Cyber Strategy
eBook - ePub

Cyber Strategy

Risk-Driven Security and Resiliency

  1. 200 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Cyber Strategy

Risk-Driven Security and Resiliency

About this book

Cyber Strategy: Risk-Driven Security and Resiliency provides a process and roadmap for any company to develop its unified Cybersecurity and Cyber Resiliency strategies. It demonstrates a methodology for companies to combine their disassociated efforts into one corporate plan with buy-in from senior management that will efficiently utilize resources, target high risk threats, and evaluate risk assessment methodologies and the efficacy of resultant risk mitigations. The book discusses all the steps required from conception of the plan from preplanning (mission/vision, principles, strategic objectives, new initiatives derivation), project management directives, cyber threat and vulnerability analysis, cyber risk and controls assessment to reporting and measurement techniques for plan success and overall strategic plan performance. In addition, a methodology is presented to aid in new initiative selection for the following year by identifying all relevant inputs.

Tools utilized include:



  • Key Risk Indicators (KRI) and Key Performance Indicators (KPI)



  • National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) Target State Maturity interval mapping per initiative



  • Comparisons of current and target state business goals and critical success factors



  • A quantitative NIST-based risk assessment of initiative technology components



  • Responsible, Accountable, Consulted, Informed (RACI) diagrams for Cyber Steering Committee tasks and Governance Boards' approval processes



  • Swimlanes, timelines, data flow diagrams (inputs, resources, outputs), progress report templates, and Gantt charts for project management

The last chapter provides downloadable checklists, tables, data flow diagrams, figures, and assessment tools to help develop your company's cybersecurity and cyber resiliency strategic plan.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access Cyber Strategy by Carol A. Siegel,Mark Sweeney in PDF and/or ePUB format, as well as other popular books in Computer Science & Computer Science General. We have over one million books available in our catalogue for you to explore.

Information

Publisher
CRC Press
Year
2020
eBook ISBN
9781000048506
Edition
1
Topic
Computer Science
Subtopic
Computer Science General
Index
Computer Science
1
Why Cybersecurity and Cyber Resiliency Strategies Are Mandatory for Organizations Today
Cybersecurity and cyber resiliency are the number one concerns for companies today. Organizations must protect their assets and defend against threats and attacks in order to stay in business. A break-in or breach can destroy a company’s assets and/or reputation in a matter of minutes. Readiness is key, so that if the unthinkable happens, your company will have the tools and action plans to counter and recover from the attack.
Developing a cybersecurity and cyber resiliency strategy that supports the business and is resource efficient requires strategic planning. Most organizations lack the necessary experience to conduct the appropriate planning required to streamline efforts, while minimizing risks, as they strive toward their long-term strategic business objectives.
The cybersecurity profession is growing exponentially. Although there are numerous universities and technical schools that provide degrees in these new fields, they are not teaching how to develop a strategy: one that is unifying – that allows an organization to develop a risk-based, efficient, and targeted effort that will be approved by top company management.
The cyber resiliency field is even younger, evolving from the traditional fields of disaster recovery and business continuity. It is, however, not fine-tuned to the cybersecurity threats of today and struggles to identify and prepare for the threats of tomorrow. There is much more growth that must happen in this arena in order for organizations to feel comfortable with their cyber programs in an age of persistent and advancing threats.
In larger organizations, pockets of cybersecurity and cyber resiliency can be found in company silos such as specific business units. A business unit or silo can have its own information security and disaster recovery/business continuity strategy that may or may not roll up into an enterprise-wide effort. Also, if a company has acquired other companies and joined additional networks, each legacy company or business unit will surely have their own policies, procedures, standards, and/or frameworks they follow. All of these strategies may have conflicting goals and not focus on the highest priority business objectives.
In order to respond to today’s threats in a cohesive manner, communications and threat intelligence must utilize a common language and risk metrics. Defining a taxonomy for risks, threats, vulnerabilities, and controls will facilitate an effective and measurable response.

