This book gives you a stark and timely analysis of the hostile online landscape that today's corporate systems inhabit, providing CIOs and IT professionals with a practical introduction to the defensive strategies that you can be employed in response.
Table of Contents
- About the Author
- 1. What Technology Giveth It Taketh Away
2. CyberAttack: It’s a Dangerous World for Information Systems
- From cyberwar to cybercrime – get the ‘low hanging fruit’
- The blended threat
- The asymmetric effects of cyberattacks
- Porous perimeters, compromisable software – or both?
- If we know about the vulnerabilities, why are exploits still successful?
3. The Human Factor: The Underrated Threat
- Are people the problem?
- Who are the attackers?
- Most likely forms of attack
- Sometimes it’s just human error
- People are also the solution!
- 4. Transition from an Environment of ‘FUD’ to a Standards-Based Environment
5. Establishing a Culture of CyberSecurity
- The foundation is in the organizational culture
- Using the cultural web for creating a culture of cybersecurity
- A culture of cybersecurity starts at the top
- 6. Increasing Internationalism: Governance, Laws, and Ethics
- 7. Standards: What Are They and Why Should We Care?
8. From CyberWar to CyberDefence: Applying Standards in an Environment of Change and Danger
- Moving beyond compliance and reaction
- A quick look at relevant standards
Take four steps forward
Step One: Plan
- One: Establish cybersecurity governance – think in boardroom terms
- Information Security Governance: Guidance for Boards of Directors and Executive Management.
Two: Execute risk assessment – what is the tolerance for risk?
- 1. Identify Information System Characteristics
- 2. Identify Potential & Certain Threats
- 3. Identify Potential & Certain Vulnerabilities
- 4. Determine Likelihood
- 5. Identify Potential Business Impacts
- 6. Determine Unmitigated Risk
- 7. Identify Existing Controls and Countermeasures
- 8. Determine Residual Risk
- 9. Make Controls Recommendations
- Three: Develop cybersecurity strategy and plan – create a standards roadmap
- Four: Implement risk management
- Five: Identify security metrics and benchmarks – measures of success
- Step Two: Do
- Step Three: Check
- Step Four: Act
- Step One: Plan
- The future is ‘ROSI’
- Making the case for cybersecurity assurance
- 9. Conclusion: Where Do We Go From Here?
- 1. Gap Analysis Areas of Interest
- 2. Standards Crosswalk
- ITG Resources
- Title: CyberWar, CyberTerror, CyberCrime: A Guide to the Role of Standards in an Environment of Change and Danger
- Release date: April 2009
- Publisher(s): IT Governance Publishing
- ISBN: 9781905356478