{"product_id":"the-cyber-risk-handbook-isbn-9781119308805","title":"The Cyber Risk Handbook","description":"\u003cb\u003eActionable guidance and expert perspective for real-world cybersecurity\u003c\/b\u003e \u003cp\u003e\u003ci\u003eThe Cyber Risk Handbook\u003c\/i\u003e is the practitioner's guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabilities and to road-map gap-improvement. \u003c\/p\u003e\u003cp\u003eCyber risk is a fast-growing enterprise risk, not just an IT risk. Yet seldom is guidance provided as to what this means. This book is the first to tackle in detail those enterprise-wide capabilities expected by Board, CEO and Internal Audit, of the diverse executive management functions that need to team up with the Information Security function in order to provide integrated solutions. \u003c\/p\u003e\u003cul\u003e \u003cli\u003eLearn how cyber risk management can be integrated to better protect your enterprise\u003c\/li\u003e \u003cli\u003eDesign and benchmark new and improved practical counter-cyber capabilities\u003c\/li\u003e \u003cli\u003eExamine planning and implementation approaches, models, methods, and more\u003c\/li\u003e \u003cli\u003eAdopt a new cyber risk maturity model tailored to your enterprise needs\u003c\/li\u003e \u003c\/ul\u003e \u003cp\u003eThe need to manage cyber risk across the enterprise—inclusive of the IT operations—is a growing concern as massive data breaches make the news on an alarmingly frequent basis. With a cyber risk management system now a business-necessary requirement, practitioners need to assess the effectiveness of their current system, and measure its gap-improvement over time in response to a dynamic and fast-moving threat landscape. \u003ci\u003eThe Cyber Risk Handbook\u003c\/i\u003e brings the world's best thinking to bear on aligning that system to the enterprise and vice-a-versa. Every functional head of any organization must have a copy at-hand to understand their role in achieving that alignment. \u003c\/p\u003e\u003cp\u003eForeword by Ron Hale xxiii\u003c\/p\u003e \u003cp\u003eAbout the Editor xxxi\u003c\/p\u003e \u003cp\u003eList of Contributors xxxiii\u003c\/p\u003e \u003cp\u003eAcknowledgments xxxv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 1 Introduction 1\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Officer, Australia\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe CEO under Pressure 1\u003c\/p\u003e \u003cp\u003eToward an Effectively Cyber Risk–Managed Organization 3\u003c\/p\u003e \u003cp\u003eHandbook Structured for the Enterprise 4\u003c\/p\u003e \u003cp\u003eHandbook Structure, Rationale, and Benefits 7\u003c\/p\u003e \u003cp\u003eWhich Chapters Are Written for Me? 8\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 2 Board Cyber Risk Oversight 11\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eTim J. Leech, Risk Oversight Solutions Inc., Canada Lauren C. Hanlon, Risk Oversight Solutions Inc., Canada\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eWhat Are Boards Expected to Do Now? 11\u003c\/p\u003e \u003cp\u003eWhat Barriers to Action Will Well-Intending Boards Face? 13\u003c\/p\u003e \u003cp\u003eWhat Practical Steps Should Boards Take Now to Respond? 16\u003c\/p\u003e \u003cp\u003eCybersecurity—The Way Forward 20\u003c\/p\u003e \u003cp\u003eAbout Risk Oversight Solutions Inc. 21\u003c\/p\u003e \u003cp\u003eAbout Tim J. Leech, FCPA, CIA, CRMA, CFE 21\u003c\/p\u003e \u003cp\u003eAbout Lauren C. Hanlon, CPA, CIA, CRMA, CFE 21\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 3 \u003c\/b\u003e\u003cb\u003ePrinciples Behind Cyber Risk Management 23\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eRIMS,\u003c\/i\u003e \u003ci\u003ethe \u003c\/i\u003erisk management society™ \u003ci\u003eCarol Fox, Vice President, Strategic Initiatives at RIMS, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCyber Risk Management