1.1 The Value Proposition

This book will provide concepts, processes, roadmaps, project development tools, and reporting templates to be used by any type of company in order to develop their enterprise-wide cybersecurity and cyber resiliency strategies. This book delivers a methodology for companies to bring together their disassociated strategic planning efforts into one corporate-wide strategy that will efficiently utilize resources, target high risk threats, evaluate resultant risk mitigation efforts, while engaging buy-in across the corporate culture, senior management, business silos, and diverse business interests. A mid-level manager, as well as a CISO or CIO, can use this book to create very real strategies that can be published by the Board of the company and approved by their supervisory entities. By using the unifying techniques discussed later, the strategy sponsor can assimilate strategies from other areas of the company that may be in development and align and/or incorporate them into a central enterprise-wide strategy.
The book will discuss the steps and tasks required from conception of the strategy through its planning, creation, success and performance measurement techniques, management reporting, and planning for future ongoing efforts.

1.2 The 6 Steps for Developing and Maintaining A Cybersecurity and Cyber Resiliency Strategy

In order for an organization to develop and maintain its cybersecurity and cyber resiliency strategy, there are 6 major STEPs that should be taken. If performed, the organization’s cybersecurity and cyber resiliency strategy will be comprehensive, functional, long lasting, and have continued buy-in and support from senior management. They are:
  1. STEP 1: Preplanning: Preparation for Strategy Development
  2. STEP 2: Strategy Project Management
  3. STEP 3: Cyber Threats, Vulnerabilities, and Intelligence Analysis
  4. STEP 4: Cyber Risks and Controls
  5. STEP 5: Current and Target State Assessments
  6. STEP 6: Strategic Plan Performance Measurement and End of the Year (EoY) Tasks
The 6 Development and Annual Maintenance STEPs for a Cybersecurity and Cyber Resiliency Strategy (Figure 1.1) show a sequential representation of the 6 STEPs required.
Figure 1.1
Figure 1.1 The 6 Development and Annual Maintenance STEPs for a Cybersecurity and Cyber Resiliency Strategy.
Each of the 6 STEPs will be discussed in detail throughout the book and methodologies presented for their approach and execution. NOTE: In striving to keep applicability of the strategy particulars and processes presented here current and continuously timely, the authors have decided to make this book technology agnostic, thereby not dating any particular technology, objective, initiative, or conclusion.

1.3 Cybersecurity and Cyber Resiliency Strategy Key Players

What job functions and management levels of people in an organization might need this information? The most obvious people would be any one in the information security, cybersecurity, cyber resiliency, business continuity/disaster recovery, and resiliency areas that are tasked with developing a strategic action plan to combat cyber threats and attacks over the longer term. This would include, but not be limited to, such roles as shown in Table 1.1.
TABLE 1.1 Cybersecurity and Cyber Resiliency Strategy Key Players
Developers, Approvers, or Readers
  1. Chief Information Security Officer (CISO)
  2. Chief Information Officer (CIO)
  3. Chief Technology Officer (CTO)
  4. Cyber/Security Architect
  5. Cyber/Security Engineer
  6. Security Administrator
  7. Cyber/Security Manager
  8. Security Software Developer
  9. Security Incident Responder
  10. Cryptographer
  11. Cybersecurity/Resiliency Consultant
  12. Data Security Strategist
  13. Chief Resiliency Officer
  14. Business Continuity Analyst
  15. Disaster Recovery Manager
  16. Resiliency Engineer
  17. Business Preparedness and Resiliency Program Manager
  18. Global Resiliency Project Manager
However, it is not just the security professionals who need to be concerned with a cyberattack. Increasingly more regulations are demanding accountability from senior management when there is a breach. Not just CISOs and CIOs, but also Chief Operating Officers (COO) and Chief Executive Officers (CEO) can be ...

Table of contents

  1. Cover
  2. Half Title
  3. Title Page
  4. Copyright Page
  5. Contents
  6. Author Biographies
  7. Chapter 1 Why Cybersecurity and Cyber Resiliency Strategies Are Mandatory for Organizations Today
  8. Chapter 2 The 6 STEPs in Developing and Maintaining a Cybersecurity and Cyber Resiliency Strategy
  9. Chapter 3 Strategy Project Management
  10. Chapter 4 Cyber Threats, Vulnerabilities, and Intelligence Analysis
  11. Chapter 5 Cyber Risks and Controls
  12. Chapter 6 Current and Target State Assessments
  13. Chapter 7 Measuring Strategic Plan Performance and End of Year (EoY) Tasks
  14. Chapter 8 Checklists and Templates to Help Create an Enterprise-Wide Cybersecurity and Cyber Resiliency Strategy