eBook - ePub
Cybersecurity Program Development for Business
The Essential Planning Guide
Chris Moschovitis
This is a test
Share book
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Cybersecurity Program Development for Business
The Essential Planning Guide
Chris Moschovitis
Book details
Book preview
Table of contents
Citations
About This Book
"This is the book executives have been waiting for. It is clear: With deep expertise but in nontechnical language, it describes what cybersecurity risks are and the decisions executives need to make to address them. It is crisp: Quick and to the point, it doesn't waste words and won't waste your time. It is candid: There is no sure cybersecurity defense, and Chris Moschovitis doesn't pretend there is; instead, he tells you how to understand your company's risk and make smart business decisions about what you can mitigate and what you cannot.
It is also, in all likelihood, the only book ever written (or ever to be written) about cybersecurity defense that is fun to read."
âThomas A. Stewart, Executive Director, National Center for the Middle Market and Co-Author of Woo, Wow, and Win: Service Design, Strategy, and the Art of Customer Delight Get answers to all your cybersecurity questions
In 2016, we reached a tipping pointâa moment where the global and local implications of cybersecurity became undeniable. Despite the seriousness of the topic, the term "cybersecurity" still exasperates many people. They feel terrorized and overwhelmed. The majority of business people have very little understanding of cybersecurity, how to manage it, and what's really at risk.
This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. From understanding the need, to core risk management principles, to threats, tools, roles and responsibilities, this book walks the reader through each step of developing and implementing a cybersecurity program. Read cover-to-cover, it's a thorough overview, but it can also function as a useful reference book as individual questions and difficulties arise.
- Unlike other cybersecurity books, the text is not bogged down with industry jargon
- Speaks specifically to the executive who is not familiar with the development or implementation of cybersecurity programs
- Shows you how to make pragmatic, rational, and informed decisions for your organization
- Written by a top-flight technologist with decades of experience and a track record of success
If you're a business manager or executive who needs to make sense of cybersecurity, this book demystifies it for you.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoâs features. The only differences are the price and subscription period: With the annual plan youâll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weâve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Cybersecurity Program Development for Business an online PDF/ePUB?
Yes, you can access Cybersecurity Program Development for Business by Chris Moschovitis in PDF and/or ePUB format, as well as other popular books in Computer Science & Cyber Security. We have over one million books available in our catalogue for you to explore.
Information
CHAPTER 1
Understanding Risk
If you're reading this book, I'd hazard a guess that you've read some of the doomâandâgloom cybersecurity books out there as well. There are many, and many are great (see the bibliography for suggestions). What's more, I am sure you have had your fill of statistics. Dreadful statistics showing how cybercrime is increasing by the day. I'll include some of those, too, just to satisfy any morbid curiosity left in you, but they are essentially useless. By the time the ink is dry on these pages, the numbers have changed. For the worse.
A BRIEF SAMPLING OF DREAD
- Hacker Attack Rate: 39 Seconds Assistant Professor of Mechanical Engineering Michel Cukier at the A. James Clark School of Engineering conducted the study that profiled the actions of hackers using bruteâforce methods to gain access to a set of exposed computers. The results showed that the computers were attacked about 2,244 times per day.
- More than 33 percent of United States consumers have experienced a cyberattack. This was reported in a survey by Zogby Analytics commission for the Hartford Steam Boiler Inspection and Insurance Company (HSB), with the most likely victims being between 18 and 24 years old. Moreover, the associated incident costs ranged from $500 for 56 percent of the cases to between $1,000 and $5,000 for 23 percent of the cases.
- According to the âInternet Security Threat ReportâSymantec 2017â (Volume 22, April 2017):
- It takes on average two minutes for an Internet of Things (IoT) device to get attacked.
- The average ransom amount for a ransomware attack went from $373 in 2014 to $1,077 in 2016.
- Over the last eight years, more than 7.1 billion identities have been stolen as a result of data breaches.
- In 2016, the United States was number one both in number of data breaches (1,023) and in identities stolen (791,820,040).
- According to the â2017 Data Breach Investigations Reportâ (Verizon):
- 75 percent of the breaches are perpetrated by outsiders, versus 25 percent involving insiders.
- 62 percent of breaches featured hacking, of which 81 percent leveraged stolen or weak passwords.
- 66 percent of malware was installed through malicious email attachments.
- 73 percent of the breaches were financially motivated; 21 percent were espionageâdriven.
- According to the âSmall Business Trendsâ website (https://smallbiztrends.com):
- 43 percent of cyberattacks target small business.
