Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Index

a
acceptable use policies (AUPs) 116–117, 123, 135
- designing 117
- and remote access 122

ARPANET 24
artificial intelligence (AI) 145, 217, 219
- and automation 217, 219
- definition 219
- facial recognition 214–215
- in law enforcement 214–215
- regulation 215
- and social engineering 145, 219
- use against hackers 146, 205
- use by hackers 145, 219

Atlanta, GA, ransomware attacks 3, 7–8, 31
- leadership 42, 229

Australia 50–51, 54
authentication 19, 203, 211, 213
- biometric 91, 108
- multi-factor 91, 173
- two-step 108

automation technologies 216–217
- artificial intelligence see artificial intelligence (AI)
- machine learning see machine learning (ML)

a
back-ups 40, 121, 124
- and the cloud 51
- and malware 40
- as policy 124, 135, 160

Baltimore, MD, ransomware attacks 3, 9–10, 121, 189, 229
- IT system 10
- leadership 42

bitcoin, as ransom currency 8, 9, 29, 203
Black Frog 61–62
Boston, MA 80
Breithaupt, Jim 87
bring-your-own-device (BYOD) 209–210
- benefits 209
- market 209
- policies 36, 122
- security 209–210
- trends 209

bulk electric systems 173–174
Buszta, Ken 87

c
California
- local government cybersecurity 115
- state security legislation 177, 178

Census Bureau estimates 2, 232n1
Census of Governments (2017) 2
Center for Digital Government, Digital Counties Survey 202
change (configuration) management policies (CMPs) 123–124, 160
Chicago, IL 80
chief information officers (CIOs) 4, 38, 58, 79
- as head of ITDs 88, 89, 90
- responsibility for cybersecurity 9, 10, 132, 182, 189
- surveys of 78

chief information security officers (CISO) 60, 127, 128
- confidence in security systems 72–73
- role of 38, 126, 129, 189, 190

city administrations 4, 29, 78
- mayors 4, 29

city chief information security officers (CISOs) 127, 128, 129
- see also chief information security officers (CISOs)

City of San Diego 202
cloud, the 201–203
- benefits 202
- cybersecurity 50–51, 201–203, 210
- hurdles to 202
- hybrid 203
- and local government 19, 201–202, 218
- private 202
- providers 201–202, 203
- public 202
- technology 202

Coalition of City CISOs 79–80, 195
Collier County, FL 145
Colonial Pipeline, cyberattack on 30, 203, 214
Colorado Privacy Act (CPA) 178–180, 215
Colorado state security legislation 178–180
Commission on Information Technology (COIT), San Francisco 126, 129, 131, 132
Commonwealth of Massachusetts 116
- cybersecurity policy 132–139

computer hardware 18, 19
- cybersecurity 99
- disposal of 119
- inventories 156
- obsolescence 216
- operating systems 218
- physical corruption 19
- on personal devices 18
- replacing 156
- verification 159
- vulnerability 33, 34

computing, management of 86–87
Computing Technology Industry Association 57–58
Conference of Mayors 29
Coveware 207
COVID-19 pandemic 6, 18, 31
- and teleworking 35–36
- unemployment claims 219

Criminal Justice Information Services (CJIS) 171–173
- policy areas 171–173

cryptocurrencies, as ransom currencies 8, 9, 29, 203, 207
Cuckoo’s Egg, The (1989) 19
cyberattackers, types of 31–32, 59, 70–71
- external 59
- insiders 70, 71, 144
- nation-states 5, 32, 70
- organized crime 59
- unknown 70
- see also cybercriminals

cyberattacks 1–3
- attribution 197
- case studies 7–10
- costs of 5, 8, 57, 61–62
- definitions 68
- detection 22–23, 161, 193–194
- effects of 7–8, 9
- and elections 5, 146
- forensic services 94
- frequency 1, 27–28, 68–70
- and home working 204
- and human error see human error, in cybersecurity incidents
- increase 69–70
- kits 203, 207
- motives for 32, 70, 71, 144
- by national governments 5, 32
- and negligence 8, 32
- organizational ignorance 27–28, 68–70
- perpetrators see cybercriminals
- targets 67
- types see cybersecurity attacks, types of

cybercriminals 3, 5, 203–204
- apprehension of 204
- hacking kits 203
- increase in number 203
- methods 5, 29–31, 144–145, 204
- motivation 6, 29–30, 32, 70, 71, 144, 203
- state-sanctioned 5, 28, 144, 146, 197
- targets 1, 2–3, 145

cyber-hygiene 41, 42–43, 191, 231–232
- employee 147, 193
- training 193, 230

Cyber Incident Notification Act 181
cyber insurance see cybersecurity insurance
cyber negotiation frameworks 12, 48, 53–54
cybersecurity, organizational 18–19, 37–38
- auditing 19, 94, 131, 192
- authentication see authentication
- and business environment 157
- CIA triad 20
- confidentiality 18, 19, 135
- culture 42–43, 76, 125, 231–232
- definitions 17–19
- dimensions 20
- economic modelling 54–55
- and governance 157
- and hardware see computer hardware
- and insider attacks 32
- IT departments see IT departments
- principles 18–20, 20
- responsibility for 38, 88–89, 232
- safeguards 20, 22
- and size of organization 50
- systems see cybersecurity systems
- Zero Trust approach 212–213
- see also chief information security officers (CISO), role of; cybersecurity administration

cybersecurity administration 37–41, 88
- accountability 40, 41, 147–148
- asset management 135, 138, 155, 156, 157
- budgets 37–38, 54, 58, 190–191
- centralization 38–39
- human assets 146–147
- insurance see cybersecurity insurance
- necessity for 85
- officials see cybersecurity staff
- vulnerability see vulnerabilities management

cybersecurity advocates 147
cybersecurity attacks see cyberattacks
cybersecurity attacks, types of 5–6, 28–31
- breaches 28, 68
- brutes 31
- Denial of Services (DoS) 6, 31
- and human error see human error, in cybersecurity incidents
- malware see malware
- phishing see phishing
- pretexting 145
- spam 145
- threat spectrum 33
- and Windows patch 9
- see also social engineering

cybersecurity cube 20–21, 20
Cybersecurity Enhancement Act (2014) 152
Cybersecurity Infrastructure and Security Agency (CISA) 17–18, 90, 206, 217
- assistance to local governments 195, 121
- training exercises 198

cybersecurity insurance 39–40, 58, 89–91, 196–197
- benefits 196, 197
- as best practice 197
- exemptions 196–197
- and ransomware attacks 197
- and risk management 90

cybersecurity law 167–182, 213, 228
- European Union see European Union General Data Protection Regulation (GDPR)
- federal 168–172
- Presidential Executive Orders see Presidential Executive Orders
- proposed (117th Congress) 181–182
- state 174–180

cybersecurity leadership 101–103
- commitment to improvement 75
- failures 42, 102
- see also cybersecurity malpractice
- low priority attitudes 228
- recommendations for 229

cybersecurity literature 11–12, 47–63, 86
- case studies 48
- economics-based 48, 54
- frameworks 48, 53–54
- paucity of 7, 47, 63, 85
- peer-reviewed 11–12, 47, 48
- professional 55, 56
- recommendations 50, 54–55, 92–93
- smart cities 48
- see also cybersecurity surveys

