eBook - ePub

The Cyber Risk Handbook

Name: The Cyber Risk Handbook
Author: Domenic Antonucci

Creating and Measuring Effective Cybersecurity Capabilities

Domenic Antonucci

Condividi libro

English
ePUB (disponibile sull'app)
Disponibile su iOS e Android

eBook - ePub

The Cyber Risk Handbook

Creating and Measuring Effective Cybersecurity Capabilities

Domenic Antonucci

Dettagli del libro

Anteprima del libro

Indice dei contenuti

Citazioni

Informazioni sul libro

Actionable guidance and expert perspective for real-world cybersecurity

The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.

Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.

Learn how cyber risk management can be integrated to better protect your enterprise
Design and benchmark new and improved practical counter-cyber capabilities
Examine planning and implementation approaches, models, methods, and more
Adopt a new cyber risk maturity model tailored to your enterprise needs

The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.

Domande frequenti

Come faccio ad annullare l'abbonamento?

È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui

È possibile scaricare libri? Se sì, come?

Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui

Che differenza c'è tra i piani?

Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.

Cos'è Perlego?

Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.

Perlego supporta la sintesi vocale?

Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.

The Cyber Risk Handbook è disponibile online in formato PDF/ePub?

Sì, puoi accedere a The Cyber Risk Handbook di Domenic Antonucci in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Business e Financial Risk Management. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.

Informazioni

Editore

Wiley

Anno

2017

ISBN

9781119308959

Edizione

Argomento

Business

Categoria

Financial Risk Management

Chapter 1
Introduction

Domenic Antonucci, Editor and Chief Risk Officer, Australia

The CEO under Pressure

Tom is sitting at his chief executive officer’s desk staring into his early-morning coffee cup. His chairperson, Tara, has just reminded him that he has only one day before he must personally present to the board regarding his organization’s cyber risk management capabilities. “Also, include an assessment of how effective our cyber risk management is across all our enterprise-wide operations—not just IT,” she added.

Tom has never presented on cyber before. He had delegated such matters in the past to his chief information officer (CIO). Tom struggled to remember his last internal briefing on the matter. He was aware that they had recently hired a chief information security officer (CISO) with a focus on cybersecurity, who reported to him directly. Tom started to protest, “Tara, my CISO or CIO can present …” but was interrupted: “No, you own cybersecurity, we oversee it alongside the board. By ‘system,’ I don’t mean our IT approach, I mean our whole-of-organization capabilities to manage cyber threats.”

Noting the dazed look on Tom’s face, Tara gave Tom a tip. “Tom, cyber risk is not just an IT risk, it is an enterprise, strategic, commercial, and organization-wide risk. We at the top are accountable. You’ve introduced our first enterprise-wide risk management (ERM) system together with a risk maturity strategy and risk maturity model to assess and measure how we are improving the ERM system over time. Fine. But cyber risk is now an urgent priority and the specific capabilities required are a subset of the enterprise risk management system. You need to integrate the two. I suggest you dedicate your whole day today to having your team define the right set of capabilities in cyber risk management that our organization needs and how we can measure them. The board expects to see your road map first thing tomorrow.”

The Need for a Cyber Risk Handbook

“But what is the board worrying about, Tara?” Tom quizzed. Tara paused, “Cyber threats, social media, mobile devices, massive data storage, artificially intelligent products, the Internet of Things (IoT), privacy requirements, and continuity of our business-as-usual—and more. These require heavy information security measures and organization capabilities. Tom, I’m going to leave you with a couple of recent survey results and you’ll understand what our board is worrying about. Read the highlights.”

Tom picked up the two reports and read the highlights.

Eighty-eight percent of companies don’t believe their information security fully meets their organization’s needs … Sixty-nine percent of businesses recognize that they should be spending more on cybersecurity than they currently do, and learning about making the most of that essential investment is critical.

—EY’s Global Information Security Survey 2015: “Creating Trust in the Digital World,” www.ey.com/giss

In November and December 2015, the ISACA and RSA Conference conducted a global survey of 461 cybersecurity managers and practitioners. Survey participants confirmed that the number of breaches targeting organizational and individual data continues to go unchecked and the sophistication of attack methodologies is evolving. The current state of global cybersecurity remains chaotic, the attacks are not expected to slow down, and almost 75 percent of respondents expect to fall prey to a cyber attack in 2016. Cybercriminals are the most prevalent attackers and continue to employ social engineering as their primary initial attack vector. … Eighty-two percent of security executives and practitioners participating reported that boards are concerned or very concerned about cybersecurity.

“So, how do you suggest I start?” queried a concerned Tom. As she left the room, Tara looked back and said simply, “Get the perspectives of all your organization functions as they are all stakeholders for cyber risk, and not just your information security guys. Pull together an enterprise playbook to cover what they need to create and measure effective cybersecurity capabilities. Call it your cyber risk handbook.”

Toward an Effectively Cyber Risk–Managed Organization

Cyber risk is not new. It has been around since the start of the digital age, but cyber threats to organizations are now growing in scale and sophistication at an unprecedented rate due to advancing technologies, criminal and state-level avarice, and changing work practices (such as big data, remote access, cloud computing, social media, and mobile technology). There is increasing media and insurance industry attention. This is spotlighting high-profile and highly disruptive and damaging security breaches. These threaten financial, physical, and reputation damage across critical organization (and state) infrastructures.

Cyber risk is now widely regarded as a top risk for organizations and the top risk for many. Organization vulnerability across all sectors is increasing. The do-nothing option is increasing becoming unrealistic. This is due ...