The Cyber Risk Handbook
eBook - ePub

The Cyber Risk Handbook

Creating and Measuring Effective Cybersecurity Capabilities

Domenic Antonucci

Share book
  1. English
  2. ePUB (mobile friendly)
  3. Available on iOS & Android
eBook - ePub

The Cyber Risk Handbook

Creating and Measuring Effective Cybersecurity Capabilities

Domenic Antonucci

Book details
Book preview
Table of contents
Citations

About This Book

Actionable guidance and expert perspective for real-world cybersecurity

The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.

Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.

  • Learn how cyber risk management can be integrated to better protect your enterprise
  • Design and benchmark new and improved practical counter-cyber capabilities
  • Examine planning and implementation approaches, models, methods, and more
  • Adopt a new cyber risk maturity model tailored to your enterprise needs

The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.

Frequently asked questions

How do I cancel my subscription?
Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is The Cyber Risk Handbook an online PDF/ePUB?
Yes, you can access The Cyber Risk Handbook by Domenic Antonucci in PDF and/or ePUB format, as well as other popular books in Business & Financial Risk Management. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Wiley
Year
2017
ISBN
9781119308959
Edition
1
Topic
Business
Subtopic
Financial Risk Management
Index
Business

Chapter 1
Introduction

Domenic Antonucci, Editor and Chief Risk Officer, Australia

The CEO under Pressure

Tom is sitting at his chief executive officer’s desk staring into his early-morning coffee cup. His chairperson, Tara, has just reminded him that he has only one day before he must personally present to the board regarding his organization’s cyber risk management capabilities. “Also, include an assessment of how effective our cyber risk management is across all our enterprise-wide operations—not just IT,” she added.
Tom has never presented on cyber before. He had delegated such matters in the past to his chief information officer (CIO). Tom struggled to remember his last internal briefing on the matter. He was aware that they had recently hired a chief information security officer (CISO) with a focus on cybersecurity, who reported to him directly. Tom started to protest, “Tara, my CISO or CIO can present 
” but was interrupted: “No, you own cybersecurity, we oversee it alongside the board. By ‘system,’ I don’t mean our IT approach, I mean our whole-of-organization capabilities to manage cyber threats.”
Noting the dazed look on Tom’s face, Tara gave Tom a tip. “Tom, cyber risk is not just an IT risk, it is an enterprise, strategic, commercial, and organization-wide risk. We at the top are accountable. You’ve introduced our first enterprise-wide risk management (ERM) system together with a risk maturity strategy and risk maturity model to assess and measure how we are improving the ERM system over time. Fine. But cyber risk is now an urgent priority and the specific capabilities required are a subset of the enterprise risk management system. You need to integrate the two. I suggest you dedicate your whole day today to having your team define the right set of capabilities in cyber risk management that our organization needs and how we can measure them. The board expects to see your road map first thing tomorrow.”

The Need for a Cyber Risk Handbook

“But what is the board worrying about, Tara?” Tom quizzed. Tara paused, “Cyber threats, social media, mobile devices, massive data storage, artificially intelligent products, the Internet of Things (IoT), privacy requirements, and continuity of our business-as-usual—and more. These require heavy information security measures and organization capabilities. Tom, I’m going to leave you with a couple of recent survey results and you’ll understand what our board is worrying about. Read the highlights.”
Tom picked up the two reports and read the highlights.
Eighty-eight percent of companies don’t believe their information security fully meets their organization’s needs 
 Sixty-nine percent of businesses recognize that they should be spending more on cybersecurity than they currently do, and learning about making the most of that essential investment is critical.
—EY’s Global Information Security Survey 2015: “Creating Trust in the Digital World,” www.ey.com/giss


In November and December 2015, the ISACA and RSA Conference conducted a global survey of 461 cybersecurity managers and practitioners. Survey participants confirmed that the number of breaches targeting organizational and individual data continues to go unchecked and the sophistication of attack methodologies is evolving. The current state of global cybersecurity remains chaotic, the attacks are not expected to slow down, and almost 75 percent of respondents expect to fall prey to a cyber attack in 2016. Cybercriminals are the most prevalent attackers and continue to employ social engineering as their primary initial attack vector. 
 Eighty-two percent of security executives and practitioners participating reported that boards are concerned or very concerned about cybersecurity.
—Text from ISACA Report, March 2016. Source: State of Cybersecurity: Implications for 2016 ©2016 ISACA. All rights reserved. Used by permission.
“So, how do you suggest I start?” queried a concerned Tom. As she left the room, Tara looked back and said simply, “Get the perspectives of all your organization functions as they are all stakeholders for cyber risk, and not just your information security guys. Pull together an enterprise playbook to cover what they need to create and measure effective cybersecurity capabilities. Call it your cyber risk handbook.”

Toward an Effectively Cyber Risk–Managed Organization

Cyber risk is not new. It has been around since the start of the digital age, but cyber threats to organizations are now growing in scale and sophistication at an unprecedented rate due to advancing technologies, criminal and state-level avarice, and changing work practices (such as big data, remote access, cloud computing, social media, and mobile technology). There is increasing media and insurance industry attention. This is spotlighting high-profile and highly disruptive and damaging security breaches. These threaten financial, physical, and reputation damage across critical organization (and state) infrastructures.
Cyber risk is now widely regarded as a top risk for organizations and the top risk for many. Organization vulnerability across all sectors is increasing. The do-nothing option is increasing becoming unrealistic. This is due ...

Table of contents