cybersecurity malpractice 8, 69, 96, 203, 230
cybersecurity partnerships 194, 195–196
cybersecurity policies, 95, 96–99, 113–139, 194
- acceptable use see acceptable use policies (AUPs)
- best practice 116, 205, 230–231
- bring-your-own-device 36, 122
- business continuity 121, 135
- centralized 113
- change management 123–124
- compliance 115, 117, 129, 131, 133, 136
- continuous improvement 125, 139, 192
- design and development 113–115
- disaster recovery 121–122, 130–131, 135
- email use 122–123
- essential 116–117
- examples 115–116, 126–139
- exceptions 58, 134–135
- implementation 115
- importance of 96
- incident handling 98, 120–121, 136
- information security see information security policies
- internet use 35, 36–37
- legal review of 115
- media and communications 123, 162
- remote access 122–123, 210
- reporting violations 134, 147
- and size of organization 114–115
- stakeholders 113–114
- templates 116
- vulnerability and patch management 124–125
- see also privacy policies, local government

cybersecurity research 7
- academic see cybersecurity literature
- methodology 48, 49, 50, 67, 68, 76–81
- see also cybersecurity surveys

cybersecurity staff 147, 205–206
- burnout 206
- gender imbalance 206
- numbers of 73–74, 190
- role 6, 188
- status 229
- vacancies 205–206
- see also chief information security officers (CISOs); IT departments

cybersecurity surveys 35, 36, 39–40, 56–59, 72, 204, 210
- annual/biennial 56, 57–59
- Caruson et al. (2012) 11, 48, 49–50
- Deloitte see Deloitte surveys
- Hatcher et al. (2020) 11, 48–49, 50, 67, 81, 89
- ICMA see ICMA surveys
- MeriTalk 202, 203
- methodology 77–81
- MacManus et al. (2012) 11, 48, 50

cybersecurity systems 1–2, 42–43, 115
- artificial intelligence 146, 206, 214–215
- attacks on see cybersecurity attacks
- automation 216–217
- back-up 40, 121, 124
- barriers to effectiveness 73–75
- complexity 5, 6
- confidence in 72–73
- costs 8, 73
- and critical infrastructure 22, 152, 215–216
- and culture 42–43
- defense in depth model see defense in depth model of cybersecurity
- designing 113–114
- and email 34, 122–123
- federal guidelines for 75
- see also NIST Cybersecurity Framework
- firewalls see firewalls
- formal/informal 68, 69
- funding 74–75, 76, 190–191, 229
- hardware see computer hardware
- and human error see human error, in cybersecurity incidents
- incident logging 68–69, 136
- insurance 8, 9
- inventories of 188
- investment in 10, 104–105, 230
- leadership buy-in see cybersecurity leadership
- literature review 47–63
- maintenance 156, 158, 160
- management see cybersecurity administration
- negligence 8
- see also cybersecurity malpractice
- NIST see NIST Cybersecurity Framework
- obsolescence 218
- officials see cybersecurity staff
- outsourcing 88–89, 90, 106, 182, 218
- see also cybersecurity partnerships
- preparedness 70–72
- priorities 57–58, 74
- research on see cybersecurity research
- responsibility for 88–89, 103
- staffing see cybersecurity staff
- third-party vendors 114, 158
- tools 91, 92, 107–108
- vulnerability see cybersecurity vulnerabilities

cybersecurity training 41, 94–95, 147–148, 193, 206
- awareness 21, 40, 94–95, 147, 159, 193, 230
- cyber-hygiene 41
- email protocols 34
- end user 94, 147, 193
- exercises 94, 198
- failures 10
- mandatory 95
- testing 193

Cybersecurity Ventures 5
cybersecurity vulnerabilities 3, 7–8, 9, 32–38
- artificial intelligence 145
- categories 33
- definitions 33
- human see human error, in cybersecurity incidents
- machine learning 145–146, 216
- management see vulnerability management
- operating systems 10, 33, 205, 209, 216, 218
- personal devices 36–37
- see also bring-your-own-device (BYOD) policies
- social engineering see social engineering
- software supply chain 218
- teleworking 35–36, 210–211
- third party 59–60, 136, 158
- Zero Day 22, 23, 30, 31

