Building an Effective Security Program
eBook - ePub

Building an Effective Security Program

  1. 444 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Building an Effective Security Program

About this book

Building an Effective Security Program provides readers with a comprehensive approach to securing the IT systems in use at their organizations. This book provides information on how to structure and operate an effective cybersecurity program that includes people, processes, technologies, security awareness, and training. This program will establish and maintain effective security protections for the confidentiality, availability, and integrity of organization information. In this book, the authors take a pragmatic approach to building organization cyberdefenses that are effective while also remaining affordable.

This book is intended for business leaders, IT professionals, cybersecurity personnel, educators, and students interested in deploying real-world cyberdefenses against today's persistent and sometimes devastating cyberattacks. It includes detailed explanation of the following IT security topics:

  • IT Security Mindset —Think like an IT security professional, and consider how your IT environment can be defended against potential cyberattacks.
  • Risk Management —Identify the assets, vulnerabilities and threats that drive IT risk, along with the controls that can be used to mitigate such risk.
  • Effective Cyberdefense —Consider the components of an effective organization cyberdefense to successfully protect computers, devices, networks, accounts, applications and data.
  • Cyber Operati ons—Operate cyberdefense capabilities and controls so that assets are protected, and intruders can be detected and repelled before significant damage can be done.
  • IT Security Awareness and Tra ining—Promote effective cybersecurity practices at work, on travel, and at home, among your organization's business leaders, IT professionals, and staff.
  • Resilient IT Security —Implement, operate, monitor, assess, and improve your cybersecurity program on an ongoing basis to defend against the cyber threats of today and the future.

Tools to learn more effectively

Saving Books

Saving Books

Keyword Search

Keyword Search

Annotating Text

Annotating Text

Listen to it instead

Listen to it instead

Information

Publisher
De Gruyter
Year
2020
Print ISBN
9781501515248
eBook ISBN
9781501506420
Edition
1
Topic
Computer Science
Subtopic
Data Mining
Index
Computer Science

Chapter 1 The Digital Organization

Information technology (IT) touches how we stay connected, how we learn and share, and how we conduct business for our work and our family. Thanks to IT, organizations are increasing productivity, reducing costs, streamlining operations, and taking care of people in ways never before possible in history. Some would say the revolution is just getting started.
Don Tapscott famously documented this transition in his 1995 best-selling book The Digital Economy: Promise and Peril in the Age of Networked Intelligence.1 He coined the term “digital economy” to describe the business consequences of this revolution, examining how digitization would affect healthcare, manufacturing, marketing, government, publishing, broadcasting, advertising, human resources, and communication. He also considered some of the looming challenges that would come from this transition in the areas of privacy, regulation, democracy, and society. Figure 1.1 depicts the digitization challenges and digital impacts of his digital economy.
Figure 1.1: Digitization has fundamentally transformed how organizations operate and how employees perform their jobs – along with how organizations implement cyber protections.
While Don Tapscott didn’t necessarily envision social media businesses like Facebook and Twitter, he certainly understood many of the issues that arose in the decades following the publication of his book.
This chapter describes various aspects of the modern digital organization, including how the rise of IT has transformed everyone’s digital life, how modern organizations operate, and need to be secured. It considers how IT has transformed the modern workplace and how that workplace may continue to be transformed in the future. It considers how IT changes the stakes for the modern organization, and the risks that come from those stakes. It considers how people are both a weak link as well as the principal strength in protecting the digital organization. In closing, this chapter will present some historical data related to cyber failures and thoughts on the benefits and threats of computers and ever-present surveillance they can enable.

Everyone’s Digital Life

Each of us exists at the center of a “digital life” that includes our work and co-workers, our home and family, and our friends. This connected ecosystem includes computers, tablets, phones, and other resources connecting us to the work and home functions that we use every day. Many of these devices rely upon the internet to work, communicating with computers, servers, and users hundreds or thousands of miles away. Figure 1.2 illustrates this digital ecosystem.2
Figure 1.2: Our interconnected digital life requires multiple levels of cyberdefenses for comprehensive protection against modern cyberattacks.
We use these digital ecosystem resources to access work functions including e-mail, calendar, contacts, collaboration tools, and work documents. We also use these resources to access home functions such as e-mail, personal documents, photos, e-commerce, social media, gaming, movies, and music. Sometimes our devices may be dedicated to one function, such as a work computer, but frequently devices and networks may be shared between work and home functions. Examples of this sharing are when we access our work e-mail from a personal phone, or when we send personal e-mail messages from a work computer.
For many of these functions, connectivity to the internet is required. We may get our internet connectivity through office networks, cellular networks, cable modems, satellite services, public Wi-Fi, or other methods. We often use digital identities such as a username and password, or multifactor methods to identify ourselves and prove who we are. Billions of dollars in commerce are conducted each year using online services and online identities, including online banking, e-commerce, healthcare, and collaboration.
Cyberdefenses protecting our digital life must include multiple levels of defense to provide comprehensive protection. These protections must extend to our devices, our networks, our applications, our accounts, and the external partners we trust for our online activities. These protections must be comprehensive, while also unobtrusive, so that we can conduct our online business while also staying protected. People involved in these protections often remain the “weakest link” in the chain of cyberdefense security. Everyone must know how implemented protections work and how to use them so that their online activities can be safe and protected.

