Stepping Through Cybersecurity Risk Management (eBook)

A Systems Thinking Approach
eBook Download: EPUB
2024 | 1. Auflage
336 Seiten
John Wiley & Sons (Verlag)
978-1-394-21397-9 (ISBN)

Lese- und Medienproben

Stepping Through Cybersecurity Risk Management - Jennifer L. Bayuk
Systemvoraussetzungen
82,99 inkl. MwSt
  • Download sofort lieferbar
  • Zahlungsarten anzeigen
Stepping Through Cybersecurity Risk Management

Authoritative resource delivering the professional practice of cybersecurity from the perspective of enterprise governance and risk management.

Stepping Through Cybersecurity Risk Management covers the professional practice of cybersecurity from the perspective of enterprise governance and risk management. It describes the state of the art in cybersecurity risk identification, classification, measurement, remediation, monitoring and reporting. It includes industry standard techniques for examining cybersecurity threat actors, cybersecurity attacks in the context of cybersecurity-related events, technology controls, cybersecurity measures and metrics, cybersecurity issue tracking and analysis, and risk and control assessments.

The text provides precise definitions for information relevant to cybersecurity management decisions and recommendations for collecting and consolidating that information in the service of enterprise risk management. The objective is to enable the reader to recognize, understand, and apply risk-relevant information to the analysis, evaluation, and mitigation of cybersecurity risk. A well-rounded resource, the text describes both reports and studies that improve cybersecurity decision support.

Composed of 10 chapters, the author provides learning objectives, exercises and quiz questions per chapter in an appendix, with quiz answers and exercise grading criteria available to professors.

Written by a highly qualified professional with significant experience in the field, Stepping Through Cybersecurity Risk Management includes information on:

* Threat actors and networks, attack vectors, event sources, security operations, and CISO risk evaluation criteria with respect to this activity

* Control process, policy, standard, procedures, automation, and guidelines, along with risk and control self assessment and compliance with regulatory standards

* Cybersecurity measures and metrics, and corresponding key risk indicators

* The role of humans in security, including the "three lines of defense" approach, auditing, and overall human risk management

* Risk appetite, tolerance, and categories, and analysis of alternative security approaches via reports and studies

Providing comprehensive coverage on the topic of cybersecurity through the unique lens of perspective of enterprise governance and risk management, Stepping Through Cybersecurity Risk Management is an essential resource for professionals engaged in compliance with diverse business risk appetites, as well as regulatory requirements such as FFIEC, HIIPAA, and GDPR, as well as a comprehensive primer for those new to the field.

A complimentary forward by Professor Gene Spafford explains why "This book will be helpful to the newcomer as well as to the hierophants in the C-suite. The newcomer can read this to understand general principles and terms. The C-suite occupants can use the material as a guide to check that their understanding encompasses all it should."

Jennifer L. Bayuk is a cybersecurity due diligence expert with a MS in Computer Science and a PhD in Systems Engineering. She has been a Global Financial Services Technology Risk Management Officer, a Wall Street Chief Information Security Officer, a Big 4 Information Risk Management Consultant, a Manager of Information Technology Internal Audit, a Security Architect, a Bell Labs Security Software Engineer, a Professor of Systems Security Engineering, and a Private Cybersecurity Investigator and Expert Witness

