Cybersecurity Program Development for Business

Book description

"This is the book executives have been waiting for. It is clear: With deep expertise but in nontechnical language, it describes what cybersecurity risks are and the decisions executives need to make to address them. It is crisp: Quick and to the point, it doesn't waste words and won't waste your time. It is candid: There is no sure cybersecurity defense, and Chris Moschovitis doesn't pretend there is; instead, he tells you how to understand your company's risk and make smart business decisions about what you can mitigate and what you cannot.

It is also, in all likelihood, the only book ever written (or ever to be written) about cybersecurity defense that is fun to read."

—Thomas A. Stewart, Executive Director, National Center for the Middle Market and Co-Author of Woo, Wow, and Win: Service Design, Strategy, and the Art of Customer Delight

Get answers to all your cybersecurity questions

In 2016, we reached a tipping point—a moment where the global and local implications of cybersecurity became undeniable. Despite the seriousness of the topic, the term "cybersecurity" still exasperates many people. They feel terrorized and overwhelmed. The majority of business people have very little understanding of cybersecurity, how to manage it, and what's really at risk.

This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. From understanding the need, to core risk management principles, to threats, tools, roles and responsibilities, this book walks the reader through each step of developing and implementing a cybersecurity program. Read cover-to-cover, it’s a thorough overview, but it can also function as a useful reference book as individual questions and difficulties arise.

  • Unlike other cybersecurity books, the text is not bogged down with industry jargon
  • Speaks specifically to the executive who is not familiar with the development or implementation of cybersecurity programs
  • Shows you how to make pragmatic, rational, and informed decisions for your organization
  • Written by a top-flight technologist with decades of experience and a track record of success

If you’re a business manager or executive who needs to make sense of cybersecurity, this book demystifies it for you.

Table of contents

  1. COVER
  2. TITLE PAGE
  3. FOREWORD
  4. PREFACE
    1. Something Completely Different
  5. ABOUT THE AUTHOR
  6. ACKNOWLEDGMENTS
  7. CHAPTER 1: Understanding Risk
    1. How Much Is It Worth to You?
    2. Risk! Not Just a Board Game
  8. CHAPTER 2: Everything You Always Wanted to Know About Tech (But Were Afraid to Ask Your Kids)
    1. In the Beginning…
    2. Key Definitions
    3. Note
  9. CHAPTER 3: A Cybersecurity Primer
    1. Cybersecurity Defined
    2. The Meaning of Security
    3. Measuring Cybersecurity's Success
    4. Deter, Identify, Protect, Detect, Respond
    5. Cybersecurity Controls and Defense in Depth
    6. Defense in Depth
    7. The Threats
    8. Threat Agents
    9. Key Trends Influencing Threat Agents
    10. The Nature of Hackers
    11. Attack Process
    12. Types of Attacks
    13. A Brief Cyberglossary of Terms
  10. CHAPTER 4: Management, Governance, and Alignment
    1. Why Governance Matters
    2. Strategy, Steering, and Standards
    3. Critical Success Factors
  11. CHAPTER 5: Your Cybersecurity Program: A High‐Level Overview
    1. Vision and Mission Statements
    2. Culture and Strategy
    3. Off to See the Wizard
    4. What's at Risk?
    5. Threat Assessment
    6. At the Club House Turn!
    7. Mitigating Risk
    8. Incident‐Response Planning
  12. CHAPTER 6: Assets
    1. Asset Classification
    2. Asset Metadata
    3. Business‐Impact Analysis
    4. One Spreadsheet to Rule Them All
  13. CHAPTER 7: Threats
    1. Types of Threats
    2. Threat Rankings
    3. Threat Intelligence
    4. Threat Modeling
  14. CHAPTER 8: Vulnerabilities
    1. Who Is Who in Vulnerabilities Tracking
    2. Zero‐Day Exploits
    3. Vulnerabilities Mapping
    4. Vulnerability Testing
    5. Prioritizing Vulnerability Remediation
  15. CHAPTER 9: Environments
    1. On‐Premises (Onsite) Computing Environments
    2. Private‐Cloud Computing Environments
    3. Public‐Cloud Computing Environments
    4. Hybrid‐Cloud Computing Environments
    5. The Internet of Things (IoT)
    6. Distributed Workforces
  16. CHAPTER 10: Controls
    1. Preventative Controls
    2. Detective Controls
    3. Corrective Controls
    4. Compensatory Controls
    5. Defense in Depth
    6. People, Technology, and Operations
    7. Communications
    8. Policies, Standards, Procedures, and Guidelines
    9. Regulatory Compliance: The European Example
    10. Pulling It All Together
  17. CHAPTER 11: Incident‐Response Planning
    1. Incident‐Response Planning: Not Just a Good Idea—It's the Law!
    2. Incident‐Response Plan Phases
    3. Preparing Your Incident‐Response Plan Incident‐Response Plan
    4. Identifying Incidents
    5. Containing Incidents
    6. Treating Incidents
    7. Incident Recovery
    8. Post‐Incident Review
    9. Do It All Over Again!
  18. CHAPTER 12: People
    1. What's in It for Me?
    2. Attitude Adjustment!
    3. The Right Message, Delivered the Right Way
    4. Cybersecurity‐Awareness Training
  19. CHAPTER 13: Living Cybersecure!
    1. General Data Protection Regulation (GDPR), Privacy, and Regulators
    2. Artificial Intelligence and Machine Learning
    3. Blockchain
    4. Quantum Computing
  20. BIBLIOGRAPHY
  21. APPENDIX: Clear and Present Danger
  22. INDEX
  23. END USER LICENSE AGREEMENT

Product information

  • Title: Cybersecurity Program Development for Business
  • Author(s): Chris Moschovitis
  • Release date: May 2018
  • Publisher(s): Wiley
  • ISBN: 9781119429517