Social Engineering

 

 

https://sm.asisonline.org/Pages/Attacks-on-the-Record.aspxAttacks on the RecordGP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a43444652018-06-01T04:00:00Zhttps://adminsm.asisonline.org/pages/megan-gates.aspx, Megan Gates<p>​It was, in the opinion of some experts, a long overdue action. But it finally came. On March 15, 2018, the U.S. federal government issued sanctions against Russia for its interference in the 2016 U.S. elections and malicious cyberattacks on critical infrastructure.</p><p>"The administration is confronting and countering malign Russian cyber activity, including their attempted interference in U.S. elections, destructive cyberattacks, and intrusions targeting critical infrastructure," said U.S. Treasury Secretary Steven T. Mnuchin in a statement. "These targeted sanctions are a part of a broader effort to address the ongoing nefarious attacks emanating from Russia."</p><p>The sanctions targeted five entities and 19 individuals for their roles in these activities and prohibit U.S. persons from engaging in transactions with them. Mnuchin also said that the department intends to impose additional Countering America's Adversaries Through Sanctions Act (CAATSA) sanctions to hold Russian government officials and oligarchs accountable.</p><p>The economic penalties are an attempt to punish Russians for their role in various forms of cyberactivity, including the NotPetya attack, which the White House and the British government have attributed to the Russian military.</p><p>NotPetya "was the most destructive and costly cyberattack in history," Mnuchin said. "The attack resulted in billions of dollars in damage across Europe, Asia, and the United States, and significantly disrupted global shipping, trade, and the production of medicines. Additionally, several hospitals in the United States were unable to create electronic records for more than a week."</p><p>The sanctions were also in response to the efforts of Russian government cyber actors in targeting U.S. government entities and critical infrastructure—including energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors—since at least March 2016. </p><p>Nick Bilogorskiy, cybersecurity strategist at Juniper Networks, says that the United States should be "very concerned" about these attacks.</p><p>"For one, they could cause prolonged electrical outages and blackouts because our electrical grid infrastructure lacks sufficient redundancy to sustain these attacks," Bilogorskiy explains. "In the worst-case scenario, cyberattacks on nuclear power plants could cause them to explode and cost human lives."</p><p>One example of a near-worst-case scenario was the recent incident targeting Schneider's Triconex controllers at Saudi Arabia's power plants. A cyberattack hit its systems, Bilogorskiy says. It was intended to cause an explosion, but an error in the attack's computer code  caused it to fail.</p><p>To educate network defenders on how they can reduce the risk of similar malicious activity in their networks, the U.S. Department of Homeland Security (DHS) and the FBI released a joint technical alert detailing Russia's campaigns to target critical infrastructure. </p><p>"DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities' networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks," the alert said. "After obtaining access, the Russian government cyber actors conducted network reconnaissance, moved laterally, and collected information pertaining to industrial control systems (ICS)."</p><p>The alert split Russia's activity into two categories for victims: intended targets and staged targets. Russia targeted peripheral organizations, such as trusted third-party suppliers with less-secure networks, that the alert calls staging targets.</p><p>"The threat actors used the staging targets' networks as pivot points and malware repositories when targeting their final intended victims," the alert explained. DHS and the FBI "judge the ultimate objective of the actors is to compromise organizational networks, also referred to as the 'intended target.'"</p><p>Compromising these networks involved conducting reconnaissance, beginning with publicly available information on the intended targets that could be used to conduct spear phishing campaigns.</p><p>"In some cases, information posted to company websites, especially information that may appear to be innocuous, may contain operationally sensitive information," the alert said. "As an example, the threat actors downloaded a small photo from a publicly accessible human resources page. The image, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background."</p><p>After obtaining information through reconnaissance, the threat actors weaponized that information to launch spear phishing campaigns against their targets that referred to control systems or process control systems. These campaigns tended to use a contract agreement theme that included the subject "AGREEMENT & Confidential," as well as PDFs labeled "document.pdf."</p><p>"The PDF was not malicious and did not contain any active code," the alert said. "The document contained a shortened URL that, when clicked, led users to a website that prompted the user for email address and password."