The Cyber Risk Handbook: Creating and Measuring Effective Cybersecurity Capabilities

  • 6h 46m
  • Domenic Antonucci
  • John Wiley & Sons (US)
  • 2017

Actionable guidance and expert perspective for real-world cybersecurity

The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.

Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.

  • Learn how cyber risk management can be integrated to better protect your enterprise
  • Design and benchmark new and improved practical counter-cyber capabilities
  • Examine planning and implementation approaches, models, methods, and more
  • Adopt a new cyber risk maturity model tailored to your enterprise needs

The need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.

In this Book

  • Foreword—The State of Cybersecurity
  • Introduction
  • Board Cyber Risk Oversight—What Needs to Change?
  • Principles behind Cyber Risk Management
  • Cybersecurity Policies and Procedures
  • Cyber Strategic Performance Management
  • Standards and Frameworks for Cybersecurity
  • Identifying, Analyzing, and Evaluating Cyber Risks
  • Treating Cyber Risks
  • Treating Cyber Risks Using Process Capabilities
  • Treating Cyber Risks—Using Insurance and Finance
  • Monitoring and Review Using Key Risk Indicators (KRIs)
  • Cybersecurity Incident and Crisis Management
  • Business Continuity Management and Cybersecurity
  • External Context and Supply Chain
  • Internal Organization Context
  • Culture and Human Factors
  • Legal and Compliance
  • Assurance and Cyber Risk Management
  • Information Asset Management for Cyber
  • Physical Security
  • Cybersecurity for Operations and Communications
  • Access Control
  • Cybersecurity Systems—Acquisition, Development, and Maintenance
  • People Risk Management in the Digital Age
  • Cyber Competencies and the Cybersecurity Officer
  • Human Resources Security
  • Epilogue
  • Glossary