JOnline: Book Review—Cyber Attacks: Protecting National Infrastructure 

Download Article

Cyber Attacks: Protecting National InfrastructureThis decade has been dominated by social networks, mobile computing and cloud computing, and in this new digital society and interconnected reality, sensitive information is often desired.

In this context, both organizations and nations have evolved their operations and have made internal and external relations a digital reality, creating greater transparency and building closer relationships with employees and citizens. The era of e-government and open and available services is making strides and is leveraged in a new generation that is based on instant, information-oriented, differentiated services and permanent connections.

Similarly, organized crime has been monitoring these changes and trends to develop new opportunities and innovative ways in which to challenge the international authorities that address the critical information infrastructure of nations, which is required to maintain operations and governance and provides services that are vital to the functioning of a country. The incapacity or destruction of such functions could generate an impact on national defense and economic security. The critical sectors (the minimum required to serve the public) are: power, production, storage and supply of oil and gas, telecommunications, banking and finance, water supply, transportation, emergency services, and government operations.

In this sense, Cyber Attacks: Protecting National Infrastructure by Edward Amoroso, senior vice president and chief security officer of AT&T, establishes a national cybersecurity methodology and a set of strategies for both organizations and nations to better understand the threats against critical infrastructures and the advances in the development of new response and control capacities against coordinated and massive attacks.

Cyber Attacks: Protecting National Infrastructure provides practical guidance on and analysis of the latest attacks, such as botnets and malicious code associated with worms, and other items such as Supervisory Control and Data Acquisition (SCADA) systems and keys within a nation’s critical infrastructure.

The publication has 11 chapters and an appendix. Chapters 2 through 11 detail the author’s 10-step protection methodology (deception, separation, diversity, consistency, depth, discretion, collection, correlation, awareness and response). The appendix provides sample requirements based on the development of the methodological steps, seeking details of a strategic and technological road map that would allow both organizations and nations to strengthen their positions in regard to the recent threats on networks and enterprise information systems.

Cyber Attacks: Protecting National Infrastructure is particularly interesting to and useful for information security and IT governance professionals because of its strategic and tactical guidance that can help refine decisions on the protection of critical infrastructure. The book also offers IT executives and business managers a scenario analysis to recognize the lessons learned on the road to achieving world-class information security practices, and shows the realities and challenges that a country or corporation face in an interconnected and always-online world.

Editor’s Note

Cyber Attacks: Protecting National Infrastructure is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in this Journal, visit, e-mail or telephone +1.847.660.5650.

Reviewed by Jeimy J. Cano M., Ph.d., CFC, CFE, CMAS, distinguished professor in the law department of the Universidad de los Andes, Colombia. Cano has been a practitioner and researcher in information and computer security and in computer forensics for more than 15 years in different industries. He is a member of ISACA’s Publications Subcommittee.

Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2012 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.