• Complain

David X Martin - CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)

Here you can read online David X Martin - CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit) full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2021, publisher: CRC Press, genre: Business. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

No cover
  • Book:
    CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)
  • Author:
  • Publisher:
    CRC Press
  • Genre:
  • Year:
    2021
  • Rating:
    3 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 60
    • 1
    • 2
    • 3
    • 4
    • 5

CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit): summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Is your enterprises strategy for cybersecurity just crossing its fingers and hoping nothing bad ever happens? If soyoure not alone. Getting cybersecurity right is all too often an afterthought for Fortune 500 firms, bolted on and hopefully creating a secure environment. We all know this approach doesnt work, but what should a smart enterprise do to stay safe?

Today, cybersecurity is no longer just a tech issue. In reality, it never was. Its a management issue, a leadership issue, a strategy issue: Its a must have righta survival issue. Business leaders and IT managers alike need a new paradigm to work together and succeed.

After years of distinguished work as a corporate executive, board member, author, consultant, and expert witness in the field of risk management and cybersecurity, David X Martin is THE pioneering thought leader in the new field of CyRMSM. Martin has created an entirely new paradigm that approaches security as a business problem and aligns it with business needs. He is the go-to guy on this vitally important issue. In this new book, Martin shares his experience and expertise to help you navigate todays dangerous cybersecurity terrain, and take proactive steps to prepare your companyand yourself to survive, thrive, and keep your data (and your reputation) secure.

David X Martin: author's other books


Who wrote CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)? Find out the surname, the name of the author of the book and a list of all author's works by series.

CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit) — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Table of Contents Guide Pages C y RM Mastering the Management of Cybersecurity - photo 1
Table of Contents
Guide
Pages
C y RM
Mastering the Management of Cybersecurity

First Edition published 2021
by CRC Press
6000 Broken Sound Parkway NW, Suite 300, Boca Raton, FL 33487-2742

and by CRC Press
2 Park Square, Milton Park, Abingdon, Oxon, OX14 4RN

2021 Taylor & Francis Group, LLC

CRC Press is an imprint of Taylor & Francis Group, LLC

The right of David X Martin to be identified as author of this work has been asserted by him in accordance with sections 77 and 78 of the Copyright, Designs and Patents Act 1988.

Reasonable efforts have been made to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any future reprint.

Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.
For permission to photocopy or use material electronically from this work, access

Trademark notice: Product or corporate names may be trademarks or registered trademarks and are used only for identification and explanation without intent to infringe.

ISBN: 978-0-367-56531-2 (hbk)
ISBN: 978-0-367-75785-4 (pbk)
ISBN: 978-1-003-09823-2 (ebk)

Typeset in Caslon
by SPi Global, India

For my family,
who gives life to the world around me.

PRONG 1
CyRM: Cyber Risk Management
PRONG 2
CyberWellness
PRONG 3
Cybersecurity as a Business Strategy

Back in the 1990sseems like eons ago, doesnt it?General Electric CEO Jack Welch told business leaders, If youre not confused, you dont know whats going on. Ive always liked that admonition, because thinking youve got a handle on things can lead to arrogance and complacency; confusion keeps you humble. And if youre humble, youre teachable. And being teachablebeing aware that there are many things you dont know (and even more things you dont know that you dont know)keeps you seeking new information and remaining open to opportunities, all while staying alert to new threats.

At that time, I was the enterprise risk manager for Citicorp, the largest financial institution in the world, and I understood that financial institutions were mirrors of their environment. If the economy in which were doing business is doing well, our customers do well, and we do well. The opposite is also trueeven if you have the best risk professionals in the business. So back then, my approach was to thoroughly understand the environments we were operating in and to keep a keen eye on inflection pointsleading indicators to know where those environments were going. For example, when our private clients in our emerging markets business started to move their private wealth offshore, I saw this as a leading indicator that their local economy was headed in the wrong direction.

Back then, the rate of technological innovation was a leading indicator, so I hired MIT professor Tsutomu Shimomura to ethically hack the bank. A few days later he came to me and said, You guys are an easy target. All someone has to do is bombard your call center. No customer will be able to call in, and youll be out of business in no time. I was startled. I quickly realized that cybersecurityjust like every other riskneeds to be managed.

Fast-forward to today: public scrutiny (and in some cases outrage) after cyberattacks, together with actions by regulatory authorities, have made cybersecurity a key leadership responsibility. When things go wrong, whether in a major or minor way, the ability to quickly identify and respond to a problem will determine the companys ultimate recovery. Another major breach of cybersecurity will soon be in the news. The only question is how dramatic and costly that breach will be, and whether the full extent of the damage will ever be made public. Worse still, should hackers gain access to the financial records of a major national bank or important defense contractor, well quickly forget about the relatively insignificant attacks at retailers like Target and Home Depot.

What accounts for the increase in cybercrime? Three broad new security challenges have emerged.

First, there has been a previously unimaginable explosion in the amount of data, connections, transactions, and communications that has overloaded traditional data systems.

Second, institutions have lost the ability to effectively identify problems. Faster innovation cycles and a dizzying array of new products mean that most businesses find themselves unable to quickly recognize security breaches. Social networking systems, big data, cloud computing, mobile internet, and Internet of Things technologies are generating personal data streams that have made authorization and message filtration extraordinarily difficult.

Third, theres a lack of formal control mechanisms. In an environment where cybersecurity disruptions are becoming more pervasive and sophisticated, there are still no recognized standards for detection, response, remediation, and enterprise-wide communication. The management of these critical functions is often left to the IT department, which is usually directed to pursue outdated, hardened-shell strategies designed only to discourage penetration.

Armed with decades of experience as a leader in risk management, I examined this landscape, and it became clear to me that we need an information security model that continually assesses the validity, reliability, and value of the information it gathers. I developed and honed that security model into a process that I know can help companies avoid the worst pitfalls of a cyberattack. Its called cyber risk management, or CyRM.

CyRM is a new paradigm that approaches security as a business problem and aligns it with business needs. So, instead of viewing security as a technical problem handled by technical people, it uses an outcome-driven approach that balances investment and risk. Even further, instead of throwing money at the problem at the expense of executive engagement, it connects cybersecurity with business decision-making to impact business outcomes.

To effectively impact business outcomes, CyRM needs to consist of three prongs:

  1. Risk Management: It needs to apply the tenets of risk management to cybersecurity in order to take a broad view of risks across an organization to inform resource allocation, better manage risks, and enable accountability.

  2. CyberWellness: It needs to encompass not only the firm as a whole, but also every employee who needs to be responsible for the risks they undertake. This requires an active process with cybersecurityjust like physical wellness programs in which the company takes an active approach to promoting employees good health.

  3. Cybersecurity as a Business Strategy: Cybersecurity needs to be repositioned for what it really isa growth enabler, and not just designed to reduce operational risks by eliminating the dangers posed by viruses and hackers. It also needs to enhance product integrity, customer experience, operations regulatory compliance, brand reputation, and investor confidence.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)»

Look at similar books to CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit). We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit)»

Discussion, reviews of the book CyRM: Mastering the Management of Cybersecurity (Internal Audit and IT Audit) and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.