| Foreword |
|
xi | |
| Preface |
|
xiii | |
| Introduction |
|
xvii | |
|
Chapter 1 An Increasingly Vulnerable World |
|
|
1 | (38) |
|
|
|
1 | (3) |
|
1.1.1 Technological disruptions and globalization |
|
|
1 | (2) |
|
1.1.2 Data at the heart of industrial productivity |
|
|
3 | (1) |
|
1.1.3 Cyberspace, an area without boundaries |
|
|
3 | (1) |
|
|
|
4 | (1) |
|
|
|
4 | (11) |
|
1.2.1 The concept of cybercrime |
|
|
4 | (2) |
|
1.2.2 Five types of threats |
|
|
6 | (3) |
|
1.2.3 Five types of attackers |
|
|
9 | (6) |
|
1.3 The cybersecurity market |
|
|
15 | (2) |
|
1.3.1 The size of the market and its evolution |
|
|
15 | (1) |
|
1.3.2 The market by sector of activity |
|
|
15 | (1) |
|
1.3.3 Types of purchases and investments |
|
|
16 | (1) |
|
1.3.4 Geographical distribution |
|
|
17 | (1) |
|
|
|
17 | (13) |
|
|
|
17 | (7) |
|
1.4.2 Testimonials versus silence |
|
|
24 | (1) |
|
|
|
25 | (2) |
|
|
|
27 | (3) |
|
1.5 Examples of particularly exposed sectors of activity |
|
|
30 | (7) |
|
|
|
30 | (1) |
|
|
|
31 | (3) |
|
|
|
34 | (1) |
|
1.5.4 Tourism and business hotels |
|
|
35 | (1) |
|
1.5.5 Critical national infrastructure |
|
|
36 | (1) |
|
1.6 Responsibilities of officers and directors |
|
|
37 | (2) |
|
Chapter 2 Corporate Governance and Digital Responsibility |
|
|
39 | (30) |
|
2.1 Corporate governance and stakeholders |
|
|
39 | (1) |
|
|
|
40 | (7) |
|
2.2.1 Valuation of the company |
|
|
41 | (1) |
|
2.2.2 Cyber rating agencies |
|
|
42 | (1) |
|
|
|
43 | (1) |
|
2.2.4 Activist shareholders |
|
|
44 | (1) |
|
2.2.5 The stock exchange authorities |
|
|
45 | (1) |
|
|
|
45 | (2) |
|
2.3 The board of directors |
|
|
47 | (9) |
|
|
|
47 | (1) |
|
2.3.2 The four missions of the board of directors |
|
|
47 | (2) |
|
2.3.3 Civil and criminal liability |
|
|
49 | (1) |
|
2.3.4 The board of directors and cybersecurity |
|
|
50 | (3) |
|
2.3.5 The board of directors and data protection |
|
|
53 | (1) |
|
2.3.6 The statutory auditors |
|
|
54 | (1) |
|
2.3.7 The numerical responsibility of the board of directors |
|
|
55 | (1) |
|
2.4 Customers and suppliers |
|
|
56 | (2) |
|
2.5 Operational management |
|
|
58 | (11) |
|
2.5.1 The impacts of digital transformation |
|
|
58 | (1) |
|
2.5.2 The digital strategy |
|
|
59 | (3) |
|
2.5.3 The consequences of poor digital performance |
|
|
62 | (1) |
|
|
|
63 | (2) |
|
2.5.5 Merger and acquisition transactions |
|
|
65 | (1) |
|
2.5.6 Governance and data protection, cybersecurity |
|
|
66 | (3) |
|
|
|
69 | (30) |
|
|
|
69 | (2) |
|
|
|
71 | (1) |
|
|
|
72 | (4) |
|
3.3.1 Fraud against the president |
|
|
73 | (1) |
|
|
|
73 | (1) |
|
3.3.3 Other economic impacts |
|
|
74 | (2) |
|
|
|
76 | (2) |
|
|
|
76 | (1) |
|
3.4.2 Sanctions by the CNIL and the ICO |
|
|
77 | (1) |
|
3.5 The objectives of risk mapping |
|
|
78 | (1) |
|
3.6 The different methods of risk analysis |
|
|
79 | (2) |
|
3.7 Risk assessment (identify) |
|
|
81 | (2) |
|
|
|
81 | (1) |
|
|
|
82 | (1) |
|
|
|