Cyberseek 205
cyberterrorists 32

d
Dallas, TX 80
data, electronic 18–19
- authentication see authentication
- availability 18, 19–20
- back-up see back-ups
- corruption 19
- definition of 18
- encryption see data encryption
- integrity 18, 19, 146, 159
- PII see personally identifiable information (PII)
- privacy see data privacy
- security see data security
- states 18, 24
- storage 19, 51, 119, 168, 215
- see also cloud, the

data encryption 19, 169, 170, 180
- and AI 214
- cloud 51
- by cybercriminals 3, 9, 28, 29, 212
- policies 117, 122, 124, 136
- VPNs 107

data integrity 18, 19, 146, 159
data privacy 51, 117, 167, 178, 215
- and IoT 208
- legislation 168, 170–171, 178–179, 180, 181, 214
- local government policies 24, 119, 167
- and tax information 179
- see also data security; password security

data protection legislation 179–180
data security 156–157, 159
- encryption see data encryption
- state legislation 178, 214

Dedrick, Jason 86
defense in depth model of cybersecurity 115, 211–212
- adaptability 212
- categories 211
- military origins 211

Deloitte surveys 89
- with NASCIO (2020) 37–38, 58–59, 89–90

departmental information security officers (DISOs) 126, 129
Department of Health and Human Services (HSS) 31
Department of Homeland Security 206
Detroit, MI 80
disaster recovery/business continuity (DRBC) policies 121–122, 130–131
disinformation campaigns 5, 31, 146
Distributed Denial of Services (DDS) attacks 6, 31
Durham, NC, cyberattack 5

e
education, K-12 level 117, 206
educational institutions 171, 206
e-government 24, 87, 215
- research on 74, 86, 87
- see also smart cities

emergency (911) systems 9, 114, 214
Emisoft 61
Endless Frontier Act 181–182
Equifax 34
Ernst and Young Global Ltd (EY) 59
European Union
- AI regulation 215
- data protection 180–181, 215

European Union General Data Protection Regulation (GDPR) 180–181, 215
- applicability to US local governments 181
- EU citizen privacy rights 180

f
facial recognition software 19, 145, 214, 215, 220
Fairfax County, VA 80
Falco, Gregory 53
Family Educational Rights and Privacy Act (FERPA, 1974) 170–171
FBI
- cybersecurity investigations 214
- information sharing 194

federal cybersecurity policies 75, 114, 168–172
Federal Information Security Modernization Act (FISMA, 2006) 170
firewalls 107, 120, 194, 211
- next generation (NGFW) 91, 92, 107
- security of 9, 120

Florida 49, 145, 205
focus groups 11, 48, 49

g
Gartner Cybersecurity 37–38, 191
Grimes, Roger 204

h
Healthcare Information Technology for Economic and Clinic Health (HITECH, 2009) 168
Health Insurance Portability and Accountability Act (HIPAA, 1996) 168, 178
home schooling 18
home working, during COVID-19 pandemic 6, 18, 35–36, 122, 204
- and cyberattacks 204
- see also teleworking

human error, in cybersecurity incidents 41, 143–146, 147–148
- accountability 147–148
- and social engineering 29, 59, 144–145

i
IBM 22, 60, 62
- Center for the Business of Government 60–61

Ibrahim, Ahmed 54
ICMA survey results
- adequateness of technology 191
- barriers to cybersecurity 37, 73
- cybersecurity awareness 101, 102, 103
- cybersecurity effectiveness 96, 98, 99–100
- cybersecurity insurance 90, 91
- cybersecurity investment 38, 104–105
- cybersecurity management 69
- cybersecurity policies 95, 96, 97–98
- cybersecurity staffing 190
- cybersecurity testing 92
- cybersecurity tools 92
- cybersecurity training 93, 94–95
- frequency of breaches 28
- frequency of cyberattacks 1, 68, 69, 70
- leadership support 102, 103–104
- local government preparedness 72, 100–101
- location of responsibility for cybersecurity 38, 88, 90, 104
- logging of attacks 68
- respondent rating 100, 101, 102
- types of cyberattackers 32, 71
- use of forensic services 94

