6 Education, Training and Threat Awareness -- 10.7 Internet Intelligence -- 10.8 Data and Resource Minimization -- 11 Trust and Identity Authentication -- 11.1 Introduction -- 11.2 The Fundamentals of Trust -- 11.3 Identity Authentication Entropy and Trust -- 11.4 Correlation and Trust -- 11.5 A Stochastic Framework for Trust -- 12 Operational Implications -- 12.1 Introduction -- 12.2 Risk-Relevant Organizational Features -- 12.3 Key Operational Results -- 12.4 Operational Limits -- 12.5 The Potential for Information Compromise -- 12.6 Cybercomplexity Assessments -- Epilogue.