IT and the Modern Workplace

Few jobs anywhere have been untouched by IT over the past three decades. For many careers, the disruption has been dramatic and almost continuous since the explosion of personal computing back in the 1980s and the rise of the internet in the 1990s. Digitization has fundamentally changed operational processes and workflows, fundamentally changing how organizations operate and the work their employees need to perform. McKinsey Global Institute3 has used the term “digital transformation” to describe these concepts, estimating that most organizations are, even today, operating at a fraction of their “digital potential.”
But what is a digital organization? The effects digitization can have on organizations stem from how network-connected digital data differs from the papers and analog recordings that preceded it. These changes can be summed up as follows.

Instant Data Replication

Once data is captured in a digital form and placed onto a network like the internet, it can be made instantly available wherever it is needed, for whomever needs it. It is no longer necessary for data to be manually duplicated (carbon forms, anyone?), nor is it necessary for it to be passed among different teams or departments by hand. Similarly, this replication means that large, geographically diverse teams, can have shared situational awareness without having to spend time synchronizing their status.

Real-Time Data Processing

Just as instant data replication means that everyone can have a shared picture of reality, IT permits the data surrounding that shared picture to be analyzed and processed in real time. It is no longer necessary to wait for nightly reports or monthly analysis – IT systems can re-calculate their results in real time, as the inputs change and evolve. And highly powerful computers can perform sophisticated data analytics, in near-real time.

Automated Workflow

Once data is digitized, the workflow around that data and the decisions that must be made regarding it can be automated. With automation, the computer and the network, rather than humans, will enforce the workflow process, reducing errors and dramatically reducing workloads. This automation, in turn, frees up the people to focus on the exception cases and situations where judgment is required, rather than just the processes.

Digital Service Delivery

Once the previous three capabilities (i.e., Instant Data Replication, Real-Time Data Processing, and Automated Workflow) are in place, entire services can be delivered electronically with no human intervention whatsoever. These services can include presenting options, taking orders, processing payments, and delivering the resulting services or products. As Amazon has shown with their robot warehouses, even picking, packing, and shipping can be done almost entirely by machine.

Dynamic Social Networking

Employees are no longer limited to the information provided to them by the organizational hierarchy, or the notes they find in the company newsletter. Collaboration and networking tools enable employees, partners, and customers to dynamically share information about what they are doing, where they are struggling, and what help they need. These tools enable people to dynamically self-organize to understand, analyze, and solve problems, multiple times per day.

Advanced Digital Capabilities

Emerging advanced digital capabilities include analytics, machine learning, voice recognition, and machine vision. These capabilities may enable entirely new business functions and opportunities, as we have seen with capabilities like Amazon’s Alexa and Tesla’s self-driving cars.

Digital Transformation

Thanks to digitization, we now have real-time stock trading at the National Association of Security Dealers (NASDAQ), vendor marketplaces like eBay and Amazon, and ride-sharing services like Lyft and Uber. Digitization has disrupted entire industries, including advertising, communication, transportation, and photography (remember Kodak?). These changes have in turn dramatically affected how people do their jobs. Paper processes have given way to e-mail and online collaboration, file cabinets have given way to data warehouses, and clerks and typists have been replaced with customer service representatives and scanning services. Entire organizations have gone paperless – like the United Services Automobile Association (USAA) did in the 1990s – to leverage the benefits of digitization across their businesses and business functions.
Today, digitization coupled with cloud services has led to the rise of the “fully digital, fully virtual” business. A business using only digital technology no longer needs offices, files, on-premise business systems, or warehouses. Employees scattered around the world can come together using internet collaboration tools, develop products, deliver services, and troubleshoot problems without ever meeting face-to-face. Back-end business functions like payroll, collaboration, communication, sales, and customer service can be delivered over the network, along with storage, archiving, and analysis. By fully leveraging digitization, a business c...

Table of contents

  1. Title Page
  2. Copyright
  3. Contents
  4. Dedication
  5. Chapter 1 The Digital Organization
  6. Chapter 2 Ever-Present Cyber Threats
  7. Chapter 3 Cyber Risk Management
  8. Chapter 4 Cyberdefense Concepts
  9. Chapter 5 Cybersecurity Drivers
  10. Chapter 6 Cyber Program Management
  11. Chapter 7 Cybersecurity Capabilities
  12. Chapter 8 Cybersecurity Operations
  13. Chapter 9 Cyber Awareness
  14. Chapter 10 Organization Cyber Awareness
  15. Chapter 11 Cyber Training
  16. Chapter 12 Measuring Cyber Performance
  17. Chapter 13 When Things Go Wrong
  18. Chapter 14 Looking to the Future
  19. Glossary
  20. Index

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn how to download books offline
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 990+ topics, we’ve got you covered! Learn about our mission
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more about Read Aloud
Yes! You can use the Perlego app on both iOS and Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app
Yes, you can access Building an Effective Security Program by Chris Williams,Scott Donaldson,Stanley Siegel in PDF and/or ePUB format, as well as other popular books in Computer Science & Data Mining. We have over one million books available in our catalogue for you to explore.