83 | (1) |
|
|
|
83 | (1) |
|
|
|
84 | (1) |
|
|
|
85 | (1) |
|
3.12 Decentralized mapping |
|
|
85 | (9) |
|
3.12.1 The internal threat |
|
|
85 | (2) |
|
|
|
87 | (1) |
|
3.12.3 Suppliers, subcontractors and service providers |
|
|
88 | (1) |
|
|
|
89 | (5) |
|
|
|
94 | (2) |
|
3.14 Non-compliance risks and ethics |
|
|
96 | (3) |
|
|
|
99 | (20) |
|
|
|
99 | (4) |
|
4.1.1 Complaints filed with the CNIL |
|
|
100 | (1) |
|
|
|
101 | (1) |
|
|
|
102 | (1) |
|
|
|
103 | (1) |
|
4.2 The different international regulations (data protection) |
|
|
103 | (2) |
|
|
|
104 | (1) |
|
|
|
104 | (1) |
|
|
|
105 | (1) |
|
|
|
105 | (1) |
|
4.3 Cybersecurity regulations, the NIS Directive |
|
|
105 | (1) |
|
|
|
106 | (3) |
|
4.4.1 The banking industry |
|
|
106 | (2) |
|
|
|
108 | (1) |
|
4.5 The General Data Protection Regulation (GDPR) |
|
|
109 | (8) |
|
|
|
110 | (1) |
|
4.5.2 Definition of personal data |
|
|
110 | (1) |
|
4.5.3 The so-called "sensitive" data |
|
|
111 | (1) |
|
4.5.4 The principles of the GDPR |
|
|
112 | (1) |
|
4.5.5 The five actions to be in compliance with the GDPR |
|
|
113 | (1) |
|
4.5.6 The processing register |
|
|
113 | (1) |
|
4.5.7 The five actions to be carried out |
|
|
113 | (3) |
|
|
|
116 | (1) |
|
4.6 Consequences for the company and the board of directors |
|
|
117 | (2) |
|
Chapter 5 Best Practices of the Board of Directors |
|
|
119 | (28) |
|
|
|
120 | (1) |
|
5.2 Situational awareness |
|
|
121 | (5) |
|
|
|
121 | (4) |
|
|
|
125 | (1) |
|
|
|
126 | (12) |
|
|
|
126 | (1) |
|
5.3.2 The CISO and the company |
|
|
127 | (4) |
|
5.3.3 Clarifying responsibilities |
|
|
131 | (2) |
|
5.3.4 Streamlining the supplier portfolio |
|
|
133 | (1) |
|
5.3.5 Security policies and procedures |
|
|
134 | (3) |
|
|
|
137 | (1) |
|
|
|
138 | (4) |
|
|
|
139 | (2) |
|
|
|
141 | (1) |
|
5.4.3 Double authentication: better, but not 100% reliable |
|
|
142 | (1) |
|
5.5 Choosing your service providers |
|
|
142 | (1) |
|
|
|
143 | (1) |
|
|
|
144 | (1) |
|
5.8 The dashboard for officers and directors |
|
|
145 | (2) |
|
Chapter 6 Resilience and Crisis Management |
|
|
147 | (18) |
|
6.1 How to ensure resilience? |
|
|
147 | (2) |
|
|
|
149 | (1) |
|
|
|
149 | (1) |
|
|
|
150 | (1) |
|
6.5 The business continuity plan |
|
|
150 | (1) |
|
|
|
151 | (12) |
|
|
|
151 | (1) |
|
6.6.2 Exiting the state of sideration |
|
|
152 | (1) |
|
6.6.3 Ensuring business continuity |
|
|
153 | (1) |
|
6.6.4 Story of the TV5 Monde attack |
|
|
154 | (5) |
|
6.6.5 Management of the first few hours |
|
|
159 | (4) |
|
|
|
163 | (2) |
| Conclusion. The Digital Committee |
|
165 | (2) |
| Appendices |
|
167 | (2) |
| Appendix 1 Cybersecurity Dashboard |
|
169 | (4) |
| Appendix 2 Ensuring Cybersecurity in Practice and on a Daily Basis |
|
173 | (2) |
| Appendix 3 Tools to Identify, Protect, Detect, Train, React and Restore |
|
175 | (4) |
| Glossary |
|
179 | (4) |
| References |
|
183 | (4) |
| Index |
|
187 | |
Rohkem infot Wiley Online kohta