Cybersecurity Program Development for Business
The Essential Planning Guide
Chris Moschovitis
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
Cybersecurity Program Development for Business
The Essential Planning Guide
Chris Moschovitis
Información del libro
"This is the book executives have been waiting for. It is clear: With deep expertise but in nontechnical language, it describes what cybersecurity risks are and the decisions executives need to make to address them. It is crisp: Quick and to the point, it doesn't waste words and won't waste your time. It is candid: There is no sure cybersecurity defense, and Chris Moschovitis doesn't pretend there is; instead, he tells you how to understand your company's risk and make smart business decisions about what you can mitigate and what you cannot.
It is also, in all likelihood, the only book ever written (or ever to be written) about cybersecurity defense that is fun to read."
—Thomas A. Stewart, Executive Director, National Center for the Middle Market and Co-Author of Woo, Wow, and Win: Service Design, Strategy, and the Art of Customer Delight Get answers to all your cybersecurity questions
In 2016, we reached a tipping point—a moment where the global and local implications of cybersecurity became undeniable. Despite the seriousness of the topic, the term "cybersecurity" still exasperates many people. They feel terrorized and overwhelmed. The majority of business people have very little understanding of cybersecurity, how to manage it, and what's really at risk.
This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. From understanding the need, to core risk management principles, to threats, tools, roles and responsibilities, this book walks the reader through each step of developing and implementing a cybersecurity program. Read cover-to-cover, it's a thorough overview, but it can also function as a useful reference book as individual questions and difficulties arise.
- Unlike other cybersecurity books, the text is not bogged down with industry jargon
- Speaks specifically to the executive who is not familiar with the development or implementation of cybersecurity programs
- Shows you how to make pragmatic, rational, and informed decisions for your organization
- Written by a top-flight technologist with decades of experience and a track record of success
If you're a business manager or executive who needs to make sense of cybersecurity, this book demystifies it for you.
Preguntas frecuentes
Información
CHAPTER 1
Understanding Risk
A BRIEF SAMPLING OF DREAD
- Hacker Attack Rate: 39 Seconds Assistant Professor of Mechanical Engineering Michel Cukier at the A. James Clark School of Engineering conducted the study that profiled the actions of hackers using brute‐force methods to gain access to a set of exposed computers. The results showed that the computers were attacked about 2,244 times per day.
- More than 33 percent of United States consumers have experienced a cyberattack. This was reported in a survey by Zogby Analytics commission for the Hartford Steam Boiler Inspection and Insurance Company (HSB), with the most likely victims being between 18 and 24 years old. Moreover, the associated incident costs ranged from $500 for 56 percent of the cases to between $1,000 and $5,000 for 23 percent of the cases.
- According to the “Internet Security Threat Report—Symantec 2017” (Volume 22, April 2017):
- It takes on average two minutes for an Internet of Things (IoT) device to get attacked.
- The average ransom amount for a ransomware attack went from $373 in 2014 to $1,077 in 2016.
- Over the last eight years, more than 7.1 billion identities have been stolen as a result of data breaches.
- In 2016, the United States was number one both in number of data breaches (1,023) and in identities stolen (791,820,040).
- According to the “2017 Data Breach Investigations Report” (Verizon):
- 75 percent of the breaches are perpetrated by outsiders, versus 25 percent involving insiders.
- 62 percent of breaches featured hacking, of which 81 percent leveraged stolen or weak passwords.
- 66 percent of malware was installed through malicious email attachments.
- 73 percent of the breaches were financially motivated; 21 percent were espionage‐driven.
- According to the “Small Business Trends” website (https://smallbiztrends.com):
- 43 percent of cyberattacks target small business.
- Only 14 percent of small businesses rate their ability to mitigate cyberrisks vulnerabilities and attacks as highly effective.
- 60 percent of small companies go out of business within six months of a cyberattack.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
- According to Juniper Research's study titled “The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation” (Juniper Research, Ltd.):
- Cybercrime is expected to cost businesses over $2 trillion by 2019.
- Although North America has seen the lion's share of these breaches (60 percent in 2015), the proportion will level off as global digitization levels the playing field.
- According to “Cybersecurity Ventures' Predictions for 2017 through 2021”:
- The cost of cybercrime damages worldwide is estimated to be $6 trillion annually by 2021.
- In 2016, the cybersecurity unemployment rate dropped to zero percent, and it is expected to remain at that level through 2021, with a projected job‐to‐skills shortfall of 1.5 million positions by 2019.
- ISACA's 2016 Cybersecurity Global Data Snapshot lists social engineering, insider threats, and advanced persistent threats as the top‐three threats facing organizations.
- According to Barkly Protects, Inc.:
- One‐third of the IT professionals surveyed by Barkly reported their security had been bypassed by a cyberattack in 2016.
- 71 percent of organizations targeted with ransomware attacks were successfully infected.
- Over half the organizations that suffered successful cyberattacks in 2016 are not making any changes to their cybersecurity posture in 2017, with budgetary constraints cited as the main block to improved cybersecurity.
How Much Is It Worth to You?
- Earrings? Theft!
- Property? Fire!