book

Solving Cyber Risk

Name: Solving Cyber Risk
ISBN: 9781119490937

by Andrew Coburn, Eireann Leverett, Gordon Woo

December 2018

Intermediate to advanced

384 pages

11h 5m

English

Wiley

Read now

Unlock full access

Cover
About the Authors
ANDREW COBURNÉIREANN LEVERETTGORDON WOO
Acknowledgments
CHAPTER 1: Counting the Costs of Cyber Attacks
1.1 ANATOMY OF A DATA EXFILTRATION ATTACK1.2 A MODERN SCOURGE1.3 CYBER CATASTROPHES1.4 SOCIETAL CYBER THREATS1.5 CYBER RISK1.6 HOW MUCH DOES CYBER RISK COST OUR SOCIETY?ENDNOTES
CHAPTER 2: Preparing for Cyber Attacks
2.1 CYBER LOSS PROCESSES2.2 DATA EXFILTRATION2.3 CONTAGIOUS MALWARE INFECTION2.4 DENIAL OF SERVICE ATTACKS2.5 FINANCIAL THEFT2.6 FAILURES OF COUNTERPARTIES OR SUPPLIERSENDNOTES
CHAPTER 3: Cyber Enters the Physical World
3.1 A BRIEF HISTORY OF CYBER-PHYSICAL INTERACTIONS3.2 HACKING ATTACKS ON CYBER-PHYSICAL SYSTEMS3.3 COMPONENTS OF CYBER-PHYSICAL SYSTEMS3.4 HOW TO SUBVERT CYBER-PHYSICAL SYSTEMS3.5 HOW TO CAUSE DAMAGE REMOTELY3.6 USING COMPROMISES TO TAKE CONTROL3.7 OPERATING COMPROMISED SYSTEMS3.8 EXPECT THE UNEXPECTED3.9 SMART DEVICES AND THE INTERNET OF THINGSENDNOTES
CHAPTER 4: Ghosts in the Code
4.1 ALL SOFTWARE HAS ERRORS4.2 VULNERABILITIES, EXPLOITS, AND ZERO DAYS4.3 COUNTING VULNERABILITIES4.4 VULNERABILITY MANAGEMENT4.5 INTERNATIONAL CYBER RESPONSE AND DEFENSEENDNOTES
CHAPTER 5: Know Your Enemy
5.1 HACKERS5.2 TAXONOMY OF THREAT ACTORS5.3 THE INSIDER THREAT5.4 THREAT ACTORS AND CYBER RISK5.5 HACKONOMICSENDNOTES
CHAPTER 6: Measuring the Cyber Threat
6.1 MEASUREMENT AND MANAGEMENT6.2 CYBER THREAT METRICS6.3 MEASURING THE THREAT FOR AN ORGANIZATION6.4 THE LIKELIHOOD OF MAJOR CYBER ATTACKSENDNOTES
CHAPTER 7: Rules, Regulations, and Law Enforcement
7.1 CYBER LAWS7.2 US CYBER LAWS7.3 EU GENERAL DATA PROTECTION REGULATION (GDPR)7.4 REGULATION OF CYBER INSURANCE7.5 A CHANGING LEGAL LANDSCAPE7.6 COMPLIANCE AND LAW ENFORCEMENT7.7 LAW ENFORCEMENT AND CYBER CRIMEENDNOTES

CHAPTER 8: The Cyber-Resilient Organization
8.1 CHANGING APPROACHES TO RISK MANAGEMENT8.2 INCIDENT RESPONSE AND CRISIS MANAGEMENT8.3 RESILIENCE ENGINEERING8.4 ATTRIBUTES OF A CYBER-RESILIENT ORGANIZATION8.5 INCIDENT RESPONSE PLANNING8.6 RESILIENT SECURITY SOLUTIONS8.7 FINANCIAL RESILIENCEENDNOTES
CHAPTER 9: Cyber Insurance
9.1 BUYING CYBER INSURANCE9.2 THE CYBER INSURANCE MARKET9.3 CYBER CATASTROPHE RISK9.4 MANAGING PORTFOLIOS OF CYBER INSURANCE9.5 CYBER INSURANCE UNDERWRITING9.6 CYBER INSURANCE AND RISK MANAGEMENTENDNOTES
CHAPTER 10: Security Economics and Strategies
10.1 COST-EFFECTIVENESS OF SECURITY ENHANCEMENTS10.2 CYBER SECURITY BUDGETS10.3 SECURITY STRATEGIES FOR SOCIETY10.4 STRATEGIES OF CYBER ATTACK10.5 STRATEGIES OF NATIONAL CYBER DEFENSEENDNOTES
CHAPTER 11: Ten Cyber Problems
11.1 SETTING PROBLEMSENDNOTES
CHAPTER 12: Cyber Future
12.1 CYBERGEDDON12.2 CYBERTOPIA12.3 FUTURE TECHNOLOGY TRENDS12.4 GETTING THE CYBER RISK FUTURE WE WANTENDNOTES
References
Index
End User License Agreement

Content preview from Solving Cyber Risk

CHAPTER 10Security Economics and Strategies

10.1 COST-EFFECTIVENESS OF SECURITY ENHANCEMENTS

10.1.1 Impact of Security on Cyber Loss Likelihood

Everyone who attends a major information security convention is confronted with a bewildering range of vendors offering products to enhance cyber security. How can you choose between security products? How can you evaluate the effectiveness of the protection they promise? How can you integrate a suite of solutions and components into an integrated information security solution?

It is not our intention in this chapter to provide a buyers' guide to products, or to recommend one set of solutions over another. There is no universal answer to the security solution for all companies. Each company has different needs, and the solutions, components, and strategies that work best are unique to each organization.

Instead we believe this is best evaluated within the framework of solving cyber risk. We have set out the principle that risk is assessed by evaluating the likelihood of losses of different levels of severity occurring within a given time period. We have proposed that this is built up from considering a wide range of scenarios of different cyber loss processes, including those described in Chapter 2 and adding others that might be important for your organization. Each scenario is evaluated for the loss that would occur, and the likelihood of it happening in the next year. Ranking scenarios from the highest loss downwards and summing ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781119490937Purchase book

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design