Principles Guide Actions 23\u003c\/p\u003e \u003cp\u003eMeeting Stakeholder Needs 25\u003c\/p\u003e \u003cp\u003eCovering the Enterprise End to End 26\u003c\/p\u003e \u003cp\u003eApplying a Single, Integrated Framework 27\u003c\/p\u003e \u003cp\u003eEnabling a Holistic Approach 28\u003c\/p\u003e \u003cp\u003eSeparating Governance from Management 31\u003c\/p\u003e \u003cp\u003eConclusion 31\u003c\/p\u003e \u003cp\u003eAbout RIMS 32\u003c\/p\u003e \u003cp\u003eAbout Carol Fox 32\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 4 Cybersecurity Policies and Procedures 35\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eThe Institute for Risk Management (IRM) Elliot Bryan, IRM and Willis Towers Watson, UK \u003cbr\u003e\u003c\/i\u003e\u003ci\u003eAlexander Larsen, IRM, and President of Baldwin Global Risk Services Ltd., UK\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eSocial Media Risk Policy 35\u003c\/p\u003e \u003cp\u003eRansomware Risk Policies and Procedures 41\u003c\/p\u003e \u003cp\u003eCloud Computing and Third-Party Vendors 45\u003c\/p\u003e \u003cp\u003eBig Data Analytics 50\u003c\/p\u003e \u003cp\u003eThe Internet of Things 53\u003c\/p\u003e \u003cp\u003eMobile or Bring Your Own Devices (BYOD) 55\u003c\/p\u003e \u003cp\u003eConclusion 60\u003c\/p\u003e \u003cp\u003eAbout IRM 64\u003c\/p\u003e \u003cp\u003eAbout Elliot Bryan, BA (Hons), ACII 65\u003c\/p\u003e \u003cp\u003eAbout Alexander Larsen, FIRM, President of Baldwin Global Risk Services 65\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 5 Cyber Strategic Performance Management 67\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eMcKinsey \u0026amp; Company\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eJames M. Kaplan, Partner, McKinsey \u0026amp; Company, New York, USA Jim Boehm, Consultant, McKinsey \u0026amp; Company, Washington, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003ePitfalls in Measuring Cybersecurity Performance 68\u003c\/p\u003e \u003cp\u003eCybersecurity Strategy Required to Measure Cybersecurity Performance 69\u003c\/p\u003e \u003cp\u003eCreating an Effective Cybersecurity Performance Management System 72\u003c\/p\u003e \u003cp\u003eConclusion 77\u003c\/p\u003e \u003cp\u003eAbout McKinsey Company 78\u003c\/p\u003e \u003cp\u003eAbout James Kaplan 78\u003c\/p\u003e \u003cp\u003eAbout Jim Boehm 79\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 6 Standards and Frameworks for Cybersecurity 81\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eStefan A. Deutscher, Principal, Boston Consulting Group (BCG), Berlin Germany\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eWilliam Yin, Senior Partner and Managing Director, Boston Consulting Group (BCG), Hong Kong\u003cbr\u003e\u003c\/i\u003e\u003cbr\u003ePutting Cybersecurity Standards and Frameworks in Context 81\u003cbr\u003e\u003cbr\u003eCommonly Used Frameworks and Standards (a Selection) 84\u003c\/p\u003e \u003cp\u003eConstraints on Standards and Frameworks 93\u003c\/p\u003e \u003cp\u003eGood Practice Consistently Applied 93\u003c\/p\u003e \u003cp\u003eConclusion 94\u003c\/p\u003e \u003cp\u003eAbout Boston Consulting Group (BCG) 95\u003c\/p\u003e \u003cp\u003eAbout William Yin 96\u003c\/p\u003e \u003cp\u003eAbout Dr. Stefan A. Deutscher 96\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 7 Identifying, Analyzing, and Evaluating Cyber Risks 97\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eInformation Security Forum (ISF)\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eSteve Durbin, Managing Director, Information Security Forum Ltd.