Home Page Icon
Home Page
Table of Contents for
The Cyber Risk Handbook
Close
The Cyber Risk Handbook
by Domenic Antonucci
The Cyber Risk Handbook
Foreword The State of Cybersecurity
The Global Cyber Crisis
The Time for Change
Increasing Cyber Risk Management Maturity
About ISACA
About Ron Hale
About the Editor
List of Contributors
Acknowledgments
Chapter 1: Introduction
The CEO under Pressure
Toward an Effectively Cyber Risk–Managed Organization
Handbook Structured for the Enterprise
Handbook Structure, Rationale, and Benefits
Which Chapters Are Written for Me?
Chapter 2: Board Cyber Risk Oversight: What Needs to Change?
What Are Boards Expected to Do Now?
What Barriers to Action Will Well-Intending Boards Face?
What Practical Steps Should Boards Take Now to Respond?
Cybersecurity—The Way Forward
Notes
About Risk Oversight Solutions Inc.
About Tim J. Leech, FCPA, CIA, CRMA, CFE
About Lauren C. Hanlon, CPA, CIA, CRMA, CFE
Chapter 3: Principles Behind Cyber Risk Management
Cyber Risk Management Principles Guide Actions
Meeting Stakeholder Needs
Covering the Enterprise End to End
Applying a Single, Integrated Framework
Enabling a Holistic Approach
Separating Governance from Management
Conclusion
Notes
About RIMS
About Carol Fox
Chapter 4: Cybersecurity Policies and Procedures
Social Media Risk Policy
Ransomware Risk Policies and Procedures
Cloud Computing and Third-Party Vendors
Big Data Analytics
The Internet of Things
Mobile or Bring Your Own Devices (BYOD)
Conclusion
Notes
About IRM
About Elliot Bryan, BA (Hons), ACII
About Alexander Larsen, FIRM, President of Baldwin Global Risk Services
Chapter 5: Cyber Strategic Performance Management
Pitfalls in Measuring Cybersecurity Performance
Cybersecurity Strategy Required to Measure Cybersecurity Performance
Creating an Effective Cybersecurity Performance Management System
Conclusion
Note
About McKinsey Company
About James Kaplan
About Jim Boehm
Chapter 6: Standards and Frameworks for Cybersecurity
Putting Cybersecurity Standards and Frameworks in Context
Commonly Used Frameworks and Standards (a Selection)
Constraints on Standards and Frameworks
Conclusion
Notes
About Boston Consulting Group (BCG)
About William Yin
About Dr. Stefan A. Deutscher
Chapter 7: Identifying, Analyzing, and Evaluating Cyber Risks
The Landscape of Risk
The People Factor
A Structured Approach to Assessing and Managing Risk
Security Culture
Regulatory Compliance
Maturing Security
Prioritizing Protection
Conclusion
Notes
About the Information Security Forum (ISF)
About Steve Durbin
Chapter 8: Treating Cyber Risks
Introduction
Treating Cybersecurity Risk with the Proper Nuance in Line with an Organization’s Risk Profile
Determining the Cyber Risk Profile
Treating Cyber Risk
Alignment of Cyber Risk Treatment
Practicing Cyber Risk Treatment
Conclusion
About KPMG
About John Hermans
About Ton Diemont
Chapter 9: Treating Cyber Risks Using Process Capabilities
Cybersecurity Processes Are the Glue That Binds
No Intrinsic Motivation to Document
Leveraging ISACA COBIT 5 Processes
COBIT 5 Domains Support Complete Cybersecurity Life Cycle
Conclusion
About ISACA
About Todd Fitzgerald
Chapter 10: Treating Cyber Risks—Using Insurance and Finance
Tailoring a Quantified Cost-Benefit Model
Planning for Cyber Risk Insurance
The Risk Manager’s Perspective on Planning for Cyber Insurance
Cyber Insurance Market Constraints
Conclusion
Notes
About Aon
About Kevin Kalinich, Esq.
