By Sean Bodmer, Dr. Mak Kilger, Gregory Carpenter, Jeff R. Jones and Jade Jones
Reviewed by Jeimy J. Cano M., Ph.D, COBIT (F), CFE, CMAS
The art of deception has been used since ancient times to achieve objectives in the fields of battle, on the negotiating table, in disputes and in business. However, deception can also be a source of assurance to help businesses protect themselves from cyberenemies and increase their ability to respond to the unexpected.
Reverse Deception: Organized Cyber Threat Counter-Exploitation illustrates a set of strategies and models to help information security professionals develop the ability to deceive as an organizational competence, thus allowing the organization to control the responses of adversaries as far as possible and to maintain a competitive advantage over current dynamic IT threats.
This book helps to identify unseen threats and to categorize and organize each level of risk and its actions according to expert judgment. The authors describe the techniques used in this context including deception, counterdeception, behavioral profiling and emerging issues such as persistent threats. Readers may find familiar analysis scenarios and new approaches to help generate a different understanding of the current problems of protecting information and networks.
Reverse Deception: Organized Cyber Threat Counter-Exploitation provides a resource for understanding threats to ensure information security practices in organizations. The book’s unique approach helps IT auditors and information security professionals to think outside of their comfort zone and raise their thoughts and recommendations beyond current risk practice indications.
Reverse Deception: Organized Cyber Threat Counter-Exploitation is available from the ISACA Bookstore. For information, see the ISACA Bookstore Supplement in the latest issue of the ISACA Journal, visit the ISACA Bookstore online or email firstname.lastname@example.org.
Jeimy J. Cano M., Ph.D., COBIT (F), CFE, CMAS, is a distinguished professor in the law department of the Universidad de los Andes, Colombia. He has been a practitioner and researcher in information and computer security, digital evidence and computer forensics for more than 17 years in different industries. Cano is a member of the ISACA Publications Subcommittee.