</p><p>The phishing emails also often referenced industrial control equipment and protocols and used malicious Microsoft Word attachments—like résumés and curricula vitae for industrial control systems personnel—to entice recipients to open them.</p><p>Additionally, the hackers used watering holes to compromise the infrastructure of trusted organizations to reach their intended targets.</p><p>"Approximately half of the known watering holes are trade publications and informational websites related to process control, ICS, or critical infrastructure," the alert said. "Although these watering holes may host legitimate content developed by reputable organizations, the threat actors altered websites to contain and reference malicious content."</p><p>The threat actors were then able to collect users' credentials that would allow them to log in to their profiles elsewhere. They also used this access to compromise victims' networks where they were not using multifactor authentication.</p><p>"To maintain persistence, the threat actors created local administrator accounts within staging targets and placed malicious files within intended targets," according to the alert.</p><p>Once the attackers had gained access to their intended targets, they used that access to infiltrate workstations and servers on corporate networks that contained data on control systems within energy generation facilities. The attackers also copied profile and configuration information for accessing ICS systems. </p><p>This method of compromise is not new and has been demonstrated in cyberattacks on the corporate sector over the past few years, says Tom Patterson, chief trust officer at Unisys.</p><p>"Just as with the Target cyber breach several years ago, they first attacked supply chain partners, which are often less protected, and then used their access to compromise the actual target company," Patterson explains.</p><p>The level of access the attackers were able to gain is concerning, Patterson adds, because it could potentially give them the ability to disrupt functions of critical infrastructure, such as providing heat in the winter. </p><p>"Since many of these ICS devices are connected to corporate networks in today's enterprise, and oftentimes they are older devices built on insecure operating systems, this gives the threat actors and their political or economic masters the ability to disrupt or destroy systems at the push of a button," Patterson says.</p><p>Brian Harrell, CPP, former operations director of the Electricity Information Sharing and Analysis Center and director of critical infrastructure protection programs at the North American Electric Reliability Corporation (NERC), agrees with Patterson that these kinds of attacks are not new.</p><p>What is new, says Harrell—now president and CSO of the Cutlass Security Group—is that the United States is choosing to acknowledge and attribute the activity, publicly, to Russia. </p><p>"While attribution is often difficult, nation-state actors like Russia likely have the most interest in compromising industrial control networks, not to necessarily take anything, but to prove they can access our systems and cause us to feel unsettled," he explains. </p><p>While the U.S. government has taken the approach to name and shame, Harrell says he thinks its unlikely that the public actions will deter Russia's behavior.</p><p>"Unfortunately, the current DHS alert, legal indictments, sanctions, or public shaming will not have any effect on Russian cyber intrusions," he adds. "However, we must continue to increase pressure until they change their behavior and become a responsible member of the international community."</p><p>In the meantime, the FBI and DHS recommend that network administrators review their IP addresses, domain names, file hashes, and other signatures that were provided in their alert. The agencies also recommended adding certain IP addresses cited in the alert to their watch lists.</p><p>"Reviewing network perimeter netflow will help determine whether a network has experienced suspicious activity," according to the alert. </p><p>The two agencies also compiled a list of 28 actions for network administrators to take in response to Russia's activity, including monitoring virtual private networks for abnormal activity, deploying Web and email filters, and segmenting critical networks and control systems from business systems and networks.</p><p>"What DHS is recommending, at the end of the day, are properly built ICS networks, monitored so organizations can detect attacks and are plugged into external threat intelligence, with incident response plans and board-level strategic roadmaps," Patterson says.</p>

Social Engineering

 

 

https://sm.asisonline.org/Pages/Attacks-on-the-Record.aspx2018-06-01T04:00:00ZAttacks on the Record
https://sm.asisonline.org/Pages/How-to-Hack-a-Human.aspx2018-01-01T05:00:00ZHow to Hack a Human
https://sm.asisonline.org/Pages/A-New-Social-World.aspx2017-12-01T05:00:00ZA New Social World
https://sm.asisonline.org/Pages/The-Internet-And-The-Future-of-Online-Trust.aspx2017-08-11T04:00:00ZThe Internet And The Future of Online Trust
https://sm.asisonline.org/Pages/DHS-Official-Says-Russia-Tried-to-Hack-21-States-in-2016-Election.aspx2017-06-21T04:00:00ZDHS Official Says Russia Tried to Hack 21 States in 2016 Election
