In the foreword and preface we got aligned on the challenges our industry faces, our motivations for writing the book, and a bit about the authors. To help you use this book as reference in your day-to-day experience, we'll now review the structure of the book and offer a summary of each chapter.

First note that the book has three parts. So, if you plan to read the book front-to-back the flow is natural and the content is cumulative. Chapters at the back of the book assume you are capable of financial analysis, business cases, and other topics covered early on.

In our view, it was important to first establish requisite Foundational Business Knowledge in Part I. That is where you will learn key vocabulary, basic financial formulas, and business strategy tools. We will also review business decision models, valuation methodologies, and business case development. Each chapter (or class) includes one or more case studies to apply the knowledge you've learned. That's true throughout the book, and also true in any MBA program as well. What is different here is that our case studies are developed through the lens of the CISO, rather than a strict business perspective that surfaces in MBA curricula.

Equipped with a common foundation of business knowledge and clear examples of how to apply the core concepts we move on to Part II – Communication and Education. Here you can expect a review of how to leverage COSO, an enterprise risk management framework, to ensure cybersecurity ...