Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program, 1st Edition

When it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioner’s guide lays down those foundational components, with real client examples and pitfalls to avoid.

A plethora of cybersecurity management resources are available―many with sound advice, management approaches, and technical solutions―but few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy foundational cyber risk management approach applicable to your entire organization. The book provides tools and methods in a straight-forward practical manner to guide the management of your cybersecurity program and helps practitioners pull cyber from a “technical” problem to a “business risk management” problem, equipping you with a simple approach to understand, manage, and measure cyber risk for your enterprise.

What You Will Learn

• Educate the executives/board on what you are doing to reduce risk
• Communicate the value of cybersecurity programs and investments through insightful risk-informative metrics
• Know your key performance indicators (KPIs), key risk indicators (KRIs), and/or objectives and key results
• Prioritize appropriate resources through identifying program-related gaps
• Lay down the foundational components of a program based on real examples, including pitfalls to avoid

About the Author

Ryan Leirvikis a cybersecurity professional who has spent the better part of two decades enhancing information security programs at the World's largest institutions. With considerable US Government and Commercial Sector experience, Ryan has employed his professional passion for cybersecurity at almost every level within an organization. A frequent speaker on the topic of information security, Ryan fields several questions on “How do I make sure I have a sustainable cyber program?” This book was written to help answer that question. Ryan has been the CEO of a cybersecurity Research and Development company, Chief of Staff and Associate Director of Cyber for the US Department of Defense, and a cybersecurity strategy consultant with McKinsey&Company. Ryan’s technology career started at IBM, and he has a Masters of IT from Virginia Tech, an MBA from Case Western Reserve University, as well as a Bachelor of Science from Purdue University. Ryan is also on the faculty at IANS.