• Complain

Carol A. Siegel - Cyber Strategy: Risk-Driven Security and Resiliency

Here you can read online Carol A. Siegel - Cyber Strategy: Risk-Driven Security and Resiliency full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2020, publisher: Auerbach Publications, genre: Business. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Carol A. Siegel Cyber Strategy: Risk-Driven Security and Resiliency
  • Book:
    Cyber Strategy: Risk-Driven Security and Resiliency
  • Author:
  • Publisher:
    Auerbach Publications
  • Genre:
  • Year:
    2020
  • Rating:
    5 / 5
  • Favourites:
    Add to favourites
  • Your mark:
    • 100
    • 1
    • 2
    • 3
    • 4
    • 5

Cyber Strategy: Risk-Driven Security and Resiliency: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Cyber Strategy: Risk-Driven Security and Resiliency" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Cyber Strategy: Risk-Driven Security and Resiliency provides a process and roadmap for any company to develop its unified Cybersecurity and Cyber Resiliency strategies. It demonstrates a methodology for companies to combine their disassociated efforts into one corporate plan with buy-in from senior management that will efficiently utilize resources, target high risk threats, and evaluate risk assessment methodologies and the efficacy of resultant risk mitigations. The book discusses all the steps required from conception of the plan from preplanning (mission/vision, principles, strategic objectives, new initiatives derivation), project management directives, cyber threat and vulnerability analysis, cyber risk and controls assessment to reporting and measurement techniques for plan success and overall strategic plan performance. In addition, a methodology is presented to aid in new initiative selection for the following year by identifying all relevant inputs.

Tools utilized include:

  • Key Risk Indicators (KRI) and Key Performance Indicators (KPI)
  • National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) Target State Maturity interval mapping per initiative
  • Comparisons of current and target state business goals and critical success factors
  • A quantitative NIST-based risk assessment of initiative technology components
  • Responsible, Accountable, Consulted, Informed (RACI) diagrams for Cyber Steering Committee tasks and Governance Boards approval processes
  • Swimlanes, timelines, data flow diagrams (inputs, resources, outputs), progress report templates, and Gantt charts for project management

The last chapter provides downloadable checklists, tables, data flow diagrams, figures, and assessment tools to help develop your companys cybersecurity and cyber resiliency strategic plan.

Carol A. Siegel: author's other books


Who wrote Cyber Strategy: Risk-Driven Security and Resiliency? Find out the surname, the name of the author of the book and a list of all author's works by series.

Cyber Strategy: Risk-Driven Security and Resiliency — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Cyber Strategy: Risk-Driven Security and Resiliency" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
Cybersecurity and cyber resiliency are the number one concerns for companies - photo 1

Cybersecurity and cyber resiliency are the number one concerns for companies today. Organizations must protect their assets and defend against threats and attacks in order to stay in business. A break-in or breach can destroy a companys assets and/or reputation in a matter of minutes. Readiness is key, so that if the unthinkable happens, your company will have the tools and action plans to counter and recover from the attack.

Developing a cybersecurity and cyber resiliency strategy that supports the business and is resource efficient requires strategic planning. Most organizations lack the necessary experience to conduct the appropriate planning required to streamline efforts, while minimizing risks, as they strive toward their long-term strategic business objectives.

The cybersecurity profession is growing exponentially. Although there are numerous universities and technical schools that provide degrees in these new fields, they are not teaching how to develop a strategy: one that is unifying that allows an organization to develop a risk-based, efficient, and targeted effort that will be approved by top company management.

The cyber resiliency field is even younger, evolving from the traditional fields of disaster recovery and business continuity. It is, however, not fine-tuned to the cybersecurity threats of today and struggles to identify and prepare for the threats of tomorrow. There is much more growth that must happen in this arena in order for organizations to feel comfortable with their cyber programs in an age of persistent and advancing threats.

In larger organizations, pockets of cybersecurity and cyber resiliency can be found in company silos such as specific business units. A business unit or silo can have its own information security and disaster recovery/business continuity strategy that may or may not roll up into an enterprise-wide effort. Also, if a company has acquired other companies and joined additional networks, each legacy company or business unit will surely have their own policies, procedures, standards, and/or frameworks they follow. All of these strategies may have conflicting goals and not focus on the highest priority business objectives.

In order to respond to todays threats in a cohesive manner, communications and threat intelligence must utilize a common language and risk metrics. Defining a taxonomy for risks, threats, vulnerabilities, and controls will facilitate an effective and measurable response.