https://sm.asisonline.org/Pages/Most-U.S.-Hospitals-Have-Not-Deployed-DMARC-To-Protect-Their-Email-Systems.aspx2017-06-16T04:00:00ZMost U.S. Hospitals Have Not Deployed DMARC To Protect Their Email Systems
https://sm.asisonline.org/Pages/Book-Review---Social-Media-Risk-and-Governance.aspx2016-11-01T04:00:00ZBook Review: Social Media Risk and Governance
https://sm.asisonline.org/Pages/Top-5-Hacks-From-Mr.-Robot.aspx2016-10-21T04:00:00ZThe Top Five Hacks From Mr. Robot—And How You Can Prevent Them
https://sm.asisonline.org/Pages/Spoofing-the-CEO.aspx2016-10-01T04:00:00ZSpoofing the CEO
https://sm.asisonline.org/Pages/Book-Review---Cybervetting.aspx2016-05-01T04:00:00ZBook Review: Cybervetting
https://sm.asisonline.org/Pages/How-to-Protect-PII.aspx2016-02-16T05:00:00ZHow to Protect PII
https://sm.asisonline.org/Pages/Smart-and-Secure.aspx2016-01-19T05:00:00ZSmart and Secure
https://sm.asisonline.org/Pages/Book-Review---Social-Crime.aspx2016-01-04T05:00:00ZBook Review: Social Crime
https://sm.asisonline.org/Pages/Book-Review---Online-Risk.aspx2015-12-01T05:00:00ZBook Review: Online Risk
https://sm.asisonline.org/Pages/La-Revolución-del-Internet-de-las-Cosas.aspx2015-11-12T05:00:00ZLa Revolución del Internet de las Cosas
https://sm.asisonline.org/Pages/The-IOT-Revolution.aspx2015-10-26T04:00:00ZThe IOT Revolution
https://sm.asisonline.org/Pages/Teach-a-Man-to-Phish.aspx2015-09-09T04:00:00ZTeach a Man to Phish
https://sm.asisonline.org/Pages/Communication-in-Crisis.aspx2015-09-01T04:00:00ZCommunication in Crisis
https://sm.asisonline.org/Pages/Ediscovery-and-the-Security-Implications-of-the-Internet-of-Things.aspx2015-04-13T04:00:00ZEdiscovery and the Security Implications of the Internet of Things
https://sm.asisonline.org/Pages/The-New-Recruits.aspx2015-04-01T04:00:00ZThe New Recruits

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Book-Review-Insider-Threats.aspxBook Review: Insider Threats<p>​Cornell University Press; cornellpress.cornell.edu; 216 pages; $89.95.</p><p>A collection of essays and case studies that originated in two workshops sponsored by the Global Nuclear Future Project of the American Academy of Arts and Sciences in 2011 and 2014, <em>Insider Threats</em> focuses on protecting the nuclear industry—but its lessons apply across many sectors.</p><p>The case studies are fascinating. A chapter devoted to the Fort Hood terrorist attack shows how changes in mission and procedures allowed information about the perpetrator to slip through the cracks. Instead of capturing warning signals, the systems scattered them. </p><p>Similar lessons were learned from the post–9/11 anthrax attacks in the United States. The author says that the suspect gained access to anthrax through “a complicated mix of evolving regulations, organizational culture, red flags ignored, and happenstance.”  </p><p>A real strength of this book is its root-cause analysis approach. Blame is rarely laid at the feet of incompetent people, but assigned to other factors like the unintended consequences of organizational design and known psychological tendencies. </p><p>The last chapter brings together all the lessons learned and cites 10 worst practices. For example, number seven is: “forget that insiders may know about security measures and how to work around them.” This chapter will be the most valuable to security practitioners because it offers a roadmap towards building an insider threat mitigation plan.</p><p><em>Insider Threats </em>is well-written, even literary. Its chief lesson: organizations are rarely designed to catch the insider, and much work needs to be done to protect them.</p><p><strong><em>Reviewer: Ross Johnson, CPP</em></strong><em>, is the senior manager of security and contingency planning for Capital Power, and infrastructure advisor for Awz Ventures. He previously worked as the security supervisor for an offshore oil drilling company in the Gulf of Mexico and overseas. Johnson is the author of Antiterrorism and Threat Response: Planning and Implementation.</em></p>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/A-Professional-Path.aspxA Professional Path<p>​Until recently, security has been considered a trade, with practitioners fighting for proper standing in the institutions they protect. But the industry is now at a crossroads.</p><p>Before us lie two paths. One is a continuation of the status quo. We may continue to glide down this road, but it is not a self-determined path. It has been chosen for us because we have not clearly defined security’s role. Given this failure to self-define, security has traditionally been defined by others by the task it performs, such as information security, investigations, physical security, or executive protection. This type of definition diminishes the value of the security function; our role is more than just our allocated tasks.</p><p>The second road is one of self-determination and opportunity. It offers a chance for the industry to advance from a trade to a fully respected profession. On this road, we can take control of the dialogue, shape the conversation surrounding our field, and make our own way forward. As an industry—with ASIS taking the lead—we can keep advancing until security is considered a profession.</p><p>How can we advance on this second road? First we need a clear definition of the role of security in the private sector. We also need a core base of knowledge that supports our understanding of that role, which can be taught—not only to college students, but to transitioning personnel coming into our industry and to our hiring managers. There also needs to be an established expectation that practitioners will share this knowledge of security’s role and the core competencies associated with it. </p><p>ASIS International has already started defining this role through the concept of enterprise security risk management (ESRM). With its embrace of ESRM, ASIS has positioned our industry to travel down the road of opportunity and self-determination, with ESRM as the guiding principle to help chart our course.  </p><p>Not everyone in the industry is ready for this journey, however. For some who may have heard of the concept but still find it vague, questions remain. Primarily: What exactly is ESRM and why is it needed?</p><h4>What is ESRM?</h4><p>At its core, ESRM is the practice of managing a security program through the use of risk principles. It’s a philosophy of management that can be applied to any area of security and any task that is performed by security, such as physical, cyber, information, and investigations. </p><p>The practice of ESRM is guided by long-standing internationally established risk management principles. These principles consist of fundamental concepts: What’s the asset? What’s the risk? How should you mitigate that risk? How should you respond if a risk becomes realized? What is your process for recovering from an event if a breach happens? Collectively, these principles form a thoughtful paradigm that guides the risk management thought process.</p><p>When pursued, these questions elicit valuable information, and they can be asked of every security-related task. For instance, investigations, forensics, and crisis management are all different security functions, but when they are discussed within the ESRM framework they are simply different types of incident response. </p><p>Similarly, every function of physical and information security, such as password and access management, encryption, and CCTV, is simply considered a mitigation effort within the ESRM paradigm. These may seem to be merely semantic differences, but they are important nuances. When we define these functions within the ESRM paradigm, we also start to define the role we play in the overall enterprise.</p><p>ESRM elevates the level at which the role of security management is defined. Instead of defining this role at task level, it defines the role at the higher, overarching level of risk management.  </p><p>By raising the level of security’s role, ESRM brings it closer to the C-suite, where executives are considering much more than individual tasks. And by defining the role through risk principles, it better positions the security function within the business world at large. Business executives in all fields understand risk; they make risk decisions every day. Using ESRM principles to guide our practice solidifies our place within the language of business while also defining the role we play within the business.</p><p>For example, consider a company with a warehouse and a server. In the warehouse, security is protecting widgets and in the server, security is protecting data. Under the common risk principles, we ask: What are the risks to the widgets and data?  How would we protect against those risks? Who owns the widgets, and who owns the data? </p><p>We may decide to put access control and alarms on the warehouse or a password and encryption on the data. In both instances, we’re protecting against intrusion. The goal is the same—protection. For each task, the skill set is different, just like skill sets differ in any other aspect of security: investigations, disaster response, information technology. But the risk paradigm is the same for each.</p><h4>Why We Need It</h4><p>We need ESRM to move beyond the tasks that security managers and their teams are assigned. For instance, if you manage physical security, your team is the physical security team. If you do investigations, you are an investigator. If you manage information security, your team is the information security team. </p><p>But these tasks merely define the scope of responsibility. Our roles are broader than our assigned tasks. Our responsibilities should be viewed not as standalone tasks, but as related components within our roles as security risk managers.   </p><p>Having a clear, consistent, self-defined role provides significant benefits. First, it preempts others from defining our role for us in a way that fails to adequately capture and communicate our value. </p><p>Second, it helps better position ourselves in the C-suite. C-level executives often struggle with what security managers do, and where to align us. This is often reflected in the frustrations expressed in some of our own conversations about needing a proverbial seat at the table. In one sense, this exclusion may seem justified: if we can’t define our role beyond describing our tasks, why would upper management charge us with higher-level leadership and strategy?</p><p>Third, it provides guidance to our industry. Greater use of ESRM will provide an always-maturing common base of knowledge, with consistent terms of use and clear expectations for success.  </p><p>This benefits not only practitioners in our industry, but also all other executives who may need to interact with the security practice or work with the security manager. This can be especially valuable during times of change, such as when a security manager switches companies or industries, or when new executives come into the security manager’s firm.</p><p>In those situations, security managers often feel that they are continually educating others on what they do. But this endless starting over process wouldn’t be necessary if there were a common understanding of what security’s role is, beyond the scope of its responsibilities.​</p><h4>Why Now?</h4><p>This industry at large has talked about ESRM for at least the last 10 years. But as relevant as the topic was a few years ago, the present moment is the right moment for ESRM because security risks now have the potential to become more disruptive to business than in the past.  </p><p>There are several reasons for this. The use of technology in the current economy has allowed businesses to centralize operations and practices. While this consolidation may have increased efficiency, it has also made those centralized operations more susceptible to disruption. When operations were more geographically dispersed, vulnerabilities were more spread out. Now, the concentrated risks may have a more serious negative impact to the business. </p><p>We are also moving beyond traditional information security and the protection of digitalized data. Now, cybersecurity risks pose threats of greater business disruption. For example, the threats within the cyber landscape to the Internet of Things (IoT) have the potential to cause more harm to businesses compared with the negative effects they suffered in the past due to loss of information.</p><p>Many executives understand the significance of these risks, and they are looking for answers beyond the typical siloed approach to security, in which physical security and information security are separately pursued. They realize that the rising cyber risks, in tandem with the increasing centralization of business operations, have caused a gap in security that needs to be closed. </p><p>Boards are also becoming more engaged, which means that senior management must also become engaged, and someone will have to step in and fill that gap. That could be a chief risk officer, a board-level committee, an internal audit unit…or security. Hopefully, it will be the latter, but to step up and meet this challenge, security professionals must be able to consistently define their role beyond simply defining their tasks. ​</p><h4>Making the Transition</h4><p>What we need is a roadmap toward professionalization.  </p><p>ASIS is leading the effort of defining security’s role through ESRM. At ASIS 2017 in Dallas, you will hear more conversation around ESRM as well as more maturity and consistency in that conversation.  As the leading security management professional organization, ASIS is best positioned to guide us through the roadmap from a trade to a profession. </p><p>The ASIS Board of Directors has made ESRM an essential component of its core mission. It has started incorporating ESRM principles into its strategic roadmap, which means that ASIS is starting to operationalize this philosophy—a critical step in building out this roadmap. Other steps will be needed; it is essential that volunteers, both seasoned and new to the field, embrace this shift towards professionalization for it to gain traction.</p><p>This transition will not occur with the flip of a switch. It will take dedication to challenge our own notions of how we perceive what we do, the language we use to communicate to our business partners, and our approach toward executing our functions.  It will take time and comprehensive reflection, and the ability to recognize when we don’t get it right. We may not be totally wrong either, but thoroughness in developing consistency is critical.</p><p>There are some core foundational elements that need to be in place for this ESRM transition to be successful. First, there needs to be a consistent base of knowledge for our industry to work from: a common lexicon and understanding of security’s role that is understood by practitioners and the business representatives we work with. </p><p>We also need both a top-down and bottom-up approach. New security practitioners entering the industry from business or academia, or transitioning from law enforcement or the military, need a comprehensive understanding of risk management principles and how a risk paradigm drives the security management thought process. There should be an expectation that these foundational skill sets are in place when someone enters the security field. Working from a common base of knowledge, these ESRM concepts should be incorporated into the security management curriculum, consistently established in every security certification, and inherent in job descriptions and hiring expectations at every level.  </p><p>We also need to build expectations regarding what security’s role is, and how it goes beyond its assigned tasks, from the top-down—among executives, boards, hiring managers, and business partners. A clear and common understanding of security’s role will make it easier to define success and the skill sets that are needed to be successful. Organizations like ASIS will assist in providing the wherewithal to support these leaders. </p><p>If we truly are security risk managers, then there must be an expectation of foundational and comprehensive risk skill sets when hiring decisions are made. There could be educational opportunities through ASIS, through global partnerships with universities, and through publications coordinated with organizations that reach the C-suite, such as the Conference Board of the National Association of Corporate Directors.</p><p>Clearly academia needs to play a role as well. College students interested in entering this dynamic industry will come in more prepared to assist security leaders and businesses with a solid knowledge base of security risk management fundamentals. And once a rigorous ESRM body of knowledge is established, ASIS has the clout, expertise, and standing to provide a certification for academic institutions that meet concepts in their curriculum, which would will provide for a more consistent understanding of security’s role.</p><p>ASIS has established ESRM as a global strategic priority and has formed an ESRM Commission to drive and implement this strategy. One of the commission’s first steps is developing a toolkit comprising a primer and a maturity model.</p><h4>Benefits to ASIS Members</h4><p>There is a question I ask of every can­didate I interview: “Tell me about a time when you’ve been frustrated in this industry.” </p><p>Every answer comes down to one of two issues. One, we do not know and cannot clearly define our role. Two, our business partners cannot clearly define our role. Both of these frustrations are manageable, and both are our fault as an industry for not establishing clarity.  This leads to strained relationships with our business partners in how we are perceived and how likely our expert guidance is to be accepted.</p><p>Having a clearly defined security role through ESRM helps build a foundation for a more satisfying career in the security industry. It would provide us with proper standing in our enterprises, and better positioning for us to have a seat at the table for the right reasons, ones that executives understand and can support.</p><p>For the practitioner, a consistent security program through ESRM provides a framework to bring together security mitigation tasks under one proper umbrella: physical, investigations, cyber, information, business continuity, brand protection, and more. </p><p>The human resources industry has professionalized over the last decade or so. We see this through their standing within business, their seat at the table, and their upgrades in title and pay. Now, with the rise in threats and potential business disrupters, our industry has an opportunity. Business leaders and boards are looking for answers.  We have the necessary skill sets and a dedicated and supportive professional association in ASIS to take the lead.</p><p>We are at a crossroads.  It is time to choose the path of self-determination, take control of this conversation, and make the transition from trade to profession.</p><p><em>Brian J. Allen, Esq., CPP, is the former Chief Security Officer for Time Warner Cable, a former member of the ASIS Board of Directors, and a current member of the ASIS ESRM Commission. ​</em><br></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Book-Review---Cybervetting.aspxBook Review: Cybervetting<p>​<span style="line-height:1.5em;">CRC Press. Crcpress.com. 322 pages. $79.95.</span></p><p>In today’s world where Big Data has become much more than a buzzword, security leaders may need a guide to navigate the information available to them. In the second edition of his book, <em>Cybervetting: Internet Searches for Vetting, Investigations, and Open-Source Intelligence</em>, Edward J. Appel provides that guidance. </p><p>Appel brings an impressive pedigree to his work. Since retiring from the FBI where he specialized in counterintelligence and terrorism, he has held executive roles in corporate security and operated his own investigation firm. In this book, he provides a thoughtful tour of the Internet and explains how it can benefit today’s professional investigator. The tour culminates with a guide to the groundwork that a reader needs to build a Web-based intelligence program, including resources, pitfalls, and search methods.</p><p>If there is any criticism, it is that readers may find descriptions of concepts such as the Internet, blogs, and Google too basic. Although the work includes basic information for the neophyte, it also offers solid resources, original research, and recent case law, so even seasoned investigators will gain useful nuggets of knowledge. Heavy annotation and comprehensive indexing make this book highly searchable, providing not just a good initial read but also a go-to reference.</p><p>--</p><p>Reviewer: Drew Neckar, CPP, CHPA, is a member of the ASIS Healthcare Security Council, and has extensive experience in threat assessment and investigations.</p>GP0|#91bd5d60-260d-42ec-a815-5fd358f1796d;L0|#091bd5d60-260d-42ec-a815-5fd358f1796d|Cybersecurity;GTSet|#8accba12-4830-47cd-9299-2b34a4344465