Thomas J. Parenty - A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It
Here you can read online Thomas J. Parenty - A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. year: 2019, publisher: Harvard Business Review Press, genre: Computer / Science. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:
Romance novel
Science fiction
Adventure
Detective
Science
History
Home and family
Prose
Art
Politics
Computer
Non-fiction
Religion
Business
Children
Humor
Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.
- Book:A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It
- Author:
- Publisher:Harvard Business Review Press
- Genre:
- Year:2019
- Rating:5 / 5
- Favourites:Add to favourites
- Your mark:
A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It: summary, description and annotation
We offer to read an annotation, description, summary or preface (depends on what the author of the book "A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.
Cybersecurity threats are on the rise. As a leader, you need to be prepared to keep your organization safe.
Companies are investing an unprecedented amount of money to keep their data and assets safe, yet cyberattacks are on the rise--and the problem is worsening. No amount of technology, resources, or policies will reverse this trend. Only sound governance, originating with the board, can turn the tide.
Protection against cyberattacks cant be treated as a problem solely belonging to an IT or cybersecurity department. It needs to cast a wide and impenetrable net that covers everything an organization does--from its business operations, models, and strategies to its products and intellectual property. And boards are in the best position to oversee the needed changes to strategy and hold their companies accountable. Not surprisingly, many boards arent prepared to assume this responsibility.
In A Leaders Guide to Cybersecurity, Thomas Parenty and Jack Domet, who have spent over three decades in the field, present a timely, clear-eyed, and actionable framework that will empower senior executives and board members to become stewards of their companies cybersecurity activities. This includes:
- Understanding cyber risks and how best to control them
- Planning and preparing for a crisis--and leading in its aftermath
- Making cybersecurity a companywide initiative and responsibility
- Drawing attention to the nontechnical dynamics that influence the effectiveness of cybersecurity measures
- Aligning the board, executive leadership, and cybersecurity teams on priorities
Filled with tools, best practices, and strategies, A Leaders Guide to Cybersecurity will help boards navigate this seemingly daunting but extremely necessary transition.
Thomas J. Parenty: author's other books
Who wrote A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It? Find out the surname, the name of the author of the book and a list of all author's works by series.
A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It — read online for free the complete book (whole text) full work
Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.
Font size:
Interval:
Bookmark:
Guide to
Cybersecurity
WHY BOARDS NEED TO LEAD
AND HOW TO DO IT
Thomas J. Parenty | Jack J. Domet
Harvard Business Review Press
Boston, MA
HBR Press Quantity Sales Discounts
Harvard Business Review Press titles are available at significant quantity discounts when purchased in bulk for client gifts, sales promotions, and premiums. Special editions, including books with corporate logos, customized covers, and letters from the company or CEO printed in the front matter, as well as excerpts of existing books, can also be created in large quantities for special needs.
For details and discount information for both print andebook formats, contact
Copyright 2020 Thomas J. Parenty and Jack J. Domet
All rights reserved
No part of this publication may be reproduced, stored in or introduced into a retrieval system, ...
To Copernicus
Guide to
Cybersecurity
Over the past decade, as the world has become more digital, companies, governments, and organizations have spent billions of dollars on cybersecurity. Yet, as their investments have grown, the financial consequences of cyber breaches have increased, seemingly in lockstep.
Open a newspaper, anywhere in the world, and youll probably find a story of a cyberattack that had devastating consequences. Recent examples include a 2016 cyber heist at Bangladesh Bank (the central bank of Bangladesh) that resulted in a US$81 million lossa sizable portion of the countrys foreign reserves. In 2017, the Shadow Brokers, an appropriately named individual or organization, stole hundreds of megabytes of tools developed by the ...
Have you ever felt that some of the information youve been told about cybersecurity and cyber risk didnt ring true, but you werent sure how to articulate this doubt?
Have you ever suspected that discussions about cybersecurity are more complicated than they need to be?
If so, your intuition is correct. A significant disparity exists between what appears to be true in the area of cybersecurity and what really is. Before addressing digital stewardship principles and responsibilities, we will pull back the curtain on some of the misleading platitudes, hidden dynamics, and misguided voices that give rise to your suspicions and make addressing cybersecurity harder than it must be.