\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Landscape of Risk 97\u003c\/p\u003e \u003cp\u003eThe People Factor 98\u003c\/p\u003e \u003cp\u003eA Structured Approach to Assessing and Managing Risk 100\u003c\/p\u003e \u003cp\u003eSecurity Culture 101\u003c\/p\u003e \u003cp\u003eRegulatory Compliance 102\u003c\/p\u003e \u003cp\u003eMaturing Security 103\u003c\/p\u003e \u003cp\u003ePrioritizing Protection 104\u003c\/p\u003e \u003cp\u003eConclusion 104\u003c\/p\u003e \u003cp\u003eAbout the Information Security Forum (ISF) 106\u003c\/p\u003e \u003cp\u003eAbout Steve Durbin 106\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 8 Treating Cyber Risks 109\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eJohn Hermans, Cyber Lead Partner Europe, Middle East, and Africa at KPMG, The Netherlands\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eTon Diemont, Senior Manager at KPMG, The Netherlands\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 109\u003c\/p\u003e \u003cp\u003eTreating Cybersecurity Risk with the Proper Nuance in Line with an Organization’s Risk Profile 110\u003c\/p\u003e \u003cp\u003eDetermining the Cyber Risk Profile 111\u003c\/p\u003e \u003cp\u003eTreating Cyber Risk 112\u003c\/p\u003e \u003cp\u003eAlignment of Cyber Risk Treatment 114\u003c\/p\u003e \u003cp\u003ePracticing Cyber Risk Treatment 115\u003c\/p\u003e \u003cp\u003eConclusion 119\u003c\/p\u003e \u003cp\u003eAbout KPMG 120\u003c\/p\u003e \u003cp\u003eAbout John Hermans 121\u003c\/p\u003e \u003cp\u003eAbout Ton Diemont 121\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 9 Treating Cyber Risks Using Process Capabilities 123\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eISACA\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eTodd Fitzgerald, CISO and ISACA, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCybersecurity Processes Are the Glue That Binds 123\u003c\/p\u003e \u003cp\u003eNo Intrinsic Motivation to Document 124\u003c\/p\u003e \u003cp\u003eLeveraging ISACA COBIT 5 Processes 125\u003c\/p\u003e \u003cp\u003eCOBIT 5 Domains Support Complete Cybersecurity Life Cycle 137\u003c\/p\u003e \u003cp\u003eConclusion 139\u003c\/p\u003e \u003cp\u003eAbout ISACA 140\u003c\/p\u003e \u003cp\u003eAbout Todd Fitzgerald 141\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 10 Treating Cyber Risks—Using Insurance and Finance 143\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAon Global Cyber Solutions\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eKevin Kalinich, Esq., Aon Risk Solutions Global Cyber Insurance \u003c\/i\u003e\u003ci\u003ePractice Leader, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eTailoring a Quantifi ed Cost-Benefi t Model 143\u003c\/p\u003e \u003cp\u003ePlanning for Cyber Risk Insurance 149\u003c\/p\u003e \u003cp\u003eThe Risk Manager’s Perspective on Planning for Cyber Insurance 150\u003c\/p\u003e \u003cp\u003eCyber Insurance Market Constraints 152\u003c\/p\u003e \u003cp\u003eConclusion 154\u003c\/p\u003e \u003cp\u003eAbout Aon 157\u003c\/p\u003e \u003cp\u003eAbout Kevin Kalinich, Esq. 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 11 Monitoring and Review Using Key Risk Indicators (KRIs) 159\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAnn Rodriguez, Managing Partner, Wability, Inc., USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eDefinitions 160\u003c\/p\u003e \u003cp\u003eKRI Design for Cyber Risk Management 160\u003c\/p\u003e \u003cp\u003eConclusion 169\u003c\/p\u003e \u003cp\u003eAbout Wability 169\u003c\/p\u003e \u003cp\u003eAbout Ann Rodriguez 170\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 12 Cybersecurity Incident and Crisis Management 171\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eCLUSIF Club de la Sécurité de l’Information Français Gérôme Billois, CLUSIF Administrator and Board Member Cybersecurity at Wavestone Consultancy, France\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCybersecurity Incident Management 171\u003c\/p\u003e \u003cp\u003eCybersecurity Crisis Management 174\u003c\/p\u003e \u003cp\u003eConclusion 182\u003c\/p\u003e \u003cp\u003eAbout CLUSIF 183\u003c\/p\u003e \u003cp\u003eAbout Gérôme Billois, CISA, CISSP and ISO27001 Certifi ed 