ICMA surveys, vii–viii 59, 67–68
- compared 37, 42, 69–70, 75–76, 89, 97, 98, 103–104
- respondents 1, 68, 78, 88, 89, 94
- results see ICMA survey results
- 2016 see ICMA survey (2016)
- 2020 see ICMA survey (2020)

ICMA survey (2016) 67, 69–70, 74, 85, 91, 104–105, 143
- conclusions and recommendations 75–76, 204, 229, 230
- methodology 76–77
- response rate 67, 81
- revision 68
- survey questions 68–73, 88, 89, 90, 91–92, 94–95, 96, 100, 103, 189

ICMA survey (2020) 67, 70, 77–79, 106, 190
- conclusions and recommendations 77–78
- response rate 68
- survey questions 69, 70, 95, 97, 98, 99, 102, 103

identity and access management (IAM) policies 119, 120, 123, 159
Illinois 59
incident handling processes
- communication 162
- mitigation 162, 163
- policies 120–121, 136

information security policies 117–120
- IAM policies 119, 120, 123, 159
- traffic light protocol (TLP) 118–119, 118
- two-person rule 120
- see also data security

information sharing 194–196, 214
- see also cybersecurity partnerships

Information Sharing Analysis Centers (ISACs) 194–195
regional 195
- information technology (IT) systems 2, 17, 34, 40, 58, 99

as critical infrastructure 2, 22
data see data, electronic
and the internet see Internet of Things (IoT)
reliance on 2
- security see cybersecurity systems
- see also computing management; operating systems

Internal Revenue Service (IRS) 170
- see also tax information

International Association of Privacy Professionals (IAPP) 178
International City/County Management Association (ICMA) 67–68, 76
- survey methodology 76–81
- 2016 survey see ICMA survey (2016)
- 2020 survey see ICMA survey (2020)

internet, as computer network 18
- and government services 24
- history of 24

Internet of Things (IoT) 5–6, 51–52, 207–208
- and COVID-19 pandemic 6
- cybersecurity risks 36–37, 208
- future of 208
- and networks 18
- scale of use 6, 207–208
- security standards 52
- and smart cities 51–52

IT data see data, electronic
IT departments (ITDs) 33, 87–88
- cybersecurity budgets 191
- DISOs 126, 129
- local government 88, 123, 191
- responsibility for cybersecurity 88
- see also chief information officers (CIOs); cybersecurity staff

j
Joint Terrorism Task Forces (JTTFs) 195
JP Morgan Chase 34

k
Kansas 59
Kaseya cyberattack 28, 30, 217
Kentucky 59
Kesan, Jay P. 54
King, John Leslie 86–87
Kraemer, Kenneth 86–87
K-12 education 117, 206

l
legacy technology 216, 218–219
Li, Zhen 54–55
Liao, Qi 54–55
Lin, Herb 9
local government cybersecurity
- best practice 116, 191, 196, 197, 205, 230
- funding 74–75, 76, 190–191
- future predictions 201–220
- information sharing 194–196, 214
- IT departments see IT departments
- policies see cybersecurity policies
- research on see cybersecurity research
- responsibility for 189
- systems see cybersecurity systems
- vulnerability see cybersecurity vulnerabilities

local government officials 187, 189
- responsibility for cybersecurity 189

local governments 2–4, 6
- budgets 4, 37, 38, 54, 105, 190–191
- cities see city administrations
- compared with private sector 3–4
- and educational institutions 171
- elected/appointed officials see local government officials
- email systems 34, 122–123
- federation 39
- leadership 42, 87
- media relations 123
- number of 2
- online see e-government
- physical security 52–53, 136, 211
- policies 119–120, 123
- political decision-making 4, 8
- professionally managed 87
- as public entities 3–4
- representative organizations 116
- services 2, 3–4
- structure 4

