Book Review: Cybersecurity for Executives, Managers, and Leaders: Arcane Knowledge of the Dark Art for Superior Decision Making: The Cyber Kill Chain
Cybersecurity for Executives, Managers, and Leaders: Arcane Knowledge of the Dark Art for Superior Decision Making: The Cyber Kill Chain. By Dennis Houchin. Ad Hoc Press; http://adhocpress.com/; 89 pages; $19.95.
The term “kill chain” was long used in military circles to define the entire configuration of an attack. Like all good physical analogies, it has morphed into the digital world. “Cyber kill chain” was created in 2011 by Lockheed Martin as a method to model network attacks.
The cyber kill chain is a series of steps that can show evidence of the various stages of a cyberattack from reconnaissance to execution to data exfiltration. The kill chain helps security professionals understand how they are being attacked and can be used to better defend against attacks.
For many, the cyber kill chain is not so intuitive and can be difficult to understand. From how it works, its phases, and what to do with the information, it’s easy to get overwhelmed.
In Cybersecurity for Executives, Managers, and Leaders: Arcane Knowledge of the Dark Art for Superior Decision Making: The Cyber Kill Chain, author Dennis Houchin has written a brief and easy-to-understand guide that makes the core concepts of the cyber kill chain easily understood to the novice.
Within the pages of this book, the reader comes out with an understanding of core information security concepts and cyber kill chain concepts such as honeypots, command and control (C2), weaponization, and more.
For those managers who don’t want to get into the minutia around the cyber kill chain but need to have a basic understanding of the topic so they can make an informed strategic decision, this is a most helpful guide.
With the recent SEC directive increasing board and executive responsiveness for cybersecurity, not only is information security ignorance not bliss, but it can also cost them their jobs and subject them to significant liability. In Cybersecurity for Executives, Managers, and Leaders, they can get the understanding they need to start on their journey to ensure they don’t end up victim of a cyberattack, or possibly worse, a class action lawsuit.
Reviewer: Ben Rothke, CISSP, CISM, CISA is a New York City-based senior information security manager with Tapad. He has more than 20 years of industry experience in information systems security and privacy. His areas of expertise are in risk management and mitigation, security and privacy regulatory issues, design and implementation of systems security, encryption, cryptography, and security policy development. He wrote Computer Security—20 Things Every Employee Should Know.