183\u003c\/p\u003e \u003cp\u003eAbout Wavestone 183\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 13 Business Continuity Management and Cybersecurity 185\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eMarsh\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eSek Seong Lim, Marsh Risk Consulting Business Continuity Leader \u003c\/i\u003e\u003ci\u003efor Asia, Singapore\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eGood International Practices for Cyber Risk Management and Business Continuity 186\u003c\/p\u003e \u003cp\u003eEmbedding Cybersecurity Requirements in BCMS 188\u003c\/p\u003e \u003cp\u003eDeveloping and Implementing BCM Responses for Cyber Incidents 189\u003c\/p\u003e \u003cp\u003eConclusion 190\u003c\/p\u003e \u003cp\u003eAppendix: Glossary of Key Terms 191\u003c\/p\u003e \u003cp\u003eAbout Marsh 191\u003c\/p\u003e \u003cp\u003eAbout Marsh Risk Consulting 192\u003c\/p\u003e \u003cp\u003eAbout Sek Seong Lim, CBCP, PMC 192\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 14 External Context and Supply Chain 193\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eSupply Chain Risk Leadership Council (SCRLC) \u003cbr\u003e\u003c\/i\u003e\u003ci\u003eNick Wildgoose, Board Member and ex-Chairperson of SCRLC, and Zurich Insurance Group, UK \u003cbr\u003e\u003cbr\u003e\u003c\/i\u003eExternal Context 194\u003c\/p\u003e \u003cp\u003eBuilding Cybersecurity Management Capabilities from an External Perspective 200\u003c\/p\u003e \u003cp\u003eMeasuring Cybersecurity Management Capabilities from an External Perspective 204\u003c\/p\u003e \u003cp\u003eConclusion 204\u003c\/p\u003e \u003cp\u003eAbout the SCRLC 205\u003c\/p\u003e \u003cp\u003eAbout Nick Wildgoose, BA (Hons), FCA, FCIPS 205\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 15 Internal Organization Context 207\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Offi cer, Australia\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eBassam Alwarith, Head of the National Digitization Program, Ministry of Economy and Planning, Saudi Arabia\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Internal Organization Context for Cybersecurity 207\u003c\/p\u003e \u003cp\u003eTailoring Cybersecurity to Enterprise Exposures 209\u003c\/p\u003e \u003cp\u003eConclusion 240\u003c\/p\u003e \u003cp\u003eAbout Domenic Antonucci 241\u003c\/p\u003e \u003cp\u003eAbout Bassam Alwarith 241\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 16 Culture and Human Factors 243\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAvinash Totade, ISACA Past President UAE Chapter and Management Consultant, UAE\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eSandeep Godbole, ISACA Past President Pune Chapter, India\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eOrganizations as Social Systems 243\u003c\/p\u003e \u003cp\u003eHuman Factors and Cybersecurity 246\u003c\/p\u003e \u003cp\u003eTraining 248\u003c\/p\u003e \u003cp\u003eFrameworks and Standards 249\u003c\/p\u003e \u003cp\u003eTechnology Trends and Human Factors 250\u003c\/p\u003e \u003cp\u003eConclusion 252\u003c\/p\u003e \u003cp\u003eAbout ISACA 253\u003c\/p\u003e \u003cp\u003eAbout Avinash Totade 253\u003c\/p\u003e \u003cp\u003eAbout Sandeep Godbole 254\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 17 Legal and Compliance 255\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAmerican Bar Association Cybersecurity Legal Task Force\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eHarvey Rishikof, Chair, Advisory Committee to the Standing Committee on Law and National Security, USA\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eConor Sullivan, Law Clerk for the Standing Committee on National \u003c\/i\u003e\u003ci\u003eSecurity, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eEuropean Union and International Regulatory Schemes 255\u003c\/p\u003e \u003cp\u003eU.S. Regulations 