Lookout 209
Los Angeles, CA 80

m
machine learning (ML) 219–220
- data processing 220
- deepfakes 145–146
- definition 219–220
- regulation 214
- uses 145–146, 205

Maine 215
Malaysia 52
malware 28–29
- and back-ups 40
- ransomware 7, 9, 29, 206–207
- Russian 5

McAfee 62–63
McCumber, John 20–21
media and communications policies 123, 162, 164
Memphis, TN 80
MeriTalk survey (2021) 202, 203
Merko, Mark 87
Michigan 59
Microsoft 365, 203
Mirai Botnet 6
Mondelez International 196–197
Montgomery, Mark 104
Moschovitis, Chris 32, 33
Multi-State Information Sharing and Analysis Center (MS-ISAC) 195, 214
municipal demography 2, 232n1
Municipal Research and Services Center 210

n
Naples, FL 145
Nashville, TN 80
National Conference of State Legislature (NCSL) 174
National Cybersecurity and Communications Integration Center (CCIA) 195
National Security Agency (NSA) 211
National Survey of Local Government Cybersecurity Programs (2020) 58
negotiation theory 53
NERC Critical Information Protection Standards 173–174, 175–176
networks 18, 114
- configuration 218
- and home working 6
- security management 17, 18, 33, 136
- VPNS see virtual private networks (VPNs)
- wireless 6, 18

network segmentation 218
New Orleans, cyberattack on 5
New York State Department of Financial Services (NYDFS) 197
next generation firewalls (NGFW) 91, 92, 107
NIST Cybersecurity Framework 21–23, 127, 152–156
- applications 153–154
- as assessment tool 21, 54, 153
- as best practice 191, 196, 205
- critical infrastructure sectors 22, 152, 215
- five functions see NIST framework functions
- history of 151
- and PRISM 61
- recommendations 35, 127–128
- risk management see NIST Risk Management Framework
- structure 152–153
- threat spectrum 33
- 2018 version 151–164
- vulnerabilities definition 33

NIST framework functions 21–23
- Detect 21, 22–23, 23, 127, 155, 158–159
- Identify 21–22, 23, 127, 155, 156

categories 157–158
- Protect 21, 22, 23, 127, 155, 156

categories 159–161

Recover 21, 23, 23, 127, 155, 163
- categories 163, 164

Respond 21, 23, 23, 127, 155, 162
- categories 162–163

NIST Risk Management Framework 22, 116, 128, 188
Norris, Donald F. 49, 60
North American Electrical Reliability Corporation (NERC) 173
North Dakota 59
Norton Security 41, 208
NotPetya cyberattack 197

o
Office Space (1999) 19
Oklahoma 59
Oldsmar, FL 205
operating systems 218
- obsolescence of 10, 33, 205, 209, 216, 218–219

p
password security 19, 35, 99, 120, 135, 146
- hacking 7
- system default 169

Payment Card Industry Data Security Standard 168–169
personally identifiable information (PII) 3, 50, 170–171, 178–179
- and data breaches 3, 70, 71, 144, 176
- destruction and retention 178–179
- protection 178–179

Phin, Pooni Ai 52–53
phishing 30, 204, 207, 209, 217
- and BYOD 6, 209–210
- and COVID pandemic 207
- credential harvesting 209
- identification 147
- increase in 207
- and malware 5, 188, 207
- mobile 209
- purposes 209
- reporting 147
- and social engineering 29, 145, 193, 197
- spear phishing 29, 31, 145, 188

physical security 52–53, 136, 211
Presidential Executive Orders 181, 213
- EO 13636 Obama 151, 181
- EO 13800 Trump 181
- EO 14028 Biden 181, 213

