Most organizations place a high priority on keeping data secure, but not every organization invests in training its engineers or employees in understanding the security risks involved when using or developing technology. Designed for the non-security professional, What Every Engineer Should Know About Cyber Security and Digital Forensics is an overview of the field of cyber security.

The Second Edition updates content to address the most recent cyber security concerns and introduces new topics such as business changes and outsourcing. It includes new cyber security risks such as Internet of Things and Distributed Networks (i.e., blockchain) and adds new sections on strategy based on the OODA (observe-orient-decide-act) loop in the cycle. It also includes an entire chapter on tools used by the professionals in the field. Exploring the cyber security topics that every engineer should understand, the book discusses network and personal data security, cloud and mobile computing, preparing for an incident and incident response, evidence handling, internet usage, law and compliance, and security forensic certifications. Application of the concepts is demonstrated through short case studies of real-world incidents chronologically delineating related events. The book also discusses certifications and reference manuals in the areas of cyber security and digital forensics.

By mastering the principles in this volume, engineering professionals will not only better understand how to mitigate the risk of security incidents and keep their data secure, but also understand how to break into this expanding profession.

Table of Contents

Chapter 1 Security Threats 

Chapter 2 Cyber Security 

Chapter 3 Strategy to Outpace the Adversary 

Chapter 4 Preparing for an Incident 

Chapter 5 Incident Response and Digital Forensics 

Chapter 6 Development, Security, and Operations 

Chapter 7 Mobile Device Forensic Tools 

Chapter 8 The Laws Most Likely to Affect IT and IT Security 

Chapter 9 Cyber Security and Digital Forensics Careers 

Chapter 10 Theory to Practice 

About the Authors

Joanna F. DeFranco, earned her Ph.D. in computer and information science from New Jersey Institute of Technology, M.S. in computer engineering from Villanova University, and a B.S. in Electrical Engineering and Math from Penn State University. She is an Associate Professor of Software Engineering with the Pennsylvania State University. She has worked as an Electronics Engineer for the Navy as well as a Software Engineer at Motorola. Dr. DeFranco is also a researcher for the National Institute of Standards and Technology (NIST) working with the Secure Systems and Applications group. She is a senior member of the IEEE and an area and column editor for IEEE Computer Magazine. Her research interests include software engineering, Software Security, Distributed Networks, and Internet of Things.

Bob Maley, Inventor, CISO, Author, Futurist, and OODA Loop Fanatic, is the Chief Security Officer at Black Kite, the leader in third-party cyber risk intelligence. Bob has previously worked in physical security as a law enforcement officer. He also worked as the head of PayPal’s Global Third-Party Security & Inspections team and as Chief Information Security Officer for the Commonwealth of Pennsylvania. Bob led the Pennsylvania Information Security Architecture program to win the 2007 award for outstanding achievement in information technology by the National Association of State Chief Information Officers (NASCIO). He has been named a CSO of the Year finalist for the SC Magazine Awards and was nominated as the Information Security Executive of the Year, North America. Bob’s certifications include CRISC, CTPRP, OpenFAIR, and CCSK.