258\u003c\/p\u003e \u003cp\u003eCounsel’s Advice and “Boom” Planning 261\u003c\/p\u003e \u003cp\u003eConclusion 266\u003c\/p\u003e \u003cp\u003eAbout the Cybersecurity Legal Task Force 269\u003c\/p\u003e \u003cp\u003eAbout Harvey Rishikof 269\u003c\/p\u003e \u003cp\u003eAbout Conor Sullivan 270\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 18 Assurance and Cyber Risk Management 271\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eStig J. Sunde, Senior Internal Auditor (ICT), Emirates Nuclear Energy Corporation (ENEC), UAE\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCyber Risk Is Ever Present 271\u003c\/p\u003e \u003cp\u003eWhat the Internal Auditor Expects from an Organization Managing Its Cyber Risks Effectively 272\u003c\/p\u003e \u003cp\u003eHow to Deal with Two Differing Assurance Maturity Scenarios 277\u003c\/p\u003e \u003cp\u003eCombined Assurance Reporting by ERM Head 278\u003c\/p\u003e \u003cp\u003eConclusion 278\u003c\/p\u003e \u003cp\u003eAbout Stig Sunde, CISA, CIA, CGAP, CRISC, IRM Cert. 280\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 19 Information Asset Management for Cyber 281\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eBooz Allen Hamilton\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eChristopher Ling, Executive Vice President, Booz Allen Hamilton, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Invisible Attacker 281\u003c\/p\u003e \u003cp\u003eA Troubling Trend 282\u003c\/p\u003e \u003cp\u003eThinking Like a General 283\u003c\/p\u003e \u003cp\u003eThe Immediate Need—Best Practices 283\u003c\/p\u003e \u003cp\u003eCybersecurity for the Future 284\u003c\/p\u003e \u003cp\u003eTime to Act 286\u003c\/p\u003e \u003cp\u003eConclusion 286\u003c\/p\u003e \u003cp\u003eAbout Booz Allen Hamilton 287\u003c\/p\u003e \u003cp\u003eAbout Christopher Ling 287\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 20 Physical Security 289\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eRadar Risk Group\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eInge Vandijck, CEO, Radar Risk Group, Belgium\u003cbr\u003e\u003c\/i\u003e\u003ci\u003ePaul Van Lerberghe, CTO, Radar Risk Group, Belgium\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eTom Commits to a Plan 290\u003c\/p\u003e \u003cp\u003eGet a Clear View on the Physical Security Risk Landscape and the Impact on Cybersecurity 291\u003c\/p\u003e \u003cp\u003eManage or Review the Cybersecurity Organization 294\u003c\/p\u003e \u003cp\u003eDesign or Review Integrated Security Measures 295\u003c\/p\u003e \u003cp\u003eReworking the Data Center Scenario 299\u003c\/p\u003e \u003cp\u003eCalculate or Review Exposure to Adversary Attacks 302\u003c\/p\u003e \u003cp\u003eOptimize Return on Security Investment 305\u003c\/p\u003e \u003cp\u003eConclusion 306\u003c\/p\u003e \u003cp\u003eAbout Radar Risk Group 307\u003c\/p\u003e \u003cp\u003eAbout Inge Vandijck 307\u003c\/p\u003e \u003cp\u003eAbout Paul Van Lerberghe 307\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 21 Cybersecurity for Operations and Communications 309\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eEY\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eChad Holmes, Principal, Cybersecurity, Ernst \u0026amp; Young LLP (EY US)\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eJames Phillippe, Principal, Cybersecurity, Ernst \u0026amp; Young LLP (EY US)\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eDo You Know What You Do Not Know? 309\u003c\/p\u003e \u003cp\u003eThreat Landscape—What Do You Know About Your Organization Risk and Who Is Targeting You? 310\u003c\/p\u003e \u003cp\u003eData and Its Integrity—Does Your Risk Analysis Produce Insight? 310\u003c\/p\u003e \u003cp\u003eDigital Revolution—What Threats Will Emerge as Organizations Continue to Digitize? 