This book will provide concepts, processes, roadmaps, project development tools, and reporting templates to be used by any type of company in order to develop their enterprise-wide cybersecurity and cyber resiliency strategies. This book delivers a methodology for companies to bring together their disassociated strategic planning efforts into one corporate-wide strategy that will efficiently utilize resources, target high risk threats, evaluate resultant risk mitigation efforts, while engaging buy-in across the corporate culture, senior management, business silos, and diverse business interests. A mid-level manager, as well as a CISO or CIO, can use this book to create very real strategies that can be published by the Board of the company and approved by their supervisory entities. By using the unifying techniques discussed later, the strategy sponsor can assimilate strategies from other areas of the company that may be in development and align and/or incorporate them into a central enterprise-wide strategy.

The book will discuss the steps and tasks required from conception of the strategy through its planning, creation, success and performance measurement techniques, management reporting, and planning for future ongoing efforts.

In order for an organization to develop and maintain its cybersecurity and cyber resiliency strategy, there are 6 major STEPs that should be taken. If performed, the organizations cybersecurity and cyber resiliency strategy will be comprehensive, functional, long lasting, and have continued buy-in and support from senior management. They are:

  1. STEP 1: Preplanning: Preparation for Strategy Development

  2. STEP 2: Strategy Project Management

  3. STEP 3: Cyber Threats, Vulnerabilities, and Intelligence Analysis

  4. STEP 4: Cyber Risks and Controls

  5. STEP 5: Current and Target State Assessments

  6. STEP 6: Strategic Plan Performance Measurement and End of the Year (EoY) Tasks

The 6 Development and Annual Maintenance STEPs for a Cybersecurity and Cyber Resiliency Strategy () show a sequential representation of the 6 STEPs required.

Figure 11 The 6 Development and Annual Maintenance STEPs for a Cybersecurity - photo 2

Figure 1.1 The 6 Development and Annual Maintenance STEPs for a Cybersecurity and Cyber Resiliency Strategy.

Each of the 6 STEPs will be discussed in detail throughout the book and methodologies presented for their approach and execution. NOTE: In striving to keep applicability of the strategy particulars and processes presented here current and continuously timely, the authors have decided to make this book technology agnostic, thereby not dating any particular technology, objective, initiative, or conclusion.

What job functions and management levels of people in an organization might need this information? The most obvious people would be any one in the information security, cybersecurity, cyber resiliency, business continuity/disaster recovery, and resiliency areas that are tasked with developing a strategic action plan to combat cyber threats and attacks over the longer term. This would include, but not be limited to, such roles as shown in .

TABLE 1.1 Cybersecurity and Cyber Resiliency Strategy Key Players

Developers, Approvers, or Readers

  1. Chief Information Security Officer (CISO)

  2. Chief Information Officer (CIO)

  3. Chief Technology Officer (CTO)

  4. Cyber/Security Architect

  5. Cyber/Security Engineer

  6. Security Administrator

  7. Cyber/Security Manager

  8. Security Software Developer

  9. Security Incident Responder

  10. Cryptographer

  11. Cybersecurity/Resiliency Consultant

  12. Data Security Strategist

  13. Chief Resiliency Officer

  14. Business Continuity Analyst

  15. Disaster Recovery Manager

  16. Resiliency Engineer

  17. Business Preparedness and Resiliency Program Manager

  18. Global Resiliency Project Manager

However, it is not just the security professionals who need to be concerned with a cyberattack. Increasingly more regulations are demanding accountability from senior management when there is a breach. Not just CISOs and CIOs, but also Chief Operating Officers (COO) and Chief Executive Officers (CEO) can be legally liable. Every level up the food chain can be deemed responsible and might have to pay penalties.

In fact, any one of the above job roles might have already initiated a cybersecurity or cyber resiliency strategy independently. From a top down perspective, it is clearly easier if a strategy is created and approved from a senior manager or c-level position as that level of management can authorize and dedicate the appropriate resources to the task more easily. In addition, a c-level or senior vice president frequently interfaces with governing boards and oversight bodies and is more apt to get buy-in more quickly. However, if the strategy is assigned to a subject matter expert (SME) further down the food chain, this approach will give him/her all the information and steps necessary to work the strategy up the corporate structure and get all the relevant participants involved.

Next page
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Cyber Strategy: Risk-Driven Security and Resiliency»

Look at similar books to Cyber Strategy: Risk-Driven Security and Resiliency. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Reviews about «Cyber Strategy: Risk-Driven Security and Resiliency»

Discussion, reviews of the book Cyber Strategy: Risk-Driven Security and Resiliency and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.