Cybersecurity Investments (eBook)
IX, 281 Seiten
Springer International Publishing (Verlag)
978-3-319-30460-1 (ISBN)
This book offers readers essential orientation on cybersecurity safeguards, and first and foremost helps them find the right balance between financial expenditures and risk mitigation. This is achieved by pursuing a multi-disciplinary approach that combines well-founded methods from economics and the computer sciences. Established decision making techniques are embedded into a walk-through for the complete lifecycle of cybersecurity investments. Insights into the economic aspect of the costs and benefits of cybersecurity are supplemented by established and innovative economic indicators. Readers will find practical tools and techniques to support reasonable decision making in cybersecurity investments. Further, they will be equipped to encourage a common understanding using economic aspects, and to provide cost transparency for the senior management.
Stefan Beissel, Ph.D., MBA, CISA, CISSP, PMP, holds a professorship in Information Systems at a university of applied sciences in Germany. He has many years of professional experience in Information Security and IT Audit at internationally operating companies.
Stefan Beissel, Ph.D., MBA, CISA, CISSP, PMP, holds a professorship in Information Systems at a university of applied sciences in Germany. He has many years of professional experience in Information Security and IT Audit at internationally operating companies.
Preface 6
Contents 8
1 Introduction 11
1.1 Threat Level in Cyberspace 11
1.2 New Challenges for Cybersecurity 12
1.3 Integration of Economic Aspects 15
1.4 Outlook to the Following Chapters 15
2 Foundations of Cybersecurity 17
2.1 History 17
2.2 Cybersecurity Principles 19
2.2.1 Basic Cybersecurity Principles 20
2.2.1.1 Confidentiality 20
2.2.1.2 Integrity 21
2.2.1.3 Availability 22
2.2.2 Extended Cybersecurity Principles 23
2.2.2.1 Access Control 23
2.2.2.2 Regularity 24
2.2.2.3 Legal Certainty 25
2.2.2.4 Authenticity 26
2.2.2.5 Non-contestability 27
2.2.2.6 Traceability 28
2.2.2.7 Non-repudiation 29
2.2.2.8 Accountability 30
2.2.2.9 Reliability 30
2.3 Protection Level 31
2.4 Protection Scope 31
2.4.1 Network Segmentation 34
2.4.2 Point-to-Point Encryption 35
2.4.3 Tokenization 36
2.4.4 Outsourcing 37
2.5 Stakeholders of Cybersecurity 39
3 Cybersecurity Safeguards 45
3.1 Distinction of Cybersecurity Safeguards 45
3.2 Common Cybersecurity Safeguards 47
3.2.1 Policies and Procedures 47
3.2.2 Need to Know 49
3.2.3 Separation of Duties 49
3.2.4 Awareness and Training 50
3.2.5 Background Checks 52
3.2.6 Data Classification 53
3.2.7 Revision Control 53
3.2.8 Outsourcing 55
3.2.9 Incident Management 55
3.2.10 Testing 57
3.2.11 Supervising 59
3.2.12 Job Rotation and Vacation 60
3.2.13 Reporting 61
3.2.14 Business Continuity Management 63
3.2.15 Software Escrow 64
3.2.16 Incident Response 65
3.2.17 Insurances 66
3.2.18 Access Control Systems 67
3.2.19 Application Control 69
3.2.20 Network Security 70
3.2.21 Hardening 72
3.2.22 Secure Software Development 73
3.2.23 Encryption 74
3.2.24 Data Leakage Prevention 76
3.2.25 Technical Resilience 77
3.2.26 Malware Protection 78
3.2.27 Intrusion Detection Systems 80
3.2.28 File Integrity Monitoring 81
3.2.29 Audit Trails 82
3.2.30 Patch Management 84
3.2.31 Disaster Recovery 85
3.2.32 Backups 86
3.2.33 Journaling File System 87
4 Economic Aspects 88
4.1 Financial Indicators 88
4.1.1 Static Indicators 91
4.1.1.1 Cost Comparison 91
4.1.1.2 Profit Comparison 95
4.1.1.3 Return on Investment 96
4.1.1.4 Static Payback Period 97
