| Edition |
1st ed |
| Descript |
1 online resource (251 pages) |
|
text txt rdacontent |
|
computer c rdamedia |
|
online resource cr rdacarrier |
| Note |
Intro -- BEYOND CYBERSECURITY -- Contents -- Foreword -- Preface -- Executive Summary -- 1 Cyber‐attacks Jeopardize Companies' Pace of Innovation -- Risk of Cyber‐attacks Reduces the Value of Technology for Business -- Lower Frontline Productivity -- Less Money for IT Initiatives that Create Value -- Slower Adoption of New Technologies -- The Risks Are High for Everyone, Every where -- Companies Must Contend with a Wide Range of Risks and Threats -- The Risks Are Strategic -- Defenders Are Falling Behind Attackers -- Technology Changes Favor Attackers -- Attacker's Jurisdictional Advantage -- The Resources Available to State‐Sponsored Attackers -- State‐Level Capabilities Being More Widely Disseminated -- The Global Market for Cyber‐attacks -- Institutions Lack the Insights to Make Intelligent Cybersecurity Decisions -- Sector, Size, and Spend Make No Difference to Cyber‐risk Management Maturity -- 2 It Could Get Better-or 3 Trillion Worse -- Scenario Planning and Cybersecurity -- What's at Stake? -- Scenario 1: Muddling into the Future -- The Billion‐Dollar Implication -- Scenario 2: Digital Backlash -- Jeopardizing Business Models … and Entire Companies -- Scenario 3: Digital Resilience -- Fundamental Change in Cybersecurity Operating Models -- Benign Broader Cybersecurity Environment -- Realizing the Full Value -- 3 Prioritize Risks and Target Protections -- Untargeted Security Measures Serve Only Attackers -- Prioritize Information Assets and Risks in a Way that Engages Business Leaders -- Define Assets and Risks in Business Terms -- Proactively Engage Senior Leaders -- Perform Deep Dives for "Long‐Tail" Risks -- Provide Differentiated Protection for the Most Important Assets -- Selectively Layer Enhanced Controls on Top of a Baseline Level of Security -- Map Information Assets to Technology Systems |
|
Use Full Range of Controls but Organize into Tiers -- Evaluate Different Combinations of Controls -- Delivering Targeted Protection of Priority Assets in Practice -- Phase 1: Prepare and Collect Data -- Phase 2: Assess Risks and Assets -- Phase 3: Define and Implement Differentiated Protections -- 4 Do Business in a Digitally Resilient Way -- Build Digital Resilience into All Business Processes -- Product Development and Management -- Sales and Marketing -- Operations -- Procurement -- Human Resources -- Risk Management and Compliance -- Enlist Frontline Personnel to Protect the Assets They Use -- Segment Users Based on the Information They Need -- Draw on Existing Safety and Quality Efforts -- Employ "Design Thinking" to Make It Easy to Do the Right Thing -- Apply a Broad Set of Mutually Reinforcing Actions -- 5 Modernize IT to Secure IT -- Six Ways to Embed Cybersecurity into the IT Environment -- 1. Accelerate Migration to the Private Cloud -- 2. Use the Public Cloud Selectively and Intentionally -- 3. Build Security into Applications -- 4. Move to Near Pervasive End‐User Virtualization -- 5. Use Software‐Defined Networking to Compartmentalize the Network -- 6. Use Dedicated Document Management and Workflow Tools Instead of E‐mail -- Engage with IT Leaders to Implement Required Changes -- 6 Engage Attackers with Active Defense -- The Limitations of Passive Defense -- Know the Enemy and Act Accordingly -- Maintain Up‐to‐Date Intelligence -- Mitigate Insider Threats -- Engage the Adversary on the Organization's Network -- Partner to Mitigate External Threats -- 7 After the Breach: Improve Incident Response across Business Functions -- Draw Up an Incident Response Plan -- Clarify Decision‐Making Responsibilities -- Strengthen Internal Coordination and Accountability -- Tighten Third‐Party Collaboration -- Overcome the Shortfalls of Existing IR Plans |
|
The Components of a Robust IR Plan -- Test the Plan Using War Games -- How to Run a War Game -- Conduct Postmortems on Real Breaches to improve IR plan -- 8 Build a Program that Drives toward Digital Resilience -- What It Takes to Get to Digital Resilience -- Drive Business Collaboration and Engagement -- Focus the IT Organization -- Upgrade Cybersecurity Skills -- Six Steps to Launch a Digital Resilience Program -- 1. Surface the Full Set of Issues -- 2. Define an Aspirational but Specific Target State -- 3. Determine How to Evolve the Cybersecurity Delivery System -- 4. Set Out the Risk/Resource Trade‐offs for Senior Management -- 5. Develop a Plan Aligned with Both Business and Technology -- 6. Ensure Sustained Business Engagement on Cybersecurity Issues -- 9 Creating a Resilient Digital Ecosystem -- The Digital Ecosystem -- The Power of a Resilient Digital Ecosystem -- What's Required to Create a Resilient Digital Ecosystem -- Collaboration for a Resilient Ecosystem -- Domestic and International Policy -- Community Action -- Systemic Action -- Conclusion -- Acknowledgments -- About the Authors -- Index -- EULA |
|
PRAISE FOR BEYOND CYBERSECURITY "As all companies become digital companies, it will be increasingly important to understand the risks and opportunities of an interconnected world. Protecting your digital assets is no longer a technical conversation alone, but one that should involve the Board and senior executives. The successful companies will be those who create business plans, strategies, and products with security in mind." -John T. Chambers, Chairman and CEO, Cisco "This study offers concrete, actionable, and business-wise recommendations to strengthen cyber resilience. The study not only demonstrates the value of targeting investments against cyber threats, but also provides a detailed guide that executives can apply to their own specific business needs and priorities. The recommendations on active cyber defenses and incident response planning are equally timely and compelling." -Dr. Paul Stockton, former Assistant Secretary of Defense for Homeland Defense and Americas' Security Affairs "The cyber-attackers are winning. This alarming and much-needed new book argues that fighting back is not just an IT matter but a fundamental challenge for management. The authors methodically lay out a pragmatic approach to achieve a 'resilience' that can keep business safe and our increasingly digital economy humming." -David Kirkpatrick, Founder of the Techonomy conference and author of The Facebook Effect: The Inside Story of the Company that is Connecting the World "In the world of digital business strategies, protecting information assets is a board level concern. This book explains why cybersecurity is so important and provides practical guidance about what executives from the CISO to the CIO to the CEO should do to make their companies more resilient in the face of ever more relentless cyber-attacks." -Terry Rice, AVP, IT Risk Management and |
|
CISO, Merck & Co., Inc. "For all the growing discussion in government briefing rooms and corporate boardrooms of cyber defense and deterrence, 'resilience' is the real magic word in reaching true cybersecurity. Beyond Cybersecurity provides a much needed deep-dive for those who want to learn more. From how to prepare senior leaders to building organizational scorecards to protecting the broader digital ecosystem, it hits all the core points of this most crucial topic." -P.W. Singer, author of Cybersecurity and Cyberwar: What Everyone Needs to Know "Today, all organizations must operate from a presumption that their cyber defenses have been breached. This book will help them act on that reality effectively and efficiently." -Col. (Ret.) Robert Butler, former Deputy Assistant Secretary of Defense for Cyber Policy |
|
Description based on publisher supplied metadata and other sources |
|
Electronic reproduction. Ann Arbor, Michigan : ProQuest Ebook Central, 2020. Available via World Wide Web. Access may be limited to ProQuest Ebook Central affiliated libraries |
| Link |
Print version: Kaplan, James M. Beyond Cybersecurity : Protecting Your Digital Business
Somerset : John Wiley & Sons, Incorporated,c2015 9781119026846
|
| Subject |
Computer networks -- Security measures.;Computer networks -- Access control
|
|
Electronic books
|
| Alt Author |
Bailey, Tucker
|
|
Marcus, Alan
|
|
Rezek, Chris
|
|
O'Halloran, Derek
|
|
Bailey, Tucker
|
|