311\u003c\/p\u003e \u003cp\u003eChanges—How Will Your Organization or Operational Changes Affect Risk? 312\u003c\/p\u003e \u003cp\u003ePeople—How Do You Know Whether an Insider or Outsider Presents a Risk? 312\u003c\/p\u003e \u003cp\u003eWhat’s Hindering Your Cybersecurity Operations? 312\u003c\/p\u003e \u003cp\u003eChallenges from Within 313\u003c\/p\u003e \u003cp\u003eWhat to Do Now 313\u003c\/p\u003e \u003cp\u003eConclusion 318\u003c\/p\u003e \u003cp\u003eAbout EY 319\u003c\/p\u003e \u003cp\u003eAbout Chad Holmes 319\u003c\/p\u003e \u003cp\u003eAbout James Phillippe 319\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 22 Access Control 321\u003cbr\u003e\u003c\/b\u003e\u003ci\u003ePwC Sidriaan de Villiers, Partner—Africa Cybersecurity Practice, PwC South Africa\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eTaking a Fresh Look at Access Control 321\u003c\/p\u003e \u003cp\u003eOrganization Requirements for Access Control 322\u003c\/p\u003e \u003cp\u003eUser Access Management 323\u003c\/p\u003e \u003cp\u003eUser Responsibility 327\u003c\/p\u003e \u003cp\u003eSystem and Application Access Control 327\u003c\/p\u003e \u003cp\u003eMobile Devices 329\u003c\/p\u003e \u003cp\u003eTeleworking 331\u003c\/p\u003e \u003cp\u003eOther Considerations 332\u003c\/p\u003e \u003cp\u003eConclusion 333\u003c\/p\u003e \u003cp\u003eAbout PwC 334\u003c\/p\u003e \u003cp\u003eAbout Sidriaan de Villiers, PwC Partner South Africa 334\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 23 Cybersecurity Systems: Acquisition, Development, and Maintenance 335\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDeloitte\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eMichael Wyatt, Managing Director, Cyber Risk Services, Deloitte Advisory, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eBuild, Buy, or Update: Incorporating Cybersecurity Requirements and Establishing Sound Practices 336\u003c\/p\u003e \u003cp\u003eSpecific Considerations 342\u003c\/p\u003e \u003cp\u003eConclusion 344\u003c\/p\u003e \u003cp\u003eAbout Deloitte Advisory Cyber Risk Services 346\u003c\/p\u003e \u003cp\u003eAbout Michael Wyatt 346\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 24 People Risk Management in the Digital Age 347\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAirmic\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eJulia Graham, Deputy CEO and Technical Director at Airmic, UK\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eRise of the Machines 347\u003c\/p\u003e \u003cp\u003eEnterprise-Wide Risk Management 348\u003c\/p\u003e \u003cp\u003eTomorrow’s Talent 350\u003c\/p\u003e \u003cp\u003eCrisis Management 354\u003c\/p\u003e \u003cp\u003eRisk Culture 355\u003c\/p\u003e \u003cp\u003eConclusion 356\u003c\/p\u003e \u003cp\u003eAbout Airmic 358\u003c\/p\u003e \u003cp\u003eAbout Julia Graham 358\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 25 Cyber Competencies and the Cybersecurity Offi cer 359\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eRon Hale, PhD, CISM, ISACA, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Evolving Information Security Professional 359\u003c\/p\u003e \u003cp\u003eThe Duality of the CISO 360\u003c\/p\u003e \u003cp\u003eJob Responsibilities and Tasks 363\u003c\/p\u003e \u003cp\u003eConclusion 366\u003c\/p\u003e \u003cp\u003eAbout ISACA 368\u003c\/p\u003e \u003cp\u003eAbout Ron Hale 368\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 26 Human Resources Security 369\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Offi cer, Australia\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eNeeds of Lower-Maturity HR Functions 369\u003c\/p\u003e \u003cp\u003eNeeds of Mid-Maturity HR Functions 370\u003c\/p\u003e \u003cp\u003eNeeds of Higher-Maturity HR Functions 372\u003c\/p\u003e \u003cp\u003eConclusion 373\u003c\/p\u003e \u003cp\u003eAbout Domenic Antonucci 374\u003c\/p\u003e \u003cp\u003e\u003cb\u003eEpilogue 375\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eBecoming CyberSmart \u003c\/i\u003e\u003csup\u003eTM\u003c\/sup\u003e\u003ci\u003e: a Risk Maturity Road Map for Measuring \u003c\/i\u003e\u003ci\u003eCapability Gap-Improvement\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Offi cer (CRO), Australia\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eDidier Verstichel, Chief Information Security Offi cer (CISO) and Chief Risk Offi cer (CRO), Belgium\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eBackground 375\u003c\/p\u003e \u003cp\u003eBecoming CyberSmart\u003csup\u003eTM\u003c\/sup\u003e 376\u003c\/p\u003e \u003cp\u003eAbout Domenic Antonucci 392\u003c\/p\u003e \u003cp\u003eAbout Didier Verstichel 392\u003c\/p\u003e \u003cp\u003eGlossary 393\u003c\/p\u003e \u003cp\u003eIndex 399\u003c\/p\u003e   \u003cp\u003e\u003cb\u003eDOMENIC ANTONUCCI\u003c\/b\u003e is a practicing international chief risk officer overseeing cybersecurity and a former counter-terrorist officer. Based in Dubai, UAE, he specializes in bringing organizations \"up the risk maturity curve.\" He is the content author for the Benchmarker™ Risk Maturity Model software and author of \u003ci\u003eRisk Maturity Models\u003c\/i\u003e.     \u003c\/p\u003e\u003cp\u003eThere isn't an organization of any size in any sector immune from finding itself in the news headlines due to a cyber-attack. From government agencies to bedrock financial institutions, managing cyber risk across an enterprise is now a primary business concern. \u003ci\u003eThe Cyber Risk Handbook\u003c\/i\u003e brings together the top thought leaders from all over the globe to share their talent for customizing cyber risk management systems for every type of organization.  \u003c\/p\u003e\u003cp\u003eThis is the authoritative, go-to resource every leader must have on hand to fully understand and effectively contribute to taking their organization up the risk maturity curve. Cyber risk is much more than an IT issue—shareholders want full accountability at the top for dynamic environments impacting value, including social media, mobile devices, massive data storage, artificially intelligent products, the Internet of Things (IoT), privacy requirements, and the ability to carry out business as usual. In this first-of-its-kind guidebook for the busy practitioner, the ins and outs of developing state-of-the-art cyber defense integrated with the modern enterprise risk management (ERM) system, is explained in non-technical language more familiar to non-IT managers. It starts by quickly bringing you up to speed on risk maturity and its benefits so you can seamlessly grasp the seven sets of capabilities present in rock-solid cyber risk management systems, explain them to your leadership team, and execute them to your organization's objectives. Everything you need to streamline the process and sleep at night is inside, including:  \u003c\/p\u003e\u003cul\u003e \u003cli\u003eStep-by-step guidance for building, measuring, and optimizing cybersecurity capabilities\u003c\/li\u003e \u003cli\u003eExpert guidance from contributors with backgrounds in IT, cybersecurity, risk management, insurance, finance, accounting, supply chain, and internal auditing\u003c\/li\u003e \u003cli\u003eA diverse collection of planning and implementation approaches, models, and methods so you can custom fit without reinventing the wheel\u003c\/li\u003e \u003c\/ul\u003e  \u003cp\u003eClose the gaps in your cyber capabilities today with \u003ci\u003eThe Cyber Risk Handbook\u003c\/i\u003e.     \u003c\/p\u003e\u003cp\u003e\u003cb\u003ePraise for\u003c\/b\u003e\u003cb\u003e The Cyber Risk Handbook\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003e\"Domenic Antonucci and his outstanding collection of contributors have produced a most timely and comprehensive reference and teaching guide on one of the most potentially impactful and evolving risks facing organizations (and governments) today. This book should be an extremely valuable resource for directors, executives, chief information officers, risk managers, auditors, and all concerned with this critical topic. I particularly like how the risks and controls are presented in the context of overall governance and enterprise risk management.