Название: Building a Cyber Risk Management Program: Evolving Security for the Digital Age Автор: Brian Allen, Brandon Bapst Издательство: O’Reilly Media, Inc. Год: 2024 Страниц: 223 Язык: английский Формат: pdf (true), epub (true) Размер: 10.1 MB
Cyber risk management is one of the most urgent issues facing enterprises today. This book presents a detailed framework for designing, developing, and implementing a cyber risk management program that addresses your company's specific needs. Ideal for corporate directors, senior executives, security risk practitioners, and auditors at many levels, this guide offers both the strategic insight and tactical guidance you're looking for.
You'll learn how to define and establish a sustainable, defendable, cyber risk management program, and the benefits associated with proper implementation. Cyber risk management experts Brian Allen and Brandon Bapst, working with writer Terry Allan Hicks, also provide advice that goes beyond risk management. You'll discover ways to address your company's oversight obligations as defined by international standards, case law, regulation, and board-level guidance.
The concept of enterprise security risk management is based on the fundamental premise that, at its core, security is a risk function, and every task a security practitioner executes could and should be viewed through the lens of five core risk concepts that apply to any risk paradigm: 1) What is your asset? 2) What are the risks? 3) How could you mitigate these risks? 4) How could you respond to incidents? 5) What consistent continued learning can you pursue about your environment? It doesn’t matter if you practice cybersecurity, physical security, business continuity, fraud management, or any related security discipline. Every tactic, in every discipline, fits into one of those five core principles.
This book is a distillation of insights, experiences, and best practices Brian and I gathered over the years. It extends beyond theory to offer security practitioners—and many others with a role in risk management—a blueprint for professional growth, enhanced job security, and greater personal and professional satisfaction in their roles. And it presents a guide for a fast-changing world, because while technology and threats are constantly evolving, the principles of sound risk management we’ve outlined remain timeless.
This book helps you: • Understand the transformational changes digitalization is introducing, and new cyber risks that come with it • Learn the key legal and regulatory drivers that make cyber risk management a mission-critical priority for enterprises • Gain a complete understanding of four components that make up a formal cyber risk management program • Implement or provide guidance for a cyber risk management program within your enterprise
Who Should Read This Book: We’ve designed this book to deliver real-world value to the broadest possible range of readers, while at the same time making it clear at every stage which readers will be most impacted by which content. The key roles we see benefiting from the book are:
- Security practitioners at every level Risk management is a highly mature practice, one that’s been developed, practiced, and refined for decades, but not usually as a comprehensive, formalized program for security. Developing a program will help to drive the maturity, intent, and purpose of the practice.
- Security practitioners in every function As much as this book is focused on cybersecurity, if you take the word “cyber” out, you have the fundamental elements that could be applied to programmatically managing risks in physical security, fraud management, business continuity management, and operational resilience.
- Boards of directors This book is designed to provide directors with a comprehensive understanding of their vital role and responsibilities in overseeing a cyber risk management program. It offers insights into the expectations for management’s role in the program’s establishment. The underlying principles highlight the importance of viewing cybersecurity as a business risk, providing a perspective that empowers directors to ask more relevant questions and provide better guidance to management. By moving the focus from the technical details of cybersecurity tactics and operations to a wider strategic risk oversight role, directors can improve their cyber risk management program’s effectiveness while strengthening defenses against increasing legal and regulatory liabilities.
- CxOs and line-of-business leaders These high-level decision makers will gain a clear understanding of the need for security to mature as a risk practice; this will help them understand and protect themselves against increased liability. These decision makers will also learn how to set security expectations, so they can make appropriate and informed security risk decisions that align with their overall strategies.
- Regulators Regulatory bodies can use the guidance in this book to help develop well-defined regulations based on reasonable, consistent, and repeatable expectations. A common taxonomy and shared expectations will make their efforts more efficient, effective, and synergistic.
- Auditors Audit professionals typically focus on best practices, evaluating the effectiveness of an enterprise’s or an organization’s security controls and processes against established policies, standards, frameworks, and regulations. This book provides a comprehensive structure for auditors to use in evaluating a cybersecurity risk management program, because it focuses on security execution in relation to the business’s expected risk appetite and tolerance.
- Business leaders and professionals whose work may be impacted by the risks introduced by digitalization The impacts of digital transformation are far-reaching, complex, and unpredictable. As a result, professionals in many different disciplines—most business leaders and decision makers across most enterprise functions—will find real value in learning about how to identify digitalization’s risks and make informed decisions about balancing risk and reward.
Скачать Building a Cyber Risk Management Program: Evolving Security for the Digital Age