The Cyber Risk Handbook
eBook - ePub

The Cyber Risk Handbook

Creating and Measuring Effective Cybersecurity Capabilities

  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

The Cyber Risk Handbook

Creating and Measuring Effective Cybersecurity Capabilities

About this book

Actionable guidance and expert perspective for real-world cybersecurity

The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.

Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.

  • Learn how cyber risk management can be integrated to better protect your enterprise
  • Design and benchmark new and improved practical counter-cyber capabilities
  • Examine planning and implementation approaches, models, methods, and more
  • Adopt a new cyber risk maturity model tailored to your enterprise needs

The need to manage cyber risk across the enterpriseā€”inclusive of the IT operationsā€”is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.

Frequently asked questions

Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Perlego offers two plans: Essential and Complete
  • Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
  • Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
Both plans are available with monthly, semester, or annual billing cycles.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weā€™ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere ā€” even offline. Perfect for commutes or when youā€™re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Cyber Risk Handbook by Domenic Antonucci in PDF and/or ePUB format, as well as other popular books in Business & Financial Risk Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2017
Print ISBN
9781119308805
eBook ISBN
9781119308959
Edition
1
Topic
Business
Subtopic
Financial Risk Management
Index
Business

Chapter 1
Introduction

Domenic Antonucci, Editor and Chief Risk Officer, Australia

The CEO under Pressure

Tom is sitting at his chief executive officerā€™s desk staring into his early-morning coffee cup. His chairperson, Tara, has just reminded him that he has only one day before he must personally present to the board regarding his organizationā€™s cyber risk management capabilities. ā€œAlso, include an assessment of how effective our cyber risk management is across all our enterprise-wide operationsā€”not just IT,ā€ she added.
Tom has never presented on cyber before. He had delegated such matters in the past to his chief information officer (CIO). Tom struggled to remember his last internal briefing on the matter. He was aware that they had recently hired a chief information security officer (CISO) with a focus on cybersecurity, who reported to him directly. Tom started to protest, ā€œTara, my CISO or CIO can present ā€¦ā€ but was interrupted: ā€œNo, you own cybersecurity, we oversee it alongside the board. By ā€˜system,ā€™ I donā€™t mean our IT approach, I mean our whole-of-organization capabilities to manage cyber threats.ā€
Noting the dazed look on Tomā€™s face, Tara gave Tom a tip. ā€œTom, cyber risk is not just an IT risk, it is an enterprise, strategic, commercial, and organization-wide risk. We at the top are accountable. Youā€™ve introduced our first enterprise-wide risk management (ERM) system together with a risk maturity strategy and risk maturity model to assess and measure how we are improving the ERM system over time. Fine. But cyber risk is now an urgent priority and the specific capabilities required are a subset of the enterprise risk management system. You need to integrate the two. I suggest you dedicate your whole day today to having your team define the right set of capabilities in cyber risk management that our organization needs and how we can measure them. The board expects to see your road map first thing tomorrow.ā€

The Need for a Cyber Risk Handbook

ā€œBut what is the board worrying about, Tara?ā€ Tom quizzed. Tara paused, ā€œCyber threats, social media, mobile devices, massive data storage, artificially intelligent products, the Internet of Things (IoT), privacy requirements, and continuity of our business-as-usualā€”and more. These require heavy information security measures and organization capabilities. Tom, Iā€™m going to leave you with a couple of recent survey results and youā€™ll understand what our board is worrying about. Read the highlights.ā€
Tom picked up the two reports and read the highlights.
Eighty-eight percent of companies donā€™t believe their information security fully meets their organizationā€™s needs ā€¦ Sixty-nine percent of businesses recognize that they should be spending more on cybersecurity than they currently do, and learning about making the most of that essential investment is critical.
ā€”EYā€™s Global Information Security Survey 2015: ā€œCreating Trust in the Digital World,ā€ www.ey.com/giss


In November and December 2015, the ISACA and RSA Conference conducted a global survey of 461 cybersecurity managers and practitioners. Survey participants confirmed that the number of breaches targeting organizational and individual data continues to go unchecked and the sophistication of attack methodologies is evolving. The current state of global cybersecurity remains chaotic, the attacks are not expected to slow down, and almost 75 percent of respondents expect to fall prey to a cyber attack in 2016. Cybercriminals are the most prevalent attackers and continue to employ social engineering as their primary initial attack vector. ā€¦ Eighty-two percent of security executives and practitioners participating reported that boards are concerned or very concerned about cybersecurity.
ā€”Text from ISACA Report, March 2016. Source: State of Cybersecurity: Implications for 2016 Ā©2016 ISACA. All rights reserved. Used by permission.
ā€œSo, how do you suggest I start?ā€ queried a concerned Tom. As she left the room, Tara looked back and said simply, ā€œGet the perspectives of all your organization functions as they are all stakeholders for cyber risk, and not just your information security guys. Pull together an enterprise playbook to cover what they need to create and measure effective cybersecurity capabilities. Call it your cyber risk handbook.ā€

Toward an Effectively Cyber Riskā€“Managed Organization

Cyber risk is not new. It has been around since the start of the digital age, but cyber threats to organizations are now growing in scale and sophistication at an unprecedented rate due to advancing technologies, criminal and state-level avarice, and changing work practices (such as big data, remote access, cloud computing, social media, and mobile technology). There is increasing media and insurance industry attention. This is spotlighting high-profile and highly disruptive and damaging security breaches. These threaten financial, physical, and reputation damage across critical organization (and state) infrastructures.
Cyber risk is now widely regarded as a top risk for organizations and the top risk for many. Organization vulnerability across all sectors is increasing. The do-nothing option is increasing becoming unrealistic. This is due ...

Table of contents

  1. Cover
  2. Series
  3. Title Page
  4. Copyright
  5. Dedication
  6. Foreword The State of Cybersecurity
  7. About the Editor
  8. List of Contributors
  9. Acknowledgments
  10. Chapter 1: Introduction
  11. Chapter 2: Board Cyber Risk Oversight: What Needs to Change?
  12. Chapter 3: Principles Behind Cyber Risk Management
  13. Chapter 4: Cybersecurity Policies and Procedures
  14. Chapter 5: Cyber Strategic Performance Management
  15. Chapter 6: Standards and Frameworks for Cybersecurity
  16. Chapter 7: Identifying, Analyzing, and Evaluating Cyber Risks
  17. Chapter 8: Treating Cyber Risks
  18. Chapter 9: Treating Cyber Risks Using Process Capabilities
  19. Chapter 10: Treating Cyber Risksā€”Using Insurance and Finance
  20. Chapter 11: Monitoring and Review Using Key Risk Indicators (KRIs)
  21. Chapter 12: Cybersecurity Incident and Crisis Management
  22. Chapter 13: Business Continuity Management and Cybersecurity
  23. Chapter 14: External Context and Supply Chain
  24. Chapter 15: Internal Organization Context
  25. Chapter 16: Culture and Human Factors
  26. Chapter 17: Legal and Compliance
  27. Chapter 18: Assurance and Cyber Risk Management
  28. Chapter 19: Information Asset Management for Cyber
  29. Chapter 20: Physical Security
  30. Chapter 21: Cybersecurity for Operations and Communications
  31. Chapter 22: Access Control
  32. Chapter 23: Cybersecurity Systems: Acquisition, Development, and Maintenance
  33. Chapter 24: People Risk Management in the Digital Age
  34. Chapter 25: Cyber Competencies and the Cybersecurity Officer
  35. Chapter 26: Human Resources Security
  36. Epilogue
  37. Glossary
  38. Index
  39. EULA