4.1.2 Dynamic Indicators 97
4.1.2.1 Net Present Value 99
4.1.2.2 Net Future Value 100
4.1.2.3 Equivalent Annual Annuity 101
4.1.2.4 Internal Rate of Return 101
4.1.2.5 Visualization of Financial Implications 103
4.2 Asset Appraisement 105
4.3 Risk Evaluation 109
4.3.1 Risk Definition 109
4.3.2 Risk Response 111
4.3.3 Risk Management Frameworks 112
4.3.3.1 COBIT 114
4.3.3.2 CRAMM 117
4.3.3.3 FAIR 119
4.3.3.4 FRAAP 122
4.3.3.5 OCTAVE 123
4.3.3.6 RMF 125
4.3.3.7 RMM 127
4.3.3.8 TARA 130
4.3.4 Risk Indicators 132
4.3.4.1 Quantitative Indicators 133
4.3.4.2 Qualitative Indicators 134
4.4 Cybersecurity Costs 135
4.4.1 Safeguard Costs 139
4.4.2 Breach Costs 144
4.5 Cybersecurity Benefits 149
5 Foundations of Decision Making 151
5.1 Motives 151
5.2 Simple Additive Weighting 152
5.3 Analytic Hierarchy Process 154
5.4 Decision Difficulties 157
5.4.1 Cost Aspects 157
5.4.2 Time Aspects 158
5.4.3 Quality Aspects 161
5.4.4 Interdependencies 164
6 Lifecycle of Cybersecurity Investments 166
6.1 Overview of Lifecycle Steps 166
6.2 Initiation 171
6.3 Sponsoring 175
6.4 Decision Problem Identification 178
6.4.1 Strategy Determination 180
6.4.2 Scope Determination 191
6.4.3 Asset Value Measurement 199
6.4.4 Risk Analysis 201
6.4.5 Protection Requirements 205
6.4.6 Adequacy of the Decision Making Technique 207
6.4.7 Involvement of Stakeholders 208
6.5 Attribute Identification 211
6.6 Attribute Evaluation 219
6.7 Alternative Identification 224
6.8 Alternative Evaluation 230
6.8.1 Exclusion Attributes Analysis 232
6.8.2 Comparison Attributes Analysis 234
6.8.3 Sensitivity Analysis 243
6.9 Selection of the Best Alternative 245
6.10 Approval 247
6.11 Planning 253
6.12 Implementation 258
6.13 Closing 263
6.14 Operation 265
6.15 Maintenance 266
6.16 Termination 269
7 Summary 271
7.1 Prerequisite Knowledge 271
7.2 Decision Making Knowledge 276
7.3 Checklist 279
References 281
Index 284
| Erscheint lt. Verlag | 29.2.2016 |
|---|---|
| Reihe/Serie | Progress in IS | Progress in IS |
| Zusatzinfo | IX, 281 p. 58 illus. in color. |
| Verlagsort | Cham |
| Sprache | englisch |
| Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
| Wirtschaft ► Allgemeines / Lexika | |
| Wirtschaft ► Betriebswirtschaft / Management ► Logistik / Produktion | |
| Wirtschaft ► Betriebswirtschaft / Management ► Planung / Organisation | |
| Schlagworte | Cybersecurity investment • Cybersecurity investment lifecycle • Cybersecurity risk • Cybersecurity risk mitigation • Decision Theory • safeguard |
| ISBN-10 | 3-319-30460-7 / 3319304607 |
| ISBN-13 | 978-3-319-30460-1 / 9783319304601 |
| Haben Sie eine Frage zum Produkt? |
PDF (Wasserzeichen)Größe: 4,6 MB
DRM: Digitales Wasserzeichen
Dieses eBook enthält ein digitales Wasserzeichen und ist damit für Sie personalisiert. Bei einer missbräuchlichen Weitergabe des eBooks an Dritte ist eine Rückverfolgung an die Quelle möglich.
Dateiformat: PDF (Portable Document Format)
Mit einem festen Seitenlayout eignet sich die PDF besonders für Fachbücher mit Spalten, Tabellen und Abbildungen. Eine PDF kann auf fast allen Geräten angezeigt werden, ist aber für kleine Displays (Smartphone, eReader) nur eingeschränkt geeignet.
Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen dafür einen PDF-Viewer - z.B. den Adobe Reader oder Adobe Digital Editions.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen dafür einen PDF-Viewer - z.B. die kostenlose Adobe Digital Editions-App.
Zusätzliches Feature: Online Lesen
Dieses eBook können Sie zusätzlich zum Download auch online im Webbrowser lesen.
Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.
aus dem Bereich
