Building a Cyber Risk Management Program - Helion
ebook
Autor: Brian Allen, Brandon Bapst, Terry Allan HicksISBN: 9781098147754
stron: 222, Format: ebook
Data wydania: 2023-12-04
Księgarnia: Helion
Cena książki: 186,15 zł (poprzednio: 216,45 zł)
Oszczędzasz: 14% (-30,30 zł)
Cyber risk management is one of the most urgent issues facing enterprises today. This book presents a detailed framework for designing, developing, and implementing a cyber risk management program that addresses your company's specific needs. Ideal for corporate directors, senior executives, security risk practitioners, and auditors at many levels, this guide offers both the strategic insight and tactical guidance you're looking for.
You'll learn how to define and establish a sustainable, defendable, cyber risk management program, and the benefits associated with proper implementation. Cyber risk management experts Brian Allen and Brandon Bapst, working with writer Terry Allan Hicks, also provide advice that goes beyond risk management. You'll discover ways to address your company's oversight obligations as defined by international standards, case law, regulation, and board-level guidance.
This book helps you:
- Understand the transformational changes digitalization is introducing, and new cyber risks that come with it
- Learn the key legal and regulatory drivers that make cyber risk management a mission-critical priority for enterprises
- Gain a complete understanding of four components that make up a formal cyber risk management program
- Implement or provide guidance for a cyber risk management program within your enterprise
Osoby które kupowały "Building a Cyber Risk Management Program", wybierały także:
- Windows Media Center. Domowe centrum rozrywki 66,67 zł, (8,00 zł -88%)
- Ruby on Rails. Ćwiczenia 18,75 zł, (3,00 zł -84%)
- DevOps w praktyce. Kurs video. Jenkins, Ansible, Terraform i Docker 190,00 zł, (39,90 zł -79%)
- Przywództwo w świecie VUCA. Jak być skutecznym liderem w niepewnym środowisku 58,64 zł, (12,90 zł -78%)
- Scrum. O zwinnym zarządzaniu projektami. Wydanie II rozszerzone 58,64 zł, (12,90 zł -78%)
Spis treści
Building a Cyber Risk Management Program eBook -- spis treści
- Preface
- Brians Story
- Brandons Story
- Bringing It Together
- Who Should Read This Book
- Final Thoughts
- Conventions Used in This Book
- OReilly Online Learning
- How to Contact Us
- Acknowledgments
- 1. Cybersecurity in the Age of Digital Transformation
- The Fourth Industrial Revolution
- Cybersecurity Is Fundamentally a Risk Practice
- Cyber Risk Management Oversight and Accountability
- Digital Transformation and Maturing the Cyber Risk Management Program
- Cybersecurity Isnt Just a Security Concern
- Cyber Risk Management Program: An Urgent Enterprise Concern
- This Books Roadmap
- The Bottom Line
- 2. The Cyber Risk Management Program
- The SEC Speaksand the World Listens
- Incident Disclosure (Current Disclosures)
- Risk Management, Strategy, and Governance Disclosures (Periodic Disclosures)
- The Cyber Risk Management Program Framework
- Cyber Risk Management Program: Key Drivers
- Satisfying Obligations and Liability
- When Risk Management Fails Completely: The Boeing 737 MAX Disasters
- Risk Management Program Applied to the Boeing Disasters
- Essential and Mission Critical: The Boeing Case
- Benefits of a Security Risk Program
- Benefit 1: Strategic Recognition of the Security Risk Function
- Benefit 2: Ensuring the Cyber Risk Function Has an Effective Budget
- Benefit 3: Protections for Risk Decision Makers
- CRMP: Systematic but Not Zero-Risk
- Board Accountability and Legal Liability
- The Boeing Ruling and Cyber Risk Oversight Accountability
- CISOs in the Line of Fire for Liability
- The Bottom Line
- The SEC Speaksand the World Listens
- 3. Agile Governance
- The Uber Hack Cover-Up
- What Does Good Governance Look Like?
