book

Solving Cyber Risk

Name: Solving Cyber Risk
ISBN: 9781119490937

by Andrew Coburn, Eireann Leverett, Gordon Woo

December 2018

Intermediate to advanced

384 pages

11h 5m

English

Wiley

Read now

Unlock full access

Cover
About the Authors
ANDREW COBURNÉIREANN LEVERETTGORDON WOO
Acknowledgments
CHAPTER 1: Counting the Costs of Cyber Attacks
1.1 ANATOMY OF A DATA EXFILTRATION ATTACK1.2 A MODERN SCOURGE1.3 CYBER CATASTROPHES1.4 SOCIETAL CYBER THREATS1.5 CYBER RISK1.6 HOW MUCH DOES CYBER RISK COST OUR SOCIETY?ENDNOTES
CHAPTER 2: Preparing for Cyber Attacks
2.1 CYBER LOSS PROCESSES2.2 DATA EXFILTRATION2.3 CONTAGIOUS MALWARE INFECTION2.4 DENIAL OF SERVICE ATTACKS2.5 FINANCIAL THEFT2.6 FAILURES OF COUNTERPARTIES OR SUPPLIERSENDNOTES
CHAPTER 3: Cyber Enters the Physical World
3.1 A BRIEF HISTORY OF CYBER-PHYSICAL INTERACTIONS3.2 HACKING ATTACKS ON CYBER-PHYSICAL SYSTEMS3.3 COMPONENTS OF CYBER-PHYSICAL SYSTEMS3.4 HOW TO SUBVERT CYBER-PHYSICAL SYSTEMS3.5 HOW TO CAUSE DAMAGE REMOTELY3.6 USING COMPROMISES TO TAKE CONTROL3.7 OPERATING COMPROMISED SYSTEMS3.8 EXPECT THE UNEXPECTED3.9 SMART DEVICES AND THE INTERNET OF THINGSENDNOTES
CHAPTER 4: Ghosts in the Code
4.1 ALL SOFTWARE HAS ERRORS4.2 VULNERABILITIES, EXPLOITS, AND ZERO DAYS4.3 COUNTING VULNERABILITIES4.4 VULNERABILITY MANAGEMENT4.5 INTERNATIONAL CYBER RESPONSE AND DEFENSEENDNOTES
CHAPTER 5: Know Your Enemy
5.1 HACKERS5.2 TAXONOMY OF THREAT ACTORS5.3 THE INSIDER THREAT5.4 THREAT ACTORS AND CYBER RISK5.5 HACKONOMICSENDNOTES
CHAPTER 6: Measuring the Cyber Threat
6.1 MEASUREMENT AND MANAGEMENT6.2 CYBER THREAT METRICS6.3 MEASURING THE THREAT FOR AN ORGANIZATION6.4 THE LIKELIHOOD OF MAJOR CYBER ATTACKSENDNOTES
CHAPTER 7: Rules, Regulations, and Law Enforcement
7.1 CYBER LAWS7.2 US CYBER LAWS7.3 EU GENERAL DATA PROTECTION REGULATION (GDPR)7.4 REGULATION OF CYBER INSURANCE7.5 A CHANGING LEGAL LANDSCAPE7.6 COMPLIANCE AND LAW ENFORCEMENT7.7 LAW ENFORCEMENT AND CYBER CRIMEENDNOTES

CHAPTER 8: The Cyber-Resilient Organization
8.1 CHANGING APPROACHES TO RISK MANAGEMENT8.2 INCIDENT RESPONSE AND CRISIS MANAGEMENT8.3 RESILIENCE ENGINEERING8.4 ATTRIBUTES OF A CYBER-RESILIENT ORGANIZATION8.5 INCIDENT RESPONSE PLANNING8.6 RESILIENT SECURITY SOLUTIONS8.7 FINANCIAL RESILIENCEENDNOTES
CHAPTER 9: Cyber Insurance
9.1 BUYING CYBER INSURANCE9.2 THE CYBER INSURANCE MARKET9.3 CYBER CATASTROPHE RISK9.4 MANAGING PORTFOLIOS OF CYBER INSURANCE9.5 CYBER INSURANCE UNDERWRITING9.6 CYBER INSURANCE AND RISK MANAGEMENTENDNOTES
CHAPTER 10: Security Economics and Strategies
10.1 COST-EFFECTIVENESS OF SECURITY ENHANCEMENTS10.2 CYBER SECURITY BUDGETS10.3 SECURITY STRATEGIES FOR SOCIETY10.4 STRATEGIES OF CYBER ATTACK10.5 STRATEGIES OF NATIONAL CYBER DEFENSEENDNOTES
CHAPTER 11: Ten Cyber Problems
11.1 SETTING PROBLEMSENDNOTES
CHAPTER 12: Cyber Future
12.1 CYBERGEDDON12.2 CYBERTOPIA12.3 FUTURE TECHNOLOGY TRENDS12.4 GETTING THE CYBER RISK FUTURE WE WANTENDNOTES
References
Index
End User License Agreement

Content preview from Solving Cyber Risk

CHAPTER 8The Cyber-Resilient Organization

8.1 CHANGING APPROACHES TO RISK MANAGEMENT

8.1.1 Identify, Protect, Detect, Respond, Recover

The cyber risk management framework proposed by the National Institute of Standards and Technology (NIST) consists of five functions:¹

Identify. Develop an organizational understanding to manage cyber security risk to systems, people, assets, data, and capabilities.
Protect. Develop and implement appropriate safeguards to ensure delivery of critical services.
Detect. Develop and implement appropriate activities to identify the occurrence of a cyber security event.
Respond. Develop and implement appropriate activities to take action regarding a detected cyber security incident.
Recover. Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cyber security incident.

Cyber security in an organization typically places emphasis on maintaining a secure perimeter, with an emphasis on technology tools for monitoring internal traffic and external communications, and with minimal tolerance of external penetration, malware, or unauthorized software. Cyber security tools include antivirus software, firewalls, network traffic deep-packet inspection, data management systems, email security systems, server gateways, web application firewalls, and many others.

Cyber security system design is a complex and skillful process, matching the specific operations and ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119490937Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design