Foreword ix

Preface xiii

Acknowledgements xxv

About the Companion Website xxvii

1 Framework Elements 1

References 16

2 Threats 17

2.1 Threat Actors 17

2.1.1 Hackivists 22

2.1.2 Insiders 23

2.1.3 Hacker 26

2.1.4 Competitors 29

2.1.5 Lone Wolf 33

2.2 Threat Networks 33

2.2.1 Example: Identity Theft 34

2.2.2 Zero-Day Threats 35

2.3 Threat Vectors 37

References 44

3 Events 47

3.1 Event Classification 50

3.2 Event Prevention 56

3.3 Detection and Response 65

3.4 Event Scenarios 77

References 87

4 Controls 89

4.1 Risk Appetite 91

4.2 Policy 94

4.2.1 Security Principles 96

4.2.2 Formality 102

4.3 Process 106

4.4 Standards 114

4.4.1 Internal Standards 114

4.4.2 External Standards 116

4.4.3 Security Architecture 123

4.5 Procedures 130

4.6 Guidelines 136

References 140

5 Assessments 143

5.1 Standards Adherence 147

5.2 Risk and Control Self Assessment 154

5.3 Pentests and Vulnscans 160

5.4 Audits 165

5.5 Spot Checks 169

References 172

6 Issues 173

6.1 Issue Identification 174

6.2 Classification 177

6.3 Criteria and Remediation 180

References 183

7 Metrics 185

7.1 Measuring Cybersecurity 186

7.2 From Measures to Metrics 189

7.3 Key Risk Indicators 205

References 216

8 People 217

8.1 Three Lines of Defense 217

8.2 The Cybersecurity Team 224

8.3 Enterprise Management 230

8.4 Framework Element Owners 233

References 235

9 Risks 237

9.1 Risk Categories 239

9.2 Risk Treatment 242

9.2.1 Controls 242

9.2.2 Transfer 242

9.2.3 Avoidance 245

9.2.4 Acceptance 245

9.3 Risk Appetite 250

9.4 Risk Tolerance 255

9.5 Probability Measurement 260

References 266

10 Analysis 269

10.1 Reports and Studies 269

10.2 Safety Analogies 275

10.3 Decision Support 278

10.4 Conclusion 280

References 282

Appendix: Exercises in FrameCyber 283

Index 299

Erscheint lt. Verlag 20.3.2024
Sprache englisch
Themenwelt Informatik Netzwerke Sicherheit / Firewall
Technik
Wirtschaft Betriebswirtschaft / Management
Schlagworte Business & Management • Computer Science • Computer Security & Cryptography • Computersicherheit • Computersicherheit u. Kryptographie • cybersecurity • Cybersicherheit • Cyber-Sicherheit • Informatik • Risikomanagement • Risiko-, Notfall- u. Krisenmanagement • Risk, Contingency & Crisis Management • security management • Sicherheitsmanagement • Wirtschaft u. Management
ISBN-10 1-394-21397-2 / 1394213972
ISBN-13 978-1-394-21397-9 / 9781394213979
Haben Sie eine Frage zum Produkt?
EPUBEPUB (Adobe DRM)
Größe: 18,9 MB

Kopierschutz: Adobe-DRM
Adobe-DRM ist ein Kopierschutz, der das eBook vor Mißbrauch schützen soll. Dabei wird das eBook bereits beim Download auf Ihre persönliche Adobe-ID autorisiert. Lesen können Sie das eBook dann nur auf den Geräten, welche ebenfalls auf Ihre Adobe-ID registriert sind.
Details zum Adobe-DRM

Dateiformat: EPUB (Electronic Publication)
EPUB ist ein offener Standard für eBooks und eignet sich besonders zur Darstellung von Belle­tristik und Sach­büchern. Der Fließ­text wird dynamisch an die Display- und Schrift­größe ange­passt. Auch für mobile Lese­geräte ist EPUB daher gut geeignet.

Systemvoraussetzungen:
PC/Mac: Mit einem PC oder Mac können Sie dieses eBook lesen. Sie benötigen eine Adobe-ID und die Software Adobe Digital Editions (kostenlos). Von der Benutzung der OverDrive Media Console raten wir Ihnen ab. Erfahrungsgemäß treten hier gehäuft Probleme mit dem Adobe DRM auf.
eReader: Dieses eBook kann mit (fast) allen eBook-Readern gelesen werden. Mit dem amazon-Kindle ist es aber nicht kompatibel.
Smartphone/Tablet: Egal ob Apple oder Android, dieses eBook können Sie lesen. Sie benötigen eine Adobe-ID sowie eine kostenlose App.
Geräteliste und zusätzliche Hinweise

Buying eBooks from abroad
For tax law reasons we can sell eBooks just within Germany and Switzerland. Regrettably we cannot fulfill eBook-orders from other countries.

Mehr entdecken
aus dem Bereich
Das Praxishandbuch zu Krisenmanagement und Krisenkommunikation

von Holger Kaschner

eBook Download (2024)
Springer Fachmedien Wiesbaden (Verlag)
34,99
Methodische Kombination von IT-Strategie und IT-Reifegradmodell

von Markus Mangiapane; Roman P. Büchler

eBook Download (2024)
Springer Vieweg (Verlag)
42,99