\"\u003cbr\u003e \u003cb\u003e—John R. S. Fraser, FCPA, FCA,\u003c\/b\u003e Retired Chief Risk Officer and Adjunct Professor, York University  \u003c\/p\u003e\u003cp\u003e\"Domenic makes a most practical and valuable contribution…he curates a wide-ranging body of knowledge on this most vexing topic from a globally diverse group of subject matter experts. Unlike books written by IT experts for IT practitioners, Mr. Antonucci provides an invaluable resource for management to enable them to ask the right questions of their IT experts … so as to assure themselves that the matters that should be keeping them awake at night are being addressed and that reporting systems are providing them with the management information they need to know rather than what they want to hear. Mr. Antonucci and his contributors are to be commended for their work.\"\u003cbr\u003e \u003cb\u003e—Kevin W. Knight, AM,\u003c\/b\u003e Immediate Past Chairman, ISO\/TC 262 – Risk Management and Adjunct Professor, University of Queensland Business School  \u003c\/p\u003e\u003cp\u003e\"This timely cyber security reference guide, structured on a maturity model to aid comprehension of current capabilities, addresses what has become, for many organizations, their priority risk management activity. Cyber security is evolving in nature and becoming more prevalent, sophisticated, and invasive. The book rightly identifies cyber security as a C-Suite responsibility with enterprise-wide implications – not for delegation to the IT department. The way an organization addresses cyber-crime (as seen in the financial sector) has a direct bearing on its reputation, customer base, profitability, and indeed its very longevity.\"\u003cbr\u003e \u003cb\u003e—Dr. Robert Chapman,\u003c\/b\u003e Managing Director, Dr. Chapman \u0026amp; Associates  \u003c\/p\u003e\u003cp\u003e\"\u003ci\u003eThe Cyber Risk Handbook\u003c\/i\u003e provides comprehensive and practical guidance. One of the key pluses of this book is its holistic focus on the importance of people, behavior, and processes, rather than just technological solutions. Domenic Antonucci has assembled a team of experts, all of whom are uniquely qualified to contribute to the ongoing discussion regarding this capricious and exponentially significant risk. I found \u003ci\u003eThe\u003c\/i\u003e \u003ci\u003eCyber Risk Handbook\u003c\/i\u003e an easy read, and I particularly liked the comprehensive overview of the key developments in cyber risk management. This book will appeal to a wide audience enabling them to learn solutions to critical issues and formulate a good practice methodology that ensures they stay ahead of the latest threats.\"\u003cbr\u003e \u003cb\u003e—Nicola Crawford,\u003c\/b\u003e Chair, The Institute of Risk Management (IRM) and Managing Director, i-Risk Europe Ltd  \u003c\/p\u003e\u003cp\u003e\"Very thorough and comprehensive. A wide variety of experts describing all facets of cyber risks … a necessary focus on top management involvement. Information and systems as the new risk frontier.\"\u003cbr\u003e \u003cb\u003e—Franck Baron,\u003c\/b\u003e Chairman and VP, Pan Asia Risk \u0026amp; Insurance Management Association (PARIMA)\u003c\/p\u003e","brand":"Wiley","offers":[{"title":"Default Title","offer_id":47990202892517,"sku":"NP9781119308805","price":85.0,"currency_code":"USD","in_stock":false}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/1842\/7735\/files\/9781119308805.jpg?v=1761786890","url":"https:\/\/k12savings.com\/es\/products\/the-cyber-risk-handbook-isbn-9781119308805","provider":"K12savings","version":"1.0","type":"link"}