What do you think?
Rate this book
You CAN Stop Stupid: Stopping Losses from Accidental and Malicious Actions
Stopping Losses from Accidental and Malicious Actions
Around the world, users cost organizations billions of dollars due to simple errors and malicious actions. They believe that there is some deficiency in the users. In response, organizations believe that they have to improve their awareness efforts and making more secure users. This is like saying that coalmines should get healthier canaries. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that. It takes a holistic approach to assessing risk combined with technical defenses and countermeasures layered with a security culture and continuous improvement. Only with this kind of defense in depth can organizations hope to prevent the worst of the cybersecurity breaches and other user-initiated losses. Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, Ira Winkler and Dr. Tracy Celaya's You CAN Stop Stupid provides a methodology to analyze potential losses and determine appropriate countermeasures to implement.
Minimize business losses associated with user failings Proactively plan to prevent and mitigate data breaches Optimize your security spending Cost justify your security and loss reduction efforts Improve your organization’s culture Business technology and security professionals will benefit from the information provided by these two well-known and influential cybersecurity speakers and experts.
Around the world, users cost organizations billions of dollars due to simple errors and malicious actions. They believe that there is some deficiency in the users. In response, organizations believe that they have to improve their awareness efforts and making more secure users. This is like saying that coalmines should get healthier canaries. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that. It takes a holistic approach to assessing risk combined with technical defenses and countermeasures layered with a security culture and continuous improvement. Only with this kind of defense in depth can organizations hope to prevent the worst of the cybersecurity breaches and other user-initiated losses. Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, Ira Winkler and Dr. Tracy Celaya's You CAN Stop Stupid provides a methodology to analyze potential losses and determine appropriate countermeasures to implement.
Minimize business losses associated with user failings Proactively plan to prevent and mitigate data breaches Optimize your security spending Cost justify your security and loss reduction efforts Improve your organization’s culture Business technology and security professionals will benefit from the information provided by these two well-known and influential cybersecurity speakers and experts.
368 pages, Kindle Edition
Published December 8, 2020
9 people are currently reading
54 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 - 3 of 3 reviews
December 23, 2020
In the movie Forrest Gump, Tom Hanks gets asked many times if he is stupid. The character Forrest Gump replies with a line that is now part of the American lexicon "stupid is as stupid does." The meaning of the term is that an individual should be judged by his actions, not by his appearance.
When it comes to computers and technology, Mitch Ratliff observed that "a computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila." And more empirically, the celebrated paper by Alma Whitten and J. D. Tygar Why Johnny Can'tCan't Encrypt: A Usability Evaluation of PGP 5.0, showed that tech-savvy college students made many sophomoric security mistakes.
In You Can Stop Stupid: Stopping Losses from Accidental and Malicious Actions (Wiley), authors Ira Winkler and Dr. Tracy Celaya Brown have written an interesting guide that attempts to stop the level of stupid that is woefully attached to technology in general, and in information security specifically. It is actually somewhat of an audacious attempt on their part, given that history is certainly not on their side.
Can one, in fact, stop stupid? The authors open with the story of the Boeing B-17 Flying Fortress bomber developed in the 1930's and the airplanes toggle switch problem that led to many accidents and pilot deaths. Jump to 2020, and in the aviation world, controlled flight into terrain (CFIT) occurs when a perfectly good airplane is unintentionally flown into the ground, mountains, water, or other obstacles. Most often resulting in the death of everyone on-board. So when it comes to aviation, they still can't stop stupid.
The authors' approach is to suggest a detailed and sophisticated multi-layered approach that has it embedded in it that users will make mistakes. But on the other hand, their methodology creates numerous countermeasures to defend against those stupid mistakes.
Using science as their guide, the scientific approach the authors take includes behavioral science, safety science, the Lockheed Martin Cyber Kill Chain framework, and more. The methodology they have created is not something that can be accomplished by installing a security appliance in the cloud or data center. Rather it takes a reinvention of the security culture and creating new methods for user behaviors in the organization.
So can you stop stupid? It is certainly an uphill battle, but the authors show an effective method to try and stop it. For those who are willing to put in the significant effort to re-engineer much of the way they do things, You Can Stop Stupid: Stopping Losses from Accidental and Malicious Actions is a valuable guide. As the author's note, it is not the users who are stupid; it is up to you to stop them from making those stupid mistakes.
When it comes to computers and technology, Mitch Ratliff observed that "a computer lets you make more mistakes faster than any invention in human history - with the possible exceptions of handguns and tequila." And more empirically, the celebrated paper by Alma Whitten and J. D. Tygar Why Johnny Can'tCan't Encrypt: A Usability Evaluation of PGP 5.0, showed that tech-savvy college students made many sophomoric security mistakes.
In You Can Stop Stupid: Stopping Losses from Accidental and Malicious Actions (Wiley), authors Ira Winkler and Dr. Tracy Celaya Brown have written an interesting guide that attempts to stop the level of stupid that is woefully attached to technology in general, and in information security specifically. It is actually somewhat of an audacious attempt on their part, given that history is certainly not on their side.
Can one, in fact, stop stupid? The authors open with the story of the Boeing B-17 Flying Fortress bomber developed in the 1930's and the airplanes toggle switch problem that led to many accidents and pilot deaths. Jump to 2020, and in the aviation world, controlled flight into terrain (CFIT) occurs when a perfectly good airplane is unintentionally flown into the ground, mountains, water, or other obstacles. Most often resulting in the death of everyone on-board. So when it comes to aviation, they still can't stop stupid.
The authors' approach is to suggest a detailed and sophisticated multi-layered approach that has it embedded in it that users will make mistakes. But on the other hand, their methodology creates numerous countermeasures to defend against those stupid mistakes.
Using science as their guide, the scientific approach the authors take includes behavioral science, safety science, the Lockheed Martin Cyber Kill Chain framework, and more. The methodology they have created is not something that can be accomplished by installing a security appliance in the cloud or data center. Rather it takes a reinvention of the security culture and creating new methods for user behaviors in the organization.
So can you stop stupid? It is certainly an uphill battle, but the authors show an effective method to try and stop it. For those who are willing to put in the significant effort to re-engineer much of the way they do things, You Can Stop Stupid: Stopping Losses from Accidental and Malicious Actions is a valuable guide. As the author's note, it is not the users who are stupid; it is up to you to stop them from making those stupid mistakes.
June 24, 2021
Great book if you want to understand how to reduce the risk of cyber related user initiated loss. It draws on lessons learnt from finance and safety science to enable cyber to achieve a reduction in human mistakes resulting in business loss.
February 12, 2026
Great information. Very deep knowledge, sort of got repetitive at times and struggled to get through parts. but still very good information.
Displaying 1 - 3 of 3 reviews