دانلود کتاب Cybersecurity for Business: Organization-Wide Strategies to Ensure Cyber Risk Is Not Just an IT Issue

فهرست مطالب :

Cover
Contents
Foreword by Peter Gleason
Preface
About the Authors
1 Cybersecurity is (Not) an IT Issue
Five Key Ideas to Take Away from This Chapter
Introduction
Why we are not Making Progress in Securing Cyberspace
Digital Transformation Makes Cybersecurity a Business Issue
The New Frontier: Artificial Intelligence (AI) and Attacks that Learn
Why Balancing Business Growth, Profitability and Cybersecurity is Difficult
The COVID-19 Pandemic: Cyber-Enabled Business and Increased Risk
The Cybersecurity Problem is Serious and Getting Worse Fast
Technical Vulnerabilities are a Problem—but not the Only Problem
Why Cyber Infrastructure is Attacked—Follow the Money
The Economics of Cybersecurity is Upside Down
The Economic Balance in Cyberspace Favors the Attackers
Good Cyber Hygiene is not Enough
Security vs. Compliance
The Punitive Model of Compelling Reasonable Security
What’s an Organization to do About Cybersecurity?
Conclusion
Endnotes
2 Effective Cybersecurity Principles for Boards of Directors
Five Key Ideas to Take Away from This Chapter
Introduction
What Role Does the Board Play in Cybersecurity?
The Evolution in Corporate Board Thinking on Cybersecurity
Developing and Validating Board-Level Principles of Cybersecurity
Process for Developing the International Principles for Boards and Cybersecurity
Five Consensus Principles for Effective Cybersecurity at the Board Level
Outlining the Board Cybersecurity Principles
Conclusion
Endnotes
3 Structuring for the Digital Age
Five Key Ideas to Take Away from This Chapter
Introduction
The Move Away from Digital Silos
Establishing a Management Framework for Cybersecurity
We are not Integrated Yet
Siloed Cybersecurity Systems are Counterproductive
How Centralized Ought the Cybersecurity Function be?
Who does the Cyber Leader Report to?
Who is on the Cybersecurity Team?
Finding the Right Structure for the Cybersecurity Team
Adapting Enterprise Architecture
Collaborative Models Initiated in the Financial Services Industry
Conclusion
Endnotes
4 A Modern Approach to Assessing Cyber Risk
Five Key Ideas to Take Away from This Chapter
Introduction
What is Cyber Risk?
Comparing Traditional Cyber Risk Methods
A Better Approach
The Modern Risk Assessment
Simplify the Contemplation of Cyber Risk
Translate Traditional Cybersecurity Metrics into Financial Details
Provide a Means for a Standard and Repeatable Cyber Risk Evaluation
Forecast Financial Exposure due to Cyber Risk
Provide a Set of Prioritized Remediation and Transfer Guidance
Align Cyber Risk with Enterprise-Wide Risk Management Reporting
Conclusion
5 The Role of HR Functions in Scaling Cybersecurity and Building Trust
Five Key Ideas to Take Away from This Chapter
Introduction
Insider Threat: The Achilles Heel
Remote Work: The Newest Complication
Developing a Security-Minded Culture
Developing Process and Operational Controls
The Value of HR in Cybersecurity
Recruitment, Hiring and Retention
Training: A Continuing Commitment to Security
Off-boarding
Conclusion
Endnotes
6 Cybersecurity and the Office of the General Counsel
Five Key Ideas to Take Away from This Chapter
Introduction
Why Cybersecurity Demands a Proactive Approach by the GC
Key Responsibilities—The Basics
Monitoring and Advising on Changes in Statutory, Regulatory and Sectoral Requirements
Regulatory Requirements
Advanced Risk Management Functions of the GC
Conclusion
Endnotes
7 Cybersecurity Audit and Compliance Considerations
Five Key Ideas to Take Away from This Chapter
Introduction
The Current Landscape of Compliance and Audit Requirements
Cybersecurity Compliance Within Enterprise Risk Management
The Role of the Audit Function
Three Lines of Defense Model
The Role of External Auditors
The Role of Technology in the Future State of Compliance and Audit
Conclusion
Endnotes
8 Cyber Supply Chain and Third-Party Risk Management
Five Key Ideas to Take Away from This Chapter
Introduction
Approaching Cyber Supply Chain Risk Management
Accounting for Cybersecurity Management and IT Governance in the Total Cost of Ownership Calculation
Negotiation Strategies Inclusive of Cybersecurity Insurance Provisions
Implementation of Inclusive Service Level Agreements
Including Cybersecurity in Current Supply Chain Risk Management
Training Supply Chain Personnel to Recognize Cybersecurity Risk and Enable Mitigation Activities
Cyber Supply Chain Third-Party Due Diligence
Including Cyber Requirements in the Third-Party Risk Management Program
Ensuring Cyber Third-Party Agreements Provide Adequate Controls for Legal Risks and Compliance
Conclusion
Endnotes
9 Technical Operations
Five Key Ideas to Take Away from This Chapter
Introduction
Technical Operations—The Need for Consistent Coordination of Defense-in-Depth
Prevention—Technical Operations
Detection—Technical Operations
Response—Technical Operations
Conclusion
Endnotes
10 Crisis Management
Five Key Ideas to Take Away from This Chapter
Introduction
What is an Incident Response Plan (IRP)?
Why do you Need a Plan?
Business Capabilities and Function Required to Support Incident Response
Questions Senior Management Should Consider in Developing an IRP
Third Parties to Notify
Conclusion
Endnotes
11 Cybersecurity Considerations During M and A Phases
Five Key Ideas to Take Away from This Chapter
Introduction
When is the Best Time to Conduct the Risk Assessment in M and A? The Earlier, the Better
Strategy and Target Identification Phase
Due Diligence and Deal Execution Phases
Integration Phase
Conclusion
Endnotes
12 Developing Relationships with the Cybersecurity Team
Five Key Ideas to Take Away from This Chapter
Introduction
A Healthy Culture
Empathy: Understanding Others’ Feelings is Part of Cybersecurity
The CISO’s Role
Relationships with the Cybersecurity Team
Relationships Inside the Organization
Relationships Outside the Organization
Assess Performance
Conclusion
Endnotes
Index