Chapter 11: Monitoring and Review Using Key Risk Indicators (KRIs)
Definitions
KRI Design for Cyber Risk Management
Conclusion
Notes
About Wability
About Ann Rodriguez
Chapter 12: Cybersecurity Incident and Crisis Management
Cybersecurity Incident Management
Cybersecurity Crisis Management
Conclusion
About CLUSIF
About Gérôme Billois, CISA, CISSP and ISO27001 Certified
About Wavestone
Chapter 13: Business Continuity Management and Cybersecurity
Good International Practices for Cyber Risk Management and Business Continuity
Embedding Cybersecurity Requirements in BCMS
Developing and Implementing BCM Responses for Cyber Incidents
Conclusion
Appendix: Glossary of Key Terms
About Marsh
About Marsh Risk Consulting
About Sek Seong Lim, CBCP, PMC
Chapter 14: External Context and Supply Chain
External Context
Building Cybersecurity Management Capabilities from an External Perspective
Measuring Cybersecurity Management Capabilities from an External Perspective
Conclusion
About The SCRLC
About Nick Wildgoose, BA (Hons), FCA, FCIPS
Chapter 15: Internal Organization Context
The Internal Organization Context for Cybersecurity
Tailoring Cybersecurity to Enterprise Exposures
Conclusion
Note
About Domenic Antonucci
About Bassam Alwarith
Chapter 16: Culture and Human Factors
Organizations as Social Systems
Human Factors and Cybersecurity
Training
Frameworks and Standards
Technology Trends and Human Factors
Conclusion
Note
About Avinash Totade
About Sandeep Godbole
Chapter 17: Legal and Compliance
European Union and International Regulatory Schemes
U.S. Regulations
Counsel’s Advice and “Boom” Planning
Conclusion
Notes
About the Cybersecurity Legal Task Force
About Harvey Rishikof
About Conor Sullivan
Chapter 18: Assurance and Cyber Risk Management
What the Internal Auditor Expects from an Organization Managing Its Cyber Risks Effectively
How to Deal with Two Differing Assurance Maturity Scenarios
Combined Assurance Reporting by ERM Head
Conclusion
About Stig Sunde, CISA, CIA, CGAP, CRISC, IRM Cert.
Chapter 19: Information Asset Management for Cyber
The Invisible Attacker
A Troubling Trend
Thinking Like a General
The Immediate Need—Best Practices
Cybersecurity for the Future
Time to Act
Conclusion
About Booz Allen Hamilton
About Christopher Ling
Chapter 20: Physical Security
Tom Commits to a Plan
Get a Clear View on the Physical Security Risk Landscape and the Impact on Cybersecurity
Manage or Review the Cybersecurity Organization
Design or Review Integrated Security Measures
Reworking the Data Center Scenario
Calculate or Review Exposure to Adversary Attacks
Optimize Return on Security Investment
Conclusion
About Radar Risk Group
About Inge Vandijck
About Paul van Lerberghe
Chapter 21: Cybersecurity for Operations and Communications
Do You Know What You Do Not Know?
Threat Landscape—What Do You Know About Your Organization Risk and Who Is Targeting You?
Data and Its Integrity—Does Your Risk Analysis Produce Insight?
Digital Revolution—What Threats Will Emerge as Organizations Continue to Digitize?
Changes—How Will Your Organization or Operational Changes Affect Risk?
People—How Do You Know Whether an Insider or Outsider Presents a Risk?
What’s Hindering Your Cybersecurity Operations?
Challenges from Within
What to Do Now
Conclusion
About EY
About Chad Holmes
About James Phillippe
Chapter 22: Access Control
Taking a Fresh Look at Access Control
Organization Requirements for Access Control
User Access Management
User Responsibility
System and Application Access Control
Mobile Devices
Teleworking
Other Considerations
Conclusion
Notes
About Sidriaan de Villiers, PwC Partner South Africa
Chapter 23: Cybersecurity Systems: Acquisition, Development, and Maintenance
Build, Buy, or Update: Incorporating Cybersecurity Requirements and Establishing Sound Practices
Specific Considerations
Conclusion
Notes
About Deloitte Advisory Cyber Risk Services
About Michael Wyatt
Chapter 24: People Risk Management in the Digital Age
Rise of the Machines
Enterprise-Wide Risk Management
Tomorrow’s Talent
Crisis Management
Risk Culture
Conclusion
Notes
About Airmic
About Julia Graham
Chapter 25: Cyber Competencies and the Cybersecurity Officer
The Evolving Information Security Professional
The Duality of the CISO
Job Responsibilities and Tasks
Conclusion
Notes
About ISACA
About Ron Hale
Chapter 26: Human Resources Security
Needs of Lower-Maturity HR Functions
Needs of Mid-Maturity HR Functions
Needs of Higher-Maturity HR Functions
Conclusion
Notes
About Domenic Antonucci
Epilogue
Background
Becoming CyberSmart
Notes
About Domenic Antonucci
About Didier Verstichel
Glossary
Index
EULA
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset