Cyber Strategy Risk Driven Security and Resiliency 1st Edition by Carol Siegel, Mark Sweeney ISBN 9781000048506 1000048500
Original price was: $50.00.$35.00Current price is: $35.00.
Authors:Carol A. Siegel , Series:Cyber Security [332] , Tags:Cyber Strategy: Risk-Driven Security and Resiliency provides a process and roadmap for any company to develop its unified Cybersecurity and Cyber Resiliency strategies. It demonstrates a methodology for companies to combine their disassociated efforts into one corporate plan with buy-in from senior management that will efficiently utilize resources; target high risk threats; and evaluate risk assessment methodologies and the efficacy of resultant risk mitigations. The book discusses all the steps required from conception of the plan from preplanning (mission/vision; principles; strategic objectives; new initiatives derivation); project management directives; cyber threat and vulnerability analysis; cyber risk and controls assessment to reporting and measurement techniques for plan success and overall strategic plan performance.; Cybersecurity; Cyber Resiliency; Value Proposition; Strategy Life cycle; Preplanning; Cyber Threats; Risks and Controls; Vulnerabilities; and Intelligence Analysis , Author sort:Siegel, Carol A. , Ids:DOI , Languages:Languages:eng , Published:Published:Mar 2020 , Publisher:CRC , Comments:Comments:Cyber Strategy: Risk-Driven Security and Resiliency provides a process and roadmap for any company to develop its unified Cybersecurity and Cyber Resiliency strategies. It demonstrates a methodology for companies to combine their disassociated efforts into one corporate plan with buy-in from senior management that will efficiently utilize resources, target high risk threats, and evaluate risk assessment methodologies and the efficacy of resultant risk mitigations. The book discusses all the steps required from conception of the plan from preplanning (mission/vision, principles, strategic objectives, new initiatives derivation), project management directives, cyber threat and vulnerability analysis, cyber risk and controls assessment to reporting and measurement techniques for plan success and overall strategic plan performance.
Cyber Strategy Risk Driven Security and Resiliency 1st Edition by Carol Siegel, Mark Sweeney – Ebook PDF Instant Download/Delivery. 9781000048506 ,1000048500
Full download Cyber Strategy Risk Driven Security and Resiliency 1st Edition after payment
Product details:
ISBN 10: 1000048500
ISBN 13: 9781000048506
Author: Carol Siegel, Mark Sweeney
Cyber Strategy Risk Driven Security and Resiliency 1st Edition Table of contents:
Chapter 1 Why Cybersecurity and Cyber Resiliency Strategies Are Mandatory for Organizations Today
1.1 The Value Proposition
1.2 The 6 STEPs for Developing and Maintaining a Cybersecurity and Cyber Resiliency Strategy
1.3 Cybersecurity and Cyber Resiliency Strategy Key Players
1.4 Initiating the Strategy
1.5 Triggers to Create a Corporate Cybersecurity and Cyber Resiliency Strategy
1.6 Information Security vs. Cybersecurity
1.6.1 Information Security
1.6.2 Cybersecurity
1.7 Cyber Resiliency vs. Traditional Resiliency
1.8 Cybersecurity and Cyber Resiliency Strategy Life Cycle
1.9 Cyber Strategies vs. Cyber Programs
1.10 Cybersecurity and Cyber Resiliency Programs for Organizations