Cybersecurity discourse is full of platitudes that seem obvious and compelling at first, but more thoughtful consideration shows they are misinformed, ineffectual, or counterproductive. Unfortunately, people repeat these platitudes so frequently they take on the patina of truth and distort perceptions about cybersecurity priorities and courses of action. Three such staples of cybersecurity conventional wisdomits a people problem, protect the crown jewels, and cyber threats are new and constantly changingare especially troubling.
Cybersecurity is a people problem, not a technology problem. This platitude often takes another form: People are the weakest link. While people do make mistakes, ...
Effective cybersecurity requires awareness of a host of nontechnical factors, or hidden dynamics. These dynamics are not lines of code or circuits etched into silicon that only engineers and programmers can comprehend. Rather, theyre business factors that you already know but might not have associated with cybersecurity.
First, we address the dynamic we call the chimera of compliancethe inherent limitations of cybersecurity standards and the regulations based on them as a way to determine a companys cybersecurity posture. Next, we look at the second dynamic, employee motivationhow employees simply trying to excel at their jobs can engage in behavior that creates new cyber risks for their company. Then we examine the economics of cyberattackthe financial incentives of the cyberattack tools and services market and raise the question, Does it really matter who attacked us? Finally we look at the asymmetry of attack and defensethe relationship between the power of an attack and the required strength of the defense, and how the cyber dynamics are completely different from what we are accustomed to in a traditional battle.
When you engage in cybersecurity, one of your first areas of interest is understanding how well your company is protected against cyberattack. Questions such as How safe are we? Are we doing the right things? Are we doing enough? are typical. In lieu of undertaking business-oriented cyber-risk assessmentswhich we will discuss later in the bookto answer these questions, companies often use compliance with cybersecurity standards to judge their level of protectiveness and to prioritize future investments. Although cybersecurity standards can provide you with useful ideas on common issues, in order to derive value from these standards, you need to understand their purpose, limits, and the unintended consequences of having to comply with multiple standards and regulations.
Cybersecurity standards, by design, address broad audiences. One metric of a standards success is the scale of its adoption. However, in attempting to speak to everyone, cybersecurity standards address the needs of no one specifically. The NIST Framework for Improving Critical Infrastructure Cybersecurity (commonly referred to as the NIST Framework) was originally developed to help reduce cyber risks to critical infrastructure. However, the introduction to the framework clearly states that any company or organization can use the standard, and companies in industries as varied as retail and hospitality are increasingly adopting it. The cybersecurity priorities for a nuclear power plant are clearly different from those of a department store or hotel. No standard, regardless of how well drafted, can provide specific guidance to such a disparate collection of organizations.
While arguably this guide provides helpful advice on cybersecurity management practices, there is nothing that specifically addresses the unique cybersecurity challenges within the industrial control systems that drive chemical manufacturing. It is sufficiently generic that it applies equally to the IT systems within the corporate front office of a chemical company and to the manufacturing systems for which it was written.
To address the lack of standards, many companies develop their own policies. This is a smart move, but you need to make sure that your own standards, unlike industry and external standards, are specific to your business. And you need to keep up with growth. If you acquire companies and build new products, your cybersecurity approaches will need to change. For example, a financial services client developed its cybersecurity standard when it relied on the computing power of scores of mainframes housed in its own data centers. This served it well for a long time. However, as market conditions evolved, its services changed, as did its method of delivery. Its standard became increasingly irrelevant.
This irrelevance became particularly important when the firm bought an Indian company whose transaction processing was hosted by a cloud provider. The first issue was that the existing cybersecurity standard couldnt give any guidance on what it should do to protect itself from the cyber risks faced. The second was that it was perennially noncompliant with the corporate standard and management had to spend significant and unproductive time dealing with the inevitable audit findings.
Font size:
Interval:
Bookmark:
Similar books «A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It»
Look at similar books to A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.
Discussion, reviews of the book A Leader’s Guide to Cybersecurity: Why Boards Need to Lead–and How to Do It and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.