Muutke küpsiste eelistusi

E-raamat: Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program

4.00/5 (4 hinnangut Goodreads-ist)
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 01-Jan-2022
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484278215
Teised raamatud teemal:
  • Formaat - EPUB+DRM
  • Hind: 49,39 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Understand, Manage, and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber ProgramSuurem pilt
  • Formaat: EPUB+DRM
  • Ilmumisaeg: 01-Jan-2022
  • Kirjastus: APress
  • Keel: eng
  • ISBN-13: 9781484278215
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

When it comes to managing cybersecurity in an organization, most organizations tussle with basic foundational components. This practitioners guide lays down those foundational components, with real client examples and pitfalls to avoid.





A plethora of cybersecurity management resources are availablemany with sound advice, management approaches, and technical solutionsbut few with one common theme that pulls together management and technology, with a focus on executive oversight. Author Ryan Leirvik helps solve these common problems by providing a clear, easy-to-understand, and easy-to-deploy foundational cyber risk management approach applicable to your entire organization.

The book provides tools and methods in a straight-forward practical manner to guide the management of your cybersecurity program and helps practitioners pull cyber from a technical problem to a business risk management problem, equipping you with a simple approach to understand, manage, and measure cyber risk for your enterprise.











What You Will Learn















Educate the executives/board on what you are doing to reduce risk Communicate the value of cybersecurity programs and investments through insightful risk-informative metrics Know your key performance indicators (KPIs), key risk indicators (KRIs), and/or objectives and key results Prioritize appropriate resources through identifying program-related gaps Lay down the foundational components of a program based on real examples, including pitfalls to avoid