1.11 Cybersecurity and Cyber Resiliency Architecture: Standards and Frameworks
1.11.1 Enterprise Information Security Architecture
1.11.2 Regulatory Security Architecture
1.11.3 Introduction to the NIST Cybersecurity Framework (CSF)
1.12 Cyber Program Preplanning
1.13 Technical Areas of Concentration for a Cyber Program
Chapter 2 The 6 STEPs in Developing and Maintaining a Cybersecurity and Cyber Resiliency Strategy
2.1 STEP 1: Preplanning: Preparation for Strategy Development
2.1.1 Corporate Culture and Organizational Analysis
2.1.2 Matrixed Organizational Structure
2.1.3 Siloed Organizational Structure
2.1.4 Enabling the Organization for Strategy Adoption
2.1.5 Forming a Steering Committee
2.1.6 Creating Strategic Plan Critical Success Factors
2.1.7 Designating a Project Manager for the Steering Committee
2.1.8 Developing Steering Committee Tasks
2.1.9 Establishing Corporate Business Values
2.1.10 Determining the Mission/Vision, Principles, and Strategic Objectives for Cybersecurity and Cyber Resiliency
2.1.10.1 Mission/Vision
2.1.10.2 Cyber Program Principles
2.1.10.3 Strategic Objectives
2.2 STEP 2: Strategy Project Management
2.2.1 Initiatives for Cybersecurity Strategic Objectives
2.2.2 Initiatives for Cyber Resiliency Strategic Objectives
2.2.3 Creating a Strategy Project Charter
2.2.4 Aligning the Strategy with Other Existing Corporate Strategies and Corporate Business Objectives
2.2.5 Developing a Strategic Plan Overview Reporting Template
2.2.6 Determining Work Efforts
2.2.7 Strategy Timeline
2.2.8 Strategy Swimlane
2.2.9 NIST CSF Initiative Mapping
2.2.10 The Final Strategy Document Deliverable
2.3 STEP 3: Cyber Threats, Vulnerabilities, and Intelligence Analysis
2.3.1 Cyber Threats
2.3.1.1 Cyber Threat Risk Reporting
2.3.2 Threat Intelligence, Identification, and Modeling
2.3.3 Vulnerabilities
2.3.3.1 Asset Related Vulnerabilities
2.3.3.2 Vulnerability Severity Risk Reporting
2.4 STEP 4: Cyber Risks and Controls
2.4.1 Cyber Risk Category Definitions for Business
2.4.2 Risk Appetite and Risk Tolerance
2.4.3 Cyber Risk Measurement Methodologies
2.4.3.1 Cyber Risk Management
2.4.3.2 Cyber Risk Calculation
2.4.4 Controls
2.4.5 Cyber Insurance
2.5 STEP 5: Assessing Current and Target States
2.5.1 Types of Assessments
2.6 STEP 6: Measuring Strategic Plan Performance and End of Year (EoY) Tasks
2.6.1 Cyber Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs)
2.7 Governance Cycles and Processes
2.8 Proposing New Initiatives to Mitigate Threats and Reduce Risk
2.8.1 Cybersecurity and Cyber Resiliency Reporting – Yearly Report Example
2.8.2 Refining the Strategy over Time – End of Year (EoY) Tasks
2.8.2.1 Gathering Data to Measure Strategy Performance
2.8.2.2 Creating Yearly Reports to Show Performance
2.8.2.3 Determining New Initiatives for the Following Year
2.8.2.4 Perform Various Project Management Tasks
2.9 Checklists and Templates
Notes
Chapter 3 Strategy Project Management
3.1 Vision to Initiative Flow
3.2 Strategy Project Charter
3.3 Strategy Preparation Checklist
3.4 Strategy Timeline
3.5 Strategy Gantt Chart
3.6 Strategy Swimlane
3.7 Data Flow Diagrams for STEPs 2, 3, 4, 5, and 6
3.8 RACI Strategy Development Matrix
3.9 NIST CSF Initiative Mapping
3.10 The Final Strategy Deliverable
Chapter 4 Cyber Threats, Vulnerabilities, and Intelligence Analysis
4.1 Threats in the Context of a Cybersecurity and Cyber Resiliency Strategy
4.1.1 Definition of a Threat
4.1.2 Evolution of Cyber Threats
4.1.2.1 The Early Stages of Cyber Threats
4.1.2.2 Present-Day and Future Cyber Threat Actors
4.1.3 Types of Threats and Actors
4.1.3.1 Script Kiddies
4.1.3.2 Hacktivists
4.1.3.3 Organized Crime Groups
4.1.3.4 Nation-States
4.1.3.5 Insider Threats
4.1.3.6 Artificial Intelligence Powered Threats
4.1.4 Threat Intelligence, Identification, and Modeling
4.1.4.1 MITRE ATT&CK
4.1.4.2 Threat Intelligence, Identification, and Modeling within a Strategy and a Program
4.1.4.3 Monitoring for Threats
4.1.4.4 Reporting on Threat Intelligence
4.2 Vulnerabilities
4.2.1 Open Web Application Security Project (OWASP) Application Security Vulnerabilities
4.2.2 Identifying Vulnerabilities
4.2.2.1 Modern-Day Vulnerability Management Issues
4.2.3 Asset-Related Vulnerabilities
4.2.4 Common Vulnerability Scoring System (CVSS)
4.2.5 Vulnerabilities in the Context of a Strategy
4.3 Cyberattacks
4.3.1 Common Types of Cyberattacks
4.3.2 Typical Types of Losses Due to Cyberattacks
Notes
Chapter 5 Cyber Risks and Controls
5.1 Cyber Risk
5.1.1 Cyber Risk Framework
5.1.2 Risk Category Definitions
5.1.3 Risk Tolerance and Risk Appetite
5.1.3.1 Risk Appetite
5.1.3.2 Risk Tolerance
5.1.3.3 Risk Appetite vs. Risk Tolerance
5.1.4 Cyber Risk Measurement Methodologies
5.1.4.1 US National Institute of Standards and Technology’s Special Publications 800-30
5.1.5 A NIST 800-30 Cyber Risk Assessment Example
5.1.5.1 NIST Risk Descriptions for Government Entities
5.1.5.2 NIST Adversarial Threat Ratings
5.1.6 Other Well-Known Cyber Risk Assessment Methodologies
5.1.6.1 ISACA Risk Framework – Risk IT
5.1.6.2 The International Organization for Standardization/International Electrotechnical Commission’s (ISO/IEC) 27000
5.1.6.3 A Guide to the Project Management Body of Knowledge (PMBOK® Guide)
5.1.6.4 Open Web Application Security Project^TM (OWASP) Risk Rating Methodology
5.1.6.5 Committee of Sponsoring Organization of the Treadway Commission (COSO) Enterprise Risk Management (ERM)
5.1.6.6 Factor Analysis of Information Risk (FAIR)
5.1.6.7 Carnegie Mellon® Risk Quantification Method (CM RQM)
5.1.7 Risk Disclosure: The Securities and Exchange Commission (SEC) Guidance on Risk (Feb 2018)
5.2 IT Controls
5.2.1 Main Functions of Controls
5.2.2 Maturity of Controls
5.2.3 The Center for Internet Security Critical Security Controls
5.2.4 Auditing of Information Technology (IT) Controls
5.3 Cyber Insurance
5.3.1 Risk Transfer
Notes
Chapter 6 Current and Target State Assessments
6.1 Introduction to Assessments
6.2 Current State Assessments
6.2.1 Categories of Assessments
6.2.1.1 Self-Assessments
6.2.1.2 External/Third-Party Assessments
6.2.1.3 Audits (Internal & External)
6.2.2 Frameworks, Industry Standards, Regulations, and Models
6.2.2.1 NIST Cybersecurity Framework Core Identifiers and Categories
6.3 Conducting a Current State Assessment
6.4 Unmapped Initiatives Discussion
6.5 Target State Assessment
6.5.1 NIST CSF Target States
6.6 How to Rate Current and Target States
Chapter 7 Measuring Strategic Plan Performance and End of Year (EoY) Tasks
7.1 Evaluating the Strategy Against the Critical Success Factors
7.2 Key Risk Indicators (KRIs)
7.3 Key Performance Indicators (KPIs)
7.4 Reporting on the Strategies
7.4.1 Cybersecurity and Cyber Resiliency Initiatives Mapped to NIST CSF Subcategories
7.4.2 Cybersecurity Initiatives NOT Mapped to the NIST CSF
7.4.3 Initiative to CSF Mapping Per Objective
7.4.4 Strategic Plan Progress Reports – Cybersecurity and Cyber Resiliency
7.4.5 Current State to End of Year and Target State Maturity Tier Rating
7.4.6 Preparation of the EoY Performance Report
7.5 Determining New Initiatives for the Next Year
7.6 End of Year Tasks
7.6.1 Define the Strategy’s Pyramid Parameters for Following Year
7.6.2 Create the Timeline for Following Year
7.6.3 Confirm Steering Group Member Composition
7.6.4 Distribute EoY Performance Reports to Senior Management
7.6.5 End of Year Steering Committee Responsibilities RACI
7.6.6 Ensure Compliance with Regulations
7.6.7 Complete Governance Hoops
7.6.7.1 Governance Organization Diagram
7.6.7.2 Strategy Governance Body RACI
7.6.7.3 Governance Approval Swimlane for the Cybersecurity and Cyber Resiliency Strategy
7.6.8 Cybersecurity and Cyber Resiliency Strategy Life Cycle
Chapter 8 Checklists and Templates to Help Create an Enterprise-Wide Cybersecurity and Cyber Resiliency Strategy
8.1 Guides to Strategy Preparation
8.2 STEP 1: Preplanning: Preparation for Strategy Development
8.2.1 Preplanning Checklist
8.2.2 Mission/Vision, Principles, Strategic Objectives, and Initiatives Pyramid
8.2.3 Analyze Organizational and Cultural Structure
8.2.4 RACI Completion for STEP 1
8.2.5 Critical Success Factors Validation
8.2.6 Evaluate Organizational Readiness
8.3 STEP 2: Strategy Project Management
8.3.1 Project Charter
8.3.2 RACI Completion for STEP 2
8.3.3 Complete RACI Development for the Steering Committee Tasks
8.3.4 Data Flow Analysis for STEP 2
8.3.5 Develop Draft Final Deliverable Table of Contents
8.4 STEPs 3 and 4: Cyber Threats, Vulnerabilities, Intelligence Analysis, Risks, and Controls
8.4.1 RACI for STEPs 3 and 4: Cyber Threats, Vulnerabilities & Cyber Risks, and Controls
8.4.2 Data Flow Analysis for STEPs 3 and 4
8.4.3 Incidents to Controls Mapping
8.5 STEP 5: Current and Target State Assessments
8.5.1 RACI for STEP 5: Current and Target State Assessments
8.5.2 Data Flow Analysis for STEP 5: Current and Target State Assessments
8.5.3 Performing a Quantitative Risk Assessment
8.6 STEP 6: Measuring Plan Performance and EoY Tasks
8.6.1 Checklist for STEP 6: End of Year Tasks
8.6.2 RACI for STEP 6: Measuring Plan Performance and EoY Tasks
8.6.3 Data Flow Diagram for STEP 6: Measuring Strategic Plan Performance and EoY Tasks
8.6.4 Derive the Critical Success Factors
8.6.5 Review the Key Risk Indicators and Key Performance Indicators
8.6.6 Strategic Plan Reporting Template
8.6.7 Initiative to CSF Mapping Per Objective
8.6.8 Cybersecurity and Cyber Resiliency Yearly Report
8.6.9 Governance Hoops
8.6.10 Governance Approval Organization Hierarchy
8.6.11 Governance Approval RACI
8.6.12 Governance Approval Swimlane
8.7 Assembling the Full Project RACI
8.8 Chapter 8 Downloadable Files
People also search for Cyber Strategy Risk Driven Security and Resiliency 1st Edition:
cyber security resilience
cyber risk and resilience
cyber security and business resilience
cyber security resilience definition
You may also like…