President’s Commission on Critical Infrastructure 32
PRISM model of local government 60–61, 64n1
- and NIST Cybersecurity Framework 61

privacy see data privacy
privacy policies, local government 24, 119
public policy papers 27
Public Technology Institute (PTI) 57–58

r
ransomware attacks 3, 9, 29, 207, 214
- Atlanta, GA 3, 7–8, 31
- Baltimore, MD 9–10, 121, 189
- Colonial Pipeline 203
- during COVID-19 pandemic 188
- Hall, GA 146
- literature on 61–62
- profitability 29–30, 203, 207
- recovery from 71–72, 214
- sector vulnerability 61
- surveys 57, 60
- tracking 62

Red Teaming 195–196, 198
remote access policies 122–123, 176
- and teleworking 122, 205, 210

remote working see teleworking
resilience 6, 163, 231
- planning for 23, 127, 157, 158, 160, 163, 231

response planning 163, 175, 194, 204
- effectiveness 99
- NIST recommendations 23, 160, 162, 162, 163
- see also incident handling processes

risk assessment 34, 92, 93, 128, 129
- and NIST framework 156, 157

risk management 22, 34, 53–54, 87, 93
- effectiveness 98, 99
- policies 97–99, 156, 158
- staff 127
- supply chain 158

Robbinhood ransomware 9
Robotic Process Automation (RPA) 217
Russia
- government-sponsored cyberattacks 5, 146, 197
- hackers 28
- interference in US elections 5, 146

Ryuk malware 5

s
SamSam ransomware 7
San Francisco, CA 80
- cybersecurity policy 126–131

Seattle, WA 80
security breach notification laws 176–177, 214
security information and event management (SIEM) 217
security orchestration, automation, and response (SOAR) 217
Security Scorecard 59
Shelby County, TN 144
60 Minutes documentary (CBS) 31, 208
smart cities 5–6, 48, 50–52
- security implications 51, 54–55

social engineering 29, 41, 59, 144–145
- phishing 29, 145, 193, 197
- social media 34–35
- misuse 34–35

SolarWinds data breach 28, 40, 203, 217
Sophos 212
spam 145
spear phishing 29, 31, 145, 188
state governments 59
- cyber-insurance 197
- legislation 174, 175–180
- security budgets 37–38

State and Local Government Workforce Survey (2020) 210
Statistica 5–6, 207
Stoll, Cliff 19
surveys see cybersecurity surveys
survey methodology 76–81
- sampling 77–78

t
tabletop exercises 198
tax collection 188
tax information 188
- federal 170
- IRS see Inland Revenue Service (IRS)
- local 118, 119
- security 179

Tax Information Security Guidelines 170
teleworking 35–36, 210–211
- agreements 211
- cybersecurity risks 36, 210
- see also home working

threat actors see cyberattackers
Threats-Vulnerability-Assets Worksheets 34
traffic light protocols (TLPs) 118–119, 118

v
Verizon Data Breach Investigations Reports (DBIRs) 59, 68
Virginia state security legislation 178
virtual private networks (VPNs) 91, 92, 107, 135
- encryption 107

Vitunskaite, Morta 52
vulnerabilities management 33–35, 91–93, 137
- actions 92–93, 95
- anomalies 158, 161
- back-up and restore 40
- BYOD policies 36, 122
- continuous monitoring 22, 61, 158, 161
- cyber-hygiene see cyber-hygiene
- decommissioning 144, 148n1
- exercises 94, 198
- internet usage policies 35, 36–37
- inventory of information assets 34
- passwords see password security
- risk assessment 93
- social media policies 35
- software patches 34, 99, 121, 124–125, 156, 205
- and teleworking 36
- threat identification 34
- see also cybersecurity administration; cybersecurity policies; risk management

vulnerability and patch management policies 96, 97, 98, 121, 124–125
- effectiveness 99

w
Washington Post 205–206
Wood, Charles Cresson 87

z
Zero Day vulnerability 22, 23, 30, 31
Zero Trust approach to cybersecurity 212–213
Zhang, Linfeng 54
Zurich American Insurance 197

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Index

Create new playlist

Sign In

Sign Up

Table of Contents for
Index