Siegfried Moyo - Executives Guide to Cyber Risk: Securing the Future Today

1. Appendix E

1. Appendix A
2. Appendix E

Securing the Future Today

SIEGFRIED MOYO

Copyright 2022 by John Wiley & Sons, Inc. All rights reserved.

Published by John Wiley & Sons, Inc., Hoboken, New Jersey.

Published simultaneously in Canada.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning, or otherwise, except as permitted under Section 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, Inc., 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4470, or on the web at www.copyright.com. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permission.

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in preparing this book, they make no representations or warranties with respect to the accuracy or completeness of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

For general information on our other products and services or for technical support, please contact our Customer Care Department within the United States at (800) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be available in electronic formats. For more information about Wiley products, visit our web site at www.wiley.com.

Library of Congress Cataloging-in-Publication Data

Names: Moyo, Siegfried, author.

Title: Executives guide to cyber risk : securing the future today / Siegfried Moyo.

Description: First edition. | Hoboken, New Jersey : Wiley, [2022] | Includes bibliographical references and index.

Identifiers: LCCN 2022013196 (print) | LCCN 2022013197 (ebook) | ISBN 9781119863113 (cloth) | ISBN 9781119863137 (adobe pdf) | ISBN 9781119863120 (epub)

Subjects: LCSH: Data protection. | Computer security. | Computer networksSecurity measures. | Management information systems. | Computer crimesRisk assessment.

Classification: LCC HF5548.37 .M68 2022 (print) | LCC HF5548.37 (ebook) | DDC 658.4/78dc23/eng/20220525

LC record available at https://lccn.loc.gov/2022013196

LC ebook record available at https://lccn.loc.gov/2022013197

Cover Design: Wiley

Cover Image: ismagilov/Getty Images

To everyone around the globeno matter where they arewho are tirelessly working toward creating a cyber-secure future starting today.

CYBERSECURITY IS, IN MY mind, one of the most serious issues facing the sustainability of the global economy, institutions, and society at large. Everyone, and increasingly everything, is connected through information technology. Our everyday life activities are dependent upon technology. Working from home and on the move has exacerbated the vulnerability of our platforms and poses significant challenges to CISOs that technology alone cannot solve.

Today, our digital technology systems are under attack from rogue hackers, cybercriminal gangs, and nation-sponsored cyber terrorists. No one is immune. Banks, hospitals, schools, and city governments are hacked; emails are compromised; and even the CIA has been hacked. And cybersecurity is critical to our ability to successfully tackle climate change, food scarcity, poverty, and global stability.

Most cybersecurity detection and prevention efforts concentrate on technology solutions as the primary line of defense. While information technology professionals are constantly upgrading their knowledge and cyber defense skills, many business executives, managers, and employees have a rudimentary understanding of what constitutes effective cybersecurity. This book aims to change that.

Siegfried Mayo is a hands-on cybersecurity professional deeply concerned about the lack of cybersecurity awareness and skills in today's global businesses. Like myself, he believes that every employee, and especially board directors and executives, needs to step up and take active accountability for protecting themselves and their organization. But accountability requires awareness, not just of the technical issues involved, but the organizational, infrastructure, and cultural issues that are the backbone of a cyber-safe organization.

This book is written especially for board directors and executives to help improve their understanding, awareness, and ability to effectively manage cybersecurity risks. After a short introduction to cybersecurity, chapters focus on understanding cyber risk, the importance of a well-crafted and communicated cybersecurity strategy, and the cultural and business factors that enable enterprise-wide cybersecurity.

Irrespective of your level of understanding of cybersecurity, this book will give you a holistic view of cyber risk management from a business perspective.

Christiane Wuillamie, OBE
CEO, PYXIS Culture Technologies, Ltd.

In this book, I describe what I believe to be the five fundamental cyber risk management precepts that are critical for any organization business executive to understand to achieve their business goals and objectives. We are in an era of increasingly successful cyber-attacks that allow cybercriminals or hackers to steal, manipulate, or destroy critical data, or disrupt business operations by compromising critical infrastructure in businesses. To fight successfully against malicious intent, it's imperative that executives understand fundamental principles at a high level so they can prioritize cyber risk like any other business risk.

The goal of this book is to explain these five foundational precepts in non-technical terms so that the members of the Board of Directors (BOD) and C-Level executives (C-LEs) can continue to help their businesses prosper despite this era of ongoing cyber-attacks.

As I reflect on the past decade, every organization of any size, or industry of any magnitude, be it public or private, has been exposed to fear that's characterized by uncertainty and a possibly bleak future. Economic challenges are driven by the proximity of market forces and by cyber risks that expose the organization to undue spontaneous cyber-attacks that exploit the organization.