- Only 14 percent of small businesses rate their ability to mitigate cyberrisks vulnerabilities and attacks as highly effective.
- 60 percent of small companies go out of business within six months of a cyberattack.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
- According to Juniper Research's study titled âThe Future of Cybercrime & Security: Financial and Corporate Threats & Mitigationâ (Juniper Research, Ltd.):
- Cybercrime is expected to cost businesses over $2 trillion by 2019.
- Although North America has seen the lion's share of these breaches (60 percent in 2015), the proportion will level off as global digitization levels the playing field.
- According to âCybersecurity Ventures' Predictions for 2017 through 2021â:
- The cost of cybercrime damages worldwide is estimated to be $6 trillion annually by 2021.
- In 2016, the cybersecurity unemployment rate dropped to zero percent, and it is expected to remain at that level through 2021, with a projected jobâtoâskills shortfall of 1.5 million positions by 2019.
- ISACA's 2016 Cybersecurity Global Data Snapshot lists social engineering, insider threats, and advanced persistent threats as the topâthree threats facing organizations.
- According to Barkly Protects, Inc.:
- Oneâthird of the IT professionals surveyed by Barkly reported their security had been bypassed by a cyberattack in 2016.
- 71 percent of organizations targeted with ransomware attacks were successfully infected.
- Over half the organizations that suffered successful cyberattacks in 2016 are not making any changes to their cybersecurity posture in 2017, with budgetary constraints cited as the main block to improved cybersecurity.
How Much Is It Worth to You?
In the misty past, a person's most valuable possessions were things he could see: his castle, gold, tapestries, even his heirs! Their value was tied to their physical existence.
Today, the concept of value has expanded beyond tangibles to include intangibles such as data, intellectual property, and reputation. As a matter of fact, many intangibles hold more value than tangibles. Consider, which is more important: an artisanal pizza or the recipe for the artisanal pizza? It's no accident that the phase following the Industrial Revolution has been nicknamed the Information Revolution.
The rise of intangible valuables affects every individual as well as businesses of all sizes. These things of value that individuals and businesses create areâlike all things of valueâcoveted by others and therefore warrant your protection. So, just like you would protect your valuable jewelry, you must protect your valuable data. It's a simple concept.
What is interesting in this analogy is the assumption that we all share a common understanding of what is of value. You certainly have no problem intuiting that a set of diamond earrings is valuable and should therefore be stored in a secure place. Which place and how secure? That, too, is straightforward to understand. We have an innate sense of value to guide us in these decisionsâsomething that tells us that a $300 pair of earrings is safe in the jewelry box in the apartment while a $30,000 pair of earrings is best protected in a bank's safe deposit box. Easy to understand and easy to make a value judgment on.
We make these types of judgments every day, and we're very good at it. We understand what's of value, and we understand the risks to this value:
- Earrings? Theft!
- Property? Fire!
It ends up that we are very good at making complex risk management decisions on a daily basis. Who knew?
Risk! Not Just a Board Game
Consider this situation: It is 11:00 at night, and you just finished dinner with friends at your favorite restaurant. Walking to your car, you reach an intersection and see that the walk signal is red. You look left. You look right. You see a car down the block, shrug it off, and cross the street. No problem.
Now, let's change this scenario a little. Same story, only this time you are pushing a stroller with your baby in it. What's the decision now? Do you cross the street or wait for the signal to change? My bet is you wait.
We just stumbled on the concept of risk acceptance, which will prove to be of real importance in the pages that follow. The bottom line is that we all live with risk every single day of our lives. We constantly make decisions about risk and, when we're done evaluating, we take action signifying our acceptance of this risk.
In the example just suggested, in one case you accepted the risk that you can cross the street against the light, and in the other case, when you had your baby along, you did not. How does this translate to the cyberworld? In some cases, we accept the risk of having our information available out there (e.g., when using Facebook, Instagram, Swarm, and the like), and in others we do not (e.g., when we are using our credit card or revealing our medical records).
Studying risk is taking a trip down a fascinating, complex, and intricate labyrinth. It is hardâcore scienceâinvolving complex mathematics, ethics, and philosophyâwith potential lifeâandâdeath implications (e.g., the risk of reprisals when we attack a terrorist group, the risks that first responders take every day, etc.). This is certainly not a book to start you on this type of journey, although I have included a selected bibliography for you to consider at the back of this book. The purpose of this book is to expose you to some risk management and tech concepts so that we can develop a common language when discussing how to protect your things of value from cyberâbased threats. With that in mind, let's start...