The Cyber Risk Handbook
eBook - ePub

The Cyber Risk Handbook

Creating and Measuring Effective Cybersecurity Capabilities

Domenic Antonucci

Buch teilen
  1. English
  2. ePUB (handyfreundlich)
  3. Über iOS und Android verfĂŒgbar
eBook - ePub

The Cyber Risk Handbook

Creating and Measuring Effective Cybersecurity Capabilities

Domenic Antonucci

Angaben zum Buch
Buchvorschau
Inhaltsverzeichnis
Quellenangaben

Über dieses Buch

Actionable guidance and expert perspective for real-world cybersecurity

The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.

Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.

  • Learn how cyber risk management can be integrated to better protect your enterprise
  • Design and benchmark new and improved practical counter-cyber capabilities
  • Examine planning and implementation approaches, models, methods, and more
  • Adopt a new cyber risk maturity model tailored to your enterprise needs

The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.

HĂ€ufig gestellte Fragen

Wie kann ich mein Abo kĂŒndigen?
Gehe einfach zum Kontobereich in den Einstellungen und klicke auf „Abo kĂŒndigen“ – ganz einfach. Nachdem du gekĂŒndigt hast, bleibt deine Mitgliedschaft fĂŒr den verbleibenden Abozeitraum, den du bereits bezahlt hast, aktiv. Mehr Informationen hier.
(Wie) Kann ich BĂŒcher herunterladen?
Derzeit stehen all unsere auf MobilgerĂ€te reagierenden ePub-BĂŒcher zum Download ĂŒber die App zur VerfĂŒgung. Die meisten unserer PDFs stehen ebenfalls zum Download bereit; wir arbeiten daran, auch die ĂŒbrigen PDFs zum Download anzubieten, bei denen dies aktuell noch nicht möglich ist. Weitere Informationen hier.
Welcher Unterschied besteht bei den Preisen zwischen den AboplÀnen?
Mit beiden AboplÀnen erhÀltst du vollen Zugang zur Bibliothek und allen Funktionen von Perlego. Die einzigen Unterschiede bestehen im Preis und dem Abozeitraum: Mit dem Jahresabo sparst du auf 12 Monate gerechnet im Vergleich zum Monatsabo rund 30 %.
Was ist Perlego?
Wir sind ein Online-Abodienst fĂŒr LehrbĂŒcher, bei dem du fĂŒr weniger als den Preis eines einzelnen Buches pro Monat Zugang zu einer ganzen Online-Bibliothek erhĂ€ltst. Mit ĂŒber 1 Million BĂŒchern zu ĂŒber 1.000 verschiedenen Themen haben wir bestimmt alles, was du brauchst! Weitere Informationen hier.
UnterstĂŒtzt Perlego Text-zu-Sprache?
Achte auf das Symbol zum Vorlesen in deinem nÀchsten Buch, um zu sehen, ob du es dir auch anhören kannst. Bei diesem Tool wird dir Text laut vorgelesen, wobei der Text beim Vorlesen auch grafisch hervorgehoben wird. Du kannst das Vorlesen jederzeit anhalten, beschleunigen und verlangsamen. Weitere Informationen hier.
Ist The Cyber Risk Handbook als Online-PDF/ePub verfĂŒgbar?
Ja, du hast Zugang zu The Cyber Risk Handbook von Domenic Antonucci im PDF- und/oder ePub-Format sowie zu anderen beliebten BĂŒchern aus Business & Financial Risk Management. Aus unserem Katalog stehen dir ĂŒber 1 Million BĂŒcher zur VerfĂŒgung.

Information

Verlag
Wiley
Jahr
2017
ISBN
9781119308959
Auflage
1
Thema
Business
Thema
Financial Risk Management

Chapter 1
Introduction

Domenic Antonucci, Editor and Chief Risk Officer, Australia

The CEO under Pressure

Tom is sitting at his chief executive officer’s desk staring into his early-morning coffee cup. His chairperson, Tara, has just reminded him that he has only one day before he must personally present to the board regarding his organization’s cyber risk management capabilities. “Also, include an assessment of how effective our cyber risk management is across all our enterprise-wide operations—not just IT,” she added.
Tom has never presented on cyber before. He had delegated such matters in the past to his chief information officer (CIO). Tom struggled to remember his last internal briefing on the matter. He was aware that they had recently hired a chief information security officer (CISO) with a focus on cybersecurity, who reported to him directly. Tom started to protest, “Tara, my CISO or CIO can present 
” but was interrupted: “No, you own cybersecurity, we oversee it alongside the board. By ‘system,’ I don’t mean our IT approach, I mean our whole-of-organization capabilities to manage cyber threats.”
Noting the dazed look on Tom’s face, Tara gave Tom a tip. “Tom, cyber risk is not just an IT risk, it is an enterprise, strategic, commercial, and organization-wide risk. We at the top are accountable. You’ve introduced our first enterprise-wide risk management (ERM) system together with a risk maturity strategy and risk maturity model to assess and measure how we are improving the ERM system over time. Fine. But cyber risk is now an urgent priority and the specific capabilities required are a subset of the enterprise risk management system. You need to integrate the two. I suggest you dedicate your whole day today to having your team define the right set of capabilities in cyber risk management that our organization needs and how we can measure them. The board expects to see your road map first thing tomorrow.”

The Need for a Cyber Risk Handbook

“But what is the board worrying about, Tara?” Tom quizzed. Tara paused, “Cyber threats, social media, mobile devices, massive data storage, artificially intelligent products, the Internet of Things (IoT), privacy requirements, and continuity of our business-as-usual—and more. These require heavy information security measures and organization capabilities. Tom, I’m going to leave you with a couple of recent survey results and you’ll understand what our board is worrying about. Read the highlights.”
Tom picked up the two reports and read the highlights.
Eighty-eight percent of companies don’t believe their information security fully meets their organization’s needs 
 Sixty-nine percent of businesses recognize that they should be spending more on cybersecurity than they currently do, and learning about making the most of that essential investment is critical.
—EY’s Global Information Security Survey 2015: “Creating Trust in the Digital World,” www.ey.com/giss


In November and December 2015, the ISACA and RSA Conference conducted a global survey of 461 cybersecurity managers and practitioners. Survey participants confirmed that the number of breaches targeting organizational and individual data continues to go unchecked and the sophistication of attack methodologies is evolving. The current state of global cybersecurity remains chaotic, the attacks are not expected to slow down, and almost 75 percent of respondents expect to fall prey to a cyber attack in 2016. Cybercriminals are the most prevalent attackers and continue to employ social engineering as their primary initial attack vector. 
 Eighty-two percent of security executives and practitioners participating reported that boards are concerned or very concerned about cybersecurity.
—Text from ISACA Report, March 2016. Source: State of Cybersecurity: Implications for 2016 ©2016 ISACA. All rights reserved. Used by permission.
“So, how do you suggest I start?” queried a concerned Tom. As she left the room, Tara looked back and said simply, “Get the perspectives of all your organization functions as they are all stakeholders for cyber risk, and not just your information security guys. Pull together an enterprise playbook to cover what they need to create and measure effective cybersecurity capabilities. Call it your cyber risk handbook.”

Toward an Effectively Cyber Risk–Managed Organization

Cyber risk is not new. It has been around since the start of the digital age, but cyber threats to organizations are now growing in scale and sophistication at an unprecedented rate due to advancing technologies, criminal and state-level avarice, and changing work practices (such as big data, remote access, cloud computing, social media, and mobile technology). There is increasing media and insurance industry attention. This is spotlighting high-profile and highly disruptive and damaging security breaches. These threaten financial, physical, and reputation damage across critical organization (and state) infrastructures.
Cyber risk is now widely regarded as a top risk for organizations and the top risk for many. Organization vulnerability across all sectors is increasing. The do-nothing option is increasing becoming unrealistic. This is due ...

Inhaltsverzeichnis