Actionable guidance and expert perspective for real-world cybersecurity
The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.
Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.
* Learn how cyber risk management can be integrated to better protect your enterprise
* Design and benchmark new and improved practical counter-cyber capabilities
* Examine planning and implementation approaches, models, methods, and more
* Adopt a new cyber risk maturity model tailored to your enterprise needs
The need to manage cyber risk across the enterprise--inclusive of the IT operations--is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.
Autorentext
DOMENIC ANTONUCCI is a practicing international chief risk officer overseeing cybersecurity and a former counter-terrorist officer. Based in Dubai, UAE, he specializes in bringing organizations "up the risk maturity curve." He is the content author for the Benchmarker™ Risk Maturity Model software and author of Risk Maturity Models.
Zusammenfassung
Actionable guidance and expert perspective for real-world cybersecurity
The Cyber Risk Handbook is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement.
Cyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions.
- Learn how cyber risk management can be integrated to better protect your enterprise
- Design and benchmark new and improved practical counter-cyber capabilities
- Examine planning and implementation approaches, models, methods, and more
- Adopt a new cyber risk maturity model tailored to your enterprise needs
The need to manage cyber risk across the enterpriseinclusive of the IT operationsis a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. The Cyber Risk Handbook brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment.
Inhalt
Foreword by Ron Hale xxiii
About the Editor xxxi
List of Contributors xxxiii
Acknowledgments xxxv
CHAPTER 1 Introduction 1
Domenic Antonucci, Editor and Chief Risk Officer, Australia
The CEO under Pressure 1
Toward an Effectively Cyber RiskManaged Organization 3
Handbook Structured for the Enterprise 4
Handbook Structure, Rationale, and Benefits 7
Which Chapters Are Written for Me? 8
CHAPTER 2 Board Cyber Risk Oversight 11
Tim J. Leech, Risk Oversight Solutions Inc., Canada Lauren C. Hanlon, Risk Oversight Solutions Inc., Canada
What Are Boards Expected to Do Now? 11
What Barriers to Action Will Well-Intending Boards Face? 13
What Practical Steps Should Boards Take Now to Respond? 16
CybersecurityThe Way Forward 20
About Risk Oversight Solutions Inc. 21
About Tim J. Leech, FCPA, CIA, CRMA, CFE 21
About Lauren C. Hanlon, CPA, CIA, CRMA, CFE 21
CHAPTER 3 Principles Behind Cyber Risk Management 23
RIMS, the risk management society™ Carol Fox, Vice President, Strategic Initiatives at RIMS, USA
Cyber Risk Management Principles Guide Actions 23
Meeting Stakeholder Needs 25
Covering the Enterprise End to End 26
Applying a Single, Integrated Framework 27
Enabling a Holistic Approach 28
Separating Governance from Management 31
Conclusion 31
About RIMS 32
About Carol Fox 32
CHAPTER 4 Cybersecurity Policies and Procedures 35
The Institute for Risk Management (IRM) Elliot Bryan, IRM and Willis Towers Watson, UK
Alexander Larsen, IRM, and President of Baldwin Global Risk Services Ltd., UK
Social Media Risk Policy 35
Ransomware Risk Policies and Procedures 41
Cloud Computing and Third-Party Vendors 45
Big Data Analytics 50
The Internet of Things 53
Mobile or Bring Your Own Devices (BYOD) 55
Conclusion 60
About IRM 64
About Elliot Bryan, BA (Hons), ACII 65
About Alexander Larsen, FIRM, President of Baldwin Global Risk Services 65
CHAPTER 5 Cyber Strategic Performance Management 67
McKinsey & Company
James M. Kaplan, Partner, McKinsey & Company, New York, USA Jim Boehm, Consultant, McKinsey & Company, Washington, USA
Pitfalls in Measuring Cybersecurity Performance 68
Cybersecurity Strategy Required to Measure Cybersecurity Performance 69
Creating an Effective Cyberse…