- Aligning with the Enterprise Governance Strategy
- Seven Principles of Agile Governance
- Principle 1: Establish Policies and Processes
- Principle 2: Establish Governance and Roles and Responsibilities Across the Three Lines Model
- Principle 3: Align Governance Practices with Existing Risk Frameworks
- Principle 4: Board of Directors and Senior Executives Define Scope
- Principle 5: Board of Directors and Senior Executives Provide Oversight
- Principle 6: Audit Governance Processes
- Principle 7: Align Resources to the Defined Roles and Responsibilities
- The Bottom Line
- 4. Risk-Informed System
- Why Risk Information Mattersat the Highest Levels
- Risk and Risk Information Defined
- Five Principles of a Risk-Informed System
- Principle 1: Define a Risk Assessment Framework and Methodology
- Principle 2: Establish a Methodology for Risk Thresholds
- Principle 3: Establish Understanding of Risk-Informed Needs
- Principle 4: Agree on a Risk Assessment Interval
- Principle 5: Enable Reporting Processes
- The Bottom Line
- 5. Risk-Based Strategy and Execution
- ChatGPT Shakes the Business World
- AI Risks: Two Tech Giants Choose Two Paths
- Wall Street: Move Fastor Be Replaced
- The Digital Game Changers Just Keep Coming
- Defining Risk-Based Strategy and Execution
- Six Principles of Risk-Based Strategy and Execution
- Principle 1: Define Acceptable Risk Thresholds
- Principle 2: Align Strategy and Budget with Approved Risk Thresholds
- Principle 3: Execute to Meet Approved Risk Thresholds
- Principle 4: Monitor on an Ongoing Basis
- Principle 5: Audit Against Risk Thresholds
- Principle 6: Include Third Parties in Risk Treatment Plan
- The Bottom Line
- 6. Risk Escalation and Disclosure
- The SEC and Risk Disclosure
- Regulatory Bodies Worldwide Require Risk Disclosure
- Risk Escalation
- Cyber Risk Classification
- Escalation and Disclosure: Not Just Security Incidents
- Disclosure: A Mandatory Concern for Enterprises
- The Equifax Scandal
- SEC Materiality Considerations
- Cyber Risk Management Program and ERM Alignment
- Five Principles of Risk Escalation and Disclosure
- Principle 1: Establish Escalation Processes
- Principle 2: Establish Disclosure ProcessesAll Enterprises
- Principle 3: Establish Disclosure ProcessesPublic Companies
- Material incident reporting
- Risk management and strategy
- Governance
- Principle 4: Test Escalation and Disclosure Processes
- Principle 5: Audit Escalation and Disclosure Processes
- The Bottom Line
- 7. Implementing the Cyber Risk Management Program
- The Cyber Risk Management Journey
- Beginning the Cyber Risk Management Journey
- Implementing the Cyber Risk Management Program
- Agile Governance
- Common challenges with Agile governance
- Establish a starting point
- Gain senior-level commitment
- Obtain necessary budget and other resource limitations
- Adapt to the specific enterprises environment
- Common challenges with Agile governance
- Risk-Informed System
- Common challenges with a risk-informed system
- Dealing with too much dataor the wrong kind of data
- Communicating information in terms specific stakeholders will understand and accept
- Getting the right information to the right people at the right time
- Additional considerations
- Maturity modeling
- Metric reporting
- Risk assessments (qualitative and quantitative)
- Common challenges with a risk-informed system
- Risk-Based Strategy and Execution
- Common challenges with risk-based strategy and execution
- Inadequate budget and other resources
- Compliance-driven strategy
- Common challenges with risk-based strategy and execution
- Risk Escalation and Disclosure
- Common challenges with risk escalation and disclosure
- A view of escalation thats largely limited to reacting to an incident
- The failure to identify and focus on enterprise-specific obligations
- Generic, isolated, or excessively broad materiality considerations
- Common challenges with risk escalation and disclosure
- Agile Governance
- Selling the Program
- The Bottom Line
- 8. The CRMP Applied to Operational Risk and Resilience
- Enterprise Functions That Interact with and Contribute to Operational Resilience
- A Malware Attack Shuts Down Maersks Systems Worldwide
- Guiding Operational Resilience Using the Four Core Cyber Risk Management Program Components
- Agile Governance
- Risk-Informed System
- Risk-Based Strategy and Execution
- Risk Escalation and Disclosure
- The Bottom Line
- 9. AI and Beyondthe Future of Risk Management in a Digitalized World
- AI Defined
- AI: A Whole New World of Risk
- Adversarial Machine Learning: NIST Taxonomy and Terminology
- Risk Management Frameworks with AI Implications
- NIST AI Risk Management Framework
- Model risk management (MRM) and the Federal Reserve Boards guidance
- Key AI Implementation Concepts and Frameworks
- Fairness and the risk of bias
- Soundness
- Robustness
- Explainability
- Risk Management Frameworks with AI Implications
- Beyond AI: The Digital Frontier Never Stops Moving
- The Bottom Line
- A. The Cyber Risk Management Program Framework v1.0
- Purpose and Context
- Structure of the Cyber Risk Management Program Framework
- Note: Framework Disclosure
- Index