Who This Book Is For





CISOs, CROs, CIOs, directors of risk management, and anyone struggling to pull together frameworks or basic metrics to quantify uncertainty and address risk
About the Author ix
Acknowledgments xi
Foreword xiii
Introduction xvii
Part I The Problem
1(30)
Chapter 1 What Is the Problem?
3(4)
Chapter 2 Why Is It Complicated?
7(12)
Technology Is Everywhere
7(1)
Technology Is Complex
8(2)
Technology Was Built on Trust
10(1)
Technology Is an Opportunity for Misuse
10(1)
The Fundamental Risk Is Not Always Understood
11(1)
... And Business Leaders Need to Know What to Do
12(7)
Lack of a Common Cybersecurity Risk Language
13(2)
Unclear Answers for Proper Oversight
15(1)
Oh, and Umm... Distractors
16(3)
Chapter 3 How to Address This Problem
19(12)
Understand the Risk
19(4)
Manage the Risk
23(2)
Measure the Impact of Risk Management
25(6)
Choose Risk-Informative Measures
26(1)
Apply Appropriate Resources
27(1)
Drive for Value
27(1)
Be Clear on What to Measure
28(1)
Avoid Chasing "Perfect" (It's Not That Valuable)
29(2)
Part II The Solution
31(166)
Chapter 4 Understanding the Problem
33(48)
Rules to Follow
34(1)
Be Clear About the Problem (Critical Assets Are at Risk)
35(1)
Settle on a Definition of Risk
36(2)
Settle on a Definition of Critical
38(4)
Inventory and Categorize Critical Assets
42(8)
Step 1 Acknowledge That Asset Management Is Hard
44(1)
Step 2 Develop the Business Case
45(2)
Step 3 Define Your Asset Classes
47(1)
Step 4 Collect and Inventory in Each New Asset Class
48(1)
Step 5 Identify the Most Critical Assets
49(1)
Identify the Risks to These Critical Assets
50(13)
Step 5a Perform a Threat Analysis
51(3)
Step 5b Discover Vulnerabilities
54(3)
Step 5c Anticipate the Business Impact of an Event
57(4)
Step 5e Know the Applicable Laws and Regulations
61(2)
Understanding the Problem: A Recap
63(1)
Recent Examples
64(14)
Example 1 Getting Started with a Program
64(6)
Example 2 From Legacy "Perfection" to "Good Enough"
70(4)
Example 3 Data Protection Strategy, Please
74(3)
Example 4 What Risk?
77(1)
Pitfalls to Avoid
78(3)
Chapter 5 Manage the Problem
81(52)
General Observations and Guidelines for Managing the Risk
83(3)
Observations
83(1)
Guidelines
84(2)
Rules to Follow
86(1)
Focus on One Framework
86(5)
Structure the Program Approach
91(24)
Step 1 Set the Structure
93(2)
Step 2 Align the Risk Mitigating Activities
95(2)
Step 3 Assign Roles and Responsibilities
97(2)
Step 4 Identify Gaps and the Appropriate Activities to Fill Them
99(3)
Step 5 Look Externally (Third-party Risk Management)
102(3)
Step 5a Split the Questionnaire into Logical Columns
105(1)
Step 5b Build Each Column upon the One Before
105(1)
Step 5c Directly Relate the Question to the Risk
105(7)
Step 6 Pick the Right Tools and Avoid Distraction
112(3)
Set a Program Review Frequency
115(2)
Prepare to Respond and Recover
117(1)
Managing the Problem, a Recap
118(1)
Recent Examples
118(12)
Example 1 Addressing Too Many Frameworks
118(4)
Example 2 Many TPRM Tools
122(3)
Example 3 From Controls Focus to a Risk Strategy
125(3)
Example 4 Third-Party Without a Checklist
128(2)
Pitfalls to Avoid
130(3)
Chapter 6 Get Ready for Measures
133(4)
Chapter 7 Measure the Problem
137(28)
Rules to Follow
138(1)
Choose Informative Measures That Provide Actionable Values
139(5)
Step 1 Choose Actionable Measures
141(1)
Step 2 Define Clear Addressable Activities
142(1)
Step 3 Provide Actionable Reviews
143(1)
Research What Others Have Done (Measures That Have Worked)
144(2)
Metrics That Have Worked
145(1)
Be Clear About the Math
146(3)
Straight Math
146(1)
Less-Than-Straight Math
147(2)
Gain Buy-In from Stakeholders
149(2)
Develop a Reporting Structure for Consistency
151(1)
Allow Measures to Mature Over Time
152(3)
Recent Examples
155(8)
Example 1 Simple Measures Anyone?
155(5)
Example 2 Too Much Data, Not Enough Information
160(3)
Pitfalls to Avoid
163(2)
Chapter 8 Report Upward
165(8)
Rules to Follow
166(1)
Choose a Consistent Report Structure
167(2)
Provide Clear and Informative Measures
169(2)
Use Straightforward Terms
171(1)
Provide Recommendations for All Problems
171(1)
Pitfalls to Avoid
171(2)
Chapter 9 Questions Boards Should Ask
173(10)
A Tear Sheet for Boards
179(4)
Chapter 10 Conclusion
183(14)
First, Understand the Risk
183(6)
Next, Manage the Risk
189(3)
Then, Measure the Risk
192(4)
Go Forth and Prosper
196(1)
Appendix
197(8)
Illustration
197(1)
Step 1 Set the Structure
198(1)
Step 2 Align the Risk-Mitigating Activities
199(2)
Step 3 Assign Roles and Responsibilities
201(2)
Step 4 Identify Gaps (Including Third Parties) and the Appropriate Activities to Fill Them
203(1)
Step 5 Set the Action Plan
204(1)
Index 205
Ryan Leirvik is a cybersecurity professional who has spent the better part of two decades enhancing information security programs at the World's largest institutions. With considerable US Government and Commercial Sector experience, Ryan has employed his professional passion for cybersecurity at almost every level within an organization.

A frequent speaker on the topic of information security, Ryan fields several questions on How do I make sure I have a sustainable cyber program? This book was written to help answer that question.





Ryan has been the CEO of a cybersecurity Research and Development company, Chief of Staff and Associate Director of Cyber for the US Department of Defense, and a cybersecurity strategy consultant with McKinsey&Company. Ryans technology career started at IBM, and he has a Masters of IT from Virginia Tech, an MBA from Case Western Reserve University, as well as a Bachelor of Science from Purdue University. Ryan is also on the faculty at IANS.





 
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97814842782156e.html
Märksõnad: