{"product_id":"cyber-guardians-isbn-9781394226221","title":"Cyber Guardians","description":"\u003cp\u003e\u003cb\u003eA comprehensive overview for directors aiming to meet their cybersecurity responsibilities\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eCyber Guardians: Empowering Board Members for Effective Cybersecurity\u003c\/i\u003e, veteran cybersecurity advisor Bart McDonough delivers a comprehensive and hands-on roadmap to effective cybersecurity oversight for directors and board members at organizations of all sizes. The author includes real-world case studies, examples, frameworks, and blueprints that address relevant cybersecurity risks, including the industrialized ransomware attacks so commonly found in today’s headlines. \u003c\/p\u003e\u003cp\u003eIn the book, you’ll explore the modern cybersecurity landscape, legal and regulatory requirements, risk management and assessment techniques, and the specific role played by board members in developing and promoting a culture of cybersecurity. You’ll also find: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eExamples of cases in which board members failed to adhere to regulatory and legal requirements to notify the victims of data breaches about a cybersecurity incident and the consequences they faced as a result\u003c\/li\u003e \u003cli\u003eSpecific and actional cybersecurity implementation strategies written for readers without a technical background\u003c\/li\u003e \u003cli\u003eWhat to do to prevent a cybersecurity incident, as well as how to respond should one occur in your organization\u003c\/li\u003e\n\u003c\/ul\u003e\u003cp\u003eA practical and accessible resource for board members at firms of all shapes and sizes, \u003ci\u003eCyber Guardians \u003c\/i\u003eis relevant across industries and sectors and a must-read guide for anyone with a stake in robust organizational cybersecurity. \u003c\/p\u003e\u003cp\u003ePreface: What to Expect from This Book xv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introduction 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSummary of a Board’s Incident Response 5\u003c\/p\u003e \u003cp\u003eChecklist for a Board’s Incident Response 8\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Cybersecurity Basics 11\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCIA Framework 13\u003c\/p\u003e \u003cp\u003eKey Cybersecurity Concepts and Terminology for Board Members 19\u003c\/p\u003e \u003cp\u003eThreats and Risks 19\u003c\/p\u003e \u003cp\u003eVulnerabilities and Exploits 20\u003c\/p\u003e \u003cp\u003eMalware 21\u003c\/p\u003e \u003cp\u003eSocial Engineering 22\u003c\/p\u003e \u003cp\u003eEncryption and Data Protection 23\u003c\/p\u003e \u003cp\u003eAuthentication and Access Control 24\u003c\/p\u003e \u003cp\u003eCommon Cyber Threats and Risks Faced by Companies 26\u003c\/p\u003e \u003cp\u003ePhishing 26\u003c\/p\u003e \u003cp\u003eMalware 27\u003c\/p\u003e \u003cp\u003eRansomware 28\u003c\/p\u003e \u003cp\u003eBusiness Email Compromise 29\u003c\/p\u003e \u003cp\u003eInsider Threats 30\u003c\/p\u003e \u003cp\u003eThird-Party Risk 31\u003c\/p\u003e \u003cp\u003eMistakes\/Errors 32\u003c\/p\u003e \u003cp\u003eEmerging Threats 33\u003c\/p\u003e \u003cp\u003eAdvanced Persistent Threats 34\u003c\/p\u003e \u003cp\u003eSupply Chain Attacks 35\u003c\/p\u003e \u003cp\u003eData Destruction 36\u003c\/p\u003e \u003cp\u003eZero-Day Exploits 37\u003c\/p\u003e \u003cp\u003eInternet of Things Attacks 38\u003c\/p\u003e \u003cp\u003eCloud Security 39\u003c\/p\u003e \u003cp\u003eMobile Device Security 40\u003c\/p\u003e \u003cp\u003eKey Technologies and Defense Strategies 42\u003c\/p\u003e \u003cp\u003eFirewall Technology 42\u003c\/p\u003e \u003cp\u003eIntrusion Detection\/Prevention Systems 43\u003c\/p\u003e \u003cp\u003eEncryption 44\u003c\/p\u003e \u003cp\u003eMultifactor Authentication 45\u003c\/p\u003e \u003cp\u003eVirtual Private Network 46\u003c\/p\u003e \u003cp\u003eAntivirus and Anti-malware Software 47\u003c\/p\u003e \u003cp\u003eEndpoint Detection and Response 48\u003c\/p\u003e \u003cp\u003ePatch Management 49\u003c\/p\u003e \u003cp\u003eCloud Technology 49\u003c\/p\u003e \u003cp\u003eIdentity and Access Management 50\u003c\/p\u003e \u003cp\u003eMobile Device Management 51\u003c\/p\u003e \u003cp\u003eData Backup and Recovery 52\u003c\/p\u003e \u003cp\u003eZero-Trust Architecture 54\u003c\/p\u003e \u003cp\u003eMicro-segmentation 55\u003c\/p\u003e \u003cp\u003eSecure Access Service Edge 56\u003c\/p\u003e \u003cp\u003eContainerization 56\u003c\/p\u003e \u003cp\u003eArtificial Intelligence and Machine Learning 57\u003c\/p\u003e \u003cp\u003eBlockchain 59\u003c\/p\u003e \u003cp\u003eQuantum Computing 61\u003c\/p\u003e \u003cp\u003eThreat Intelligence 64\u003c\/p\u003e \u003cp\u003eWhat Is Threat Intelligence? 65\u003c\/p\u003e \u003cp\u003eHow Can Threat Intelligence Help Organizations? 65\u003c\/p\u003e \u003cp\u003eWhat Should Board Members Know About Threat Intelligence? 66\u003c\/p\u003e \u003cp\u003eThreat Actors 67\u003c\/p\u003e \u003cp\u003eExternal Threat Actors 68\u003c\/p\u003e \u003cp\u003eState-Sponsored Attackers 68\u003c\/p\u003e \u003cp\u003eHacktivists 70\u003c\/p\u003e \u003cp\u003eCybercriminals 70\u003c\/p\u003e \u003cp\u003eCompetitors 72\u003c\/p\u003e \u003cp\u003eTerrorists 72\u003c\/p\u003e \u003cp\u003eInternal Actors 73\u003c\/p\u003e \u003cp\u003eEmployees 73\u003c\/p\u003e \u003cp\u003eContractors 75\u003c\/p\u003e \u003cp\u003eThird-Party Vendors 76\u003c\/p\u003e \u003cp\u003eMotivations of Threat Actors 77\u003c\/p\u003e \u003cp\u003eFinancial Gain 77\u003c\/p\u003e \u003cp\u003ePolitical and Strategic Objectives 78\u003c\/p\u003e \u003cp\u003eIdeological Beliefs 79\u003c\/p\u003e \u003cp\u003ePersonal Motivations 80\u003c\/p\u003e \u003cp\u003eTactics, Techniques, and Procedures 81\u003c\/p\u003e \u003cp\u003eExamples of TTPs Used by Different Threat Actors 81\u003c\/p\u003e \u003cp\u003eMITRE ATT\u0026amp;CK Framework 83\u003c\/p\u003e \u003cp\u003eChapter 2 Summary 85\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Legal and Regulatory Landscape 87\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview of Relevant Cybersecurity Regulations and Laws 90\u003c\/p\u003e \u003cp\u003eFederal Regulations in the United States 90\u003c\/p\u003e \u003cp\u003eThe Federal Trade Commission Act 90\u003c\/p\u003e \u003cp\u003eThe Gramm-Leach-Bliley Act 92\u003c\/p\u003e \u003cp\u003eThe Health Insurance Portability and Accountability Act 94\u003c\/p\u003e \u003cp\u003eState Regulations in the United States 97\u003c\/p\u003e \u003cp\u003eData Breach Notification Laws 97\u003c\/p\u003e \u003cp\u003eCalifornia Consumer Privacy Act 99\u003c\/p\u003e \u003cp\u003eEuropean Union Regulations 101\u003c\/p\u003e \u003cp\u003eGeneral Data Protection Regulation 101\u003c\/p\u003e \u003cp\u003eNetwork and Information Security Directive 102\u003c\/p\u003e \u003cp\u003eePrivacy Directive 104\u003c\/p\u003e \u003cp\u003eIndustry Standards 105\u003c\/p\u003e \u003cp\u003ePayment Card Industry Data Security Standard 105\u003c\/p\u003e \u003cp\u003eNational Institute of Standards and Technology 107\u003c\/p\u003e \u003cp\u003eSecurities Exchange Commission 108\u003c\/p\u003e \u003cp\u003e2011 Cybersecurity Disclosure Guidance 108\u003c\/p\u003e \u003cp\u003e2018 Cybersecurity Disclosure Guidance 108\u003c\/p\u003e \u003cp\u003e2023 Proposal for New Cybersecurity Requirements 109\u003c\/p\u003e \u003cp\u003eDiscussion of Compliance Requirements and Industry Standards 112\u003c\/p\u003e \u003cp\u003eCompliance Requirements 112\u003c\/p\u003e \u003cp\u003eSarbanes-Oxley Act 112\u003c\/p\u003e \u003cp\u003eNew York State Department of Financial Services Cybersecurity Regulation 114\u003c\/p\u003e \u003cp\u003eIndustry Standards 117\u003c\/p\u003e \u003cp\u003eCenter for Internet Security Controls 117\u003c\/p\u003e \u003cp\u003eInternational Organization for Standardization 27001 118\u003c\/p\u003e \u003cp\u003eIndividual Director Liability 120\u003c\/p\u003e \u003cp\u003eChapter 3 Summary 124\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Board Oversight of Cybersecurity 127\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Board’s Role in Overseeing Cybersecurity Strategy 129\u003c\/p\u003e \u003cp\u003eLegal Responsibilities 130\u003c\/p\u003e \u003cp\u003eDeveloping an Effective Cybersecurity Governance Framework 131\u003c\/p\u003e \u003cp\u003eBest Practices for Board Engagement and Reporting 133\u003c\/p\u003e \u003cp\u003eRegular Reporting 133\u003c\/p\u003e \u003cp\u003eUse of Metrics 134\u003c\/p\u003e \u003cp\u003eExecutive Briefings 136\u003c\/p\u003e \u003cp\u003eCybersecurity Drills 137\u003c\/p\u003e \u003cp\u003eIndependent Assessments 138\u003c\/p\u003e \u003cp\u003eOvercoming Objections to Effective Cybersecurity Oversight 139\u003c\/p\u003e \u003cp\u003ePromoting a Cybersecurity Culture 141\u003c\/p\u003e \u003cp\u003eChapter 4 Summary 143\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Board Oversight of Cybersecurity: Ensuring Effective Governance 145\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Role of the Board in Overseeing Cybersecurity 147\u003c\/p\u003e \u003cp\u003eDeveloping an Effective Cybersecurity Governance Framework 150\u003c\/p\u003e \u003cp\u003eConduct a Cybersecurity Risk Assessment 150\u003c\/p\u003e \u003cp\u003eImplement a Threat Intelligence Program 150\u003c\/p\u003e \u003cp\u003eDevelop a Risk Management Framework 150\u003c\/p\u003e \u003cp\u003ePrioritize High-Impact Risks 151\u003c\/p\u003e \u003cp\u003eRegularly Review and Update Risk Management Strategies 151\u003c\/p\u003e \u003cp\u003eStrategies for Identifying, Assessing, and Prioritizing Cyber Risks 152\u003c\/p\u003e \u003cp\u003eConducting Cybersecurity Risk Assessments 154\u003c\/p\u003e \u003cp\u003eHow to Develop and Promote a Culture of Cybersecurity 156\u003c\/p\u003e \u003cp\u003eChapter 5 Summary 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Incident Response and Business Continuity Planning 161\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImplementing Cybersecurity Policies and Procedures 164\u003c\/p\u003e \u003cp\u003eIncident Response and Business Continuity Planning 165\u003c\/p\u003e \u003cp\u003eIncident Response Plan 166\u003c\/p\u003e \u003cp\u003eBusiness Continuity Planning 166\u003c\/p\u003e \u003cp\u003eIncident Response Planning 167\u003c\/p\u003e \u003cp\u003eDefining the Types of Assessments 170\u003c\/p\u003e \u003cp\u003ePenetration Testing 170\u003c\/p\u003e \u003cp\u003eVulnerability Scanning 171\u003c\/p\u003e \u003cp\u003eSecurity Risk Assessments 173\u003c\/p\u003e \u003cp\u003eThreat Modeling 174\u003c\/p\u003e \u003cp\u003eSocial Engineering Assessments 175\u003c\/p\u003e \u003cp\u003eCompliance Assessments 176\u003c\/p\u003e \u003cp\u003eRed Team\/Blue Team Exercise 177\u003c\/p\u003e \u003cp\u003eChapter 6 Summary 178\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Vendor Management and Third-Party Risk 181\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Importance of Third-Party Risk Management for Board Members 183\u003c\/p\u003e \u003cp\u003eBest Practices for Managing Third-Party Cyber Risk 184\u003c\/p\u003e \u003cp\u003eLegal and Regulatory Considerations in Third-Party Risk Management 185\u003c\/p\u003e \u003cp\u003eSample Questions to ask Third-Party Vendors 187\u003c\/p\u003e \u003cp\u003eChapter 7 Summary 189\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Cybersecurity Training and Awareness 191\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImportance of Cybersecurity Awareness for All Employees 193\u003c\/p\u003e \u003cp\u003eStrategies for Providing Effective Training and Awareness Programs 195\u003c\/p\u003e \u003cp\u003eMore Detail on Effective Training Strategies 198\u003c\/p\u003e \u003cp\u003eChapter 8 Summary 200\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Cyber Insurance 201\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Cyber Insurance 202\u003c\/p\u003e \u003cp\u003eWhat Is Cyber Insurance? 202\u003c\/p\u003e \u003cp\u003eWhy Is Cyber Insurance Important? 203\u003c\/p\u003e \u003cp\u003eEvolution of Cyber Insurance 204\u003c\/p\u003e \u003cp\u003eThe Role of the Board in Cyber Insurance 204\u003c\/p\u003e \u003cp\u003eKey Components of Cyber Insurance 205\u003c\/p\u003e \u003cp\u003eTypes of Coverage 205\u003c\/p\u003e \u003cp\u003ePolicy Limits and Deductibles 206\u003c\/p\u003e \u003cp\u003eExclusions 207\u003c\/p\u003e \u003cp\u003eRetroactive Dates 207\u003c\/p\u003e \u003cp\u003ePolicy Periods 208\u003c\/p\u003e \u003cp\u003eCyber Risk Assessments 208\u003c\/p\u003e \u003cp\u003eEvaluating and Purchasing Cyber Insurance 209\u003c\/p\u003e \u003cp\u003eAssessing the Organization’s Risk Profile 209\u003c\/p\u003e \u003cp\u003eDetermining the Appropriate Level of Coverage 210\u003c\/p\u003e \u003cp\u003eSelecting an Insurer 211\u003c\/p\u003e \u003cp\u003eNegotiating Terms and Conditions 211\u003c\/p\u003e \u003cp\u003eImplementing the Policy 212\u003c\/p\u003e \u003cp\u003eManaging and Reviewing the Cyber Insurance Policy 213\u003c\/p\u003e \u003cp\u003eFiling a Claim 213\u003c\/p\u003e \u003cp\u003eManaging a Claim Dispute 214\u003c\/p\u003e \u003cp\u003eReviewing and Renewing the Policy 214\u003c\/p\u003e \u003cp\u003eChapter 9 Summary 215\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Conclusion: Moving Forward with Cybersecurity Governance 219\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Board’s Role in Cybersecurity Governance 222\u003c\/p\u003e \u003cp\u003eKey Takeaways and Action Items for Board Members 225\u003c\/p\u003e \u003cp\u003eChapter 10 Summary 226\u003c\/p\u003e \u003cp\u003eAppendix A Checklist of Key Considerations for Board Members 229\u003c\/p\u003e \u003cp\u003eAppendix B Sample Questions 231\u003c\/p\u003e \u003cp\u003eAppendix C Sample Board Meeting Agenda 233\u003c\/p\u003e \u003cp\u003eAppendix D List of Key Vendors 235\u003c\/p\u003e \u003cp\u003eAppendix E Cybersecurity Resources 237\u003c\/p\u003e \u003cp\u003eAppendix F Cybersecurity Books 239\u003c\/p\u003e \u003cp\u003eAppendix G Cybersecurity Podcasts 241\u003c\/p\u003e \u003cp\u003eAppendix H Cybersecurity Websites and Blogs 243\u003c\/p\u003e \u003cp\u003eAppendix I Tabletop Exercise: Cybersecurity Incident Response 245\u003c\/p\u003e \u003cp\u003eAppendix J Articles 249\u003c\/p\u003e \u003cp\u003eAbout the Author 253\u003c\/p\u003e \u003cp\u003eAcknowledgments 255\u003c\/p\u003e \u003cp\u003eIndex 257\u003c\/p\u003e  \u003cp\u003e\u003cb\u003eBART R. McDONOUGH,\u003c\/b\u003e the CEO and Founder of Agio, uses his extensive 20-plus years of IT and cybersecurity expertise to decode complex cybersecurity subjects, establishing him as a reliable resource for clients. His acclaimed book \u003ci\u003eCyber Smart\u003c\/i\u003e provides a user-friendly guide to navigating the intricate landscape of cybersecurity for professionals and families alike. In addition to his role as a strategic cybersecurity advisor to boards, McDonough has also contributed valuable insights and perspectives as a member of several boards. Throughout his notable career, he has offered expert cybersecurity counsel to some of the world’s premier money managers. Bart received his undergraduate degree from the University of Connecticut and his Master’s degree from Yale University.   \u003c\/p\u003e\u003cp\u003eCybersecurity remains an urgent concern for businesses of all sizes as the risks posed by a potential attack continue to rise. The consequences of an industrialized ransomware attack—as well as other types of cybersecurity breaches—can be profound, leading to financial loss, reputational damage, and legal consequences and costs for companies, directors, and officers alike. \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eCyber Guardians: Empowering Board Members for Effective Cybersecurity\u003c\/i\u003e, veteran cloud and on-premises IT security advisor Bart McDonough delivers a comprehensive guide for board members seeking to fulfil their duties in cybersecurity oversight. Written for those without a technical background, this book outlines the contemporary cybersecurity landscape, legal and regulatory requirements, the importance of risk management and assessment, and the particular role played by board members in developing and promoting a culture of cybersecurity. \u003c\/p\u003e\u003cp\u003eThe author includes real-world case studies and examples of cybersecurity incidents, including those in which data breach notification laws were violated and the involvement of boards of directors in those cases. You’ll learn what to do—and what not to do—both to prevent a data or cybersecurity incident and how to respond should one occur. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eCyber Guardians\u003c\/i\u003e guides you on how to formulate a proactive, robust approach to cybersecurity, helping you design a program uniquely suited to your firm’s needs. You’ll gain insights on adhering to specific regulatory mandates—including the FTC Act, CCPA, GDPR, and SEC regulations—while evaluating the potency of your current cybersecurity infrastructure. \u003c\/p\u003e\u003cp\u003eA must-read resource for board members at companies of all sizes and in any industry, \u003ci\u003eCyber Guardians\u003c\/i\u003e will also prove invaluable to technical professionals seeking to understand the directorial perspective on cybersecurity.   \u003c\/p\u003e\u003cp\u003e\u003cb\u003eAN EASY-TO-READ BLUEPRINT FOR CONTEMPORARY CYBERSECURITY THAT RESPONDS TO TODAY’S MOST URGENT RISKS\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\u003ci\u003eCyber Guardians: Empowering Board Members for Effective Cybersecurity\u003c\/i\u003e is an insightful and comprehensive discussion of how to apply contemporary cybersecurity best practices to companies of all shapes and sizes. In the book, veteran cybersecurity advisor Bart McDonough walks you through how to fulfil your directorial responsibilities as a board member at an organization with respect to IT and data security. \u003c\/p\u003e\u003cp\u003eWritten specifically for those without an extensive technical background, the book teaches you the current cybersecurity landscape, the legal and regulatory requirements you’re bound by, and the importance of risk management and assessments in the maintenance of responsible cybersecurity policies and frameworks. It also includes real-world case studies and examples of cybersecurity done right and wrong, demonstrating the consequences to organizations and board members of failing to comply with relevant legislation and regulations. \u003c\/p\u003e\u003cp\u003e\u003ci\u003eCyber Guardians\u003c\/i\u003e is the intuitive and practical guide that officers, directors, and managers across organizations of any size have been seeking, paving the way towards responsible cybersecurity, without compromising accessibility.\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47989017837797,"sku":"NP9781394226221","price":40.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781394226221.jpg?v=1761782453","url":"https:\/\/k12savings.com\/es\/products\/cyber-guardians-isbn-9781394226221","provider":"K12savings","version":"1.0","type":"link"}