This practical guide will help directors and officers of all organizations establish a cyber governance framework that enables them to meet their fiduciary duties, protect digital assets, ensure the organization meets its privacy and cybersecurity compliance requirements, and avoid litigation. Valuable checklists, charts, and a cyber lingo cheat sheet are included for quick reference.
Cybersecurity threats are on the rise. As a leader, you need to be prepared to keep your organization safe. Companies are investing an unprecedented amount of money to keep their data and assets safe, yet cyberattacks are on the rise--and the problem is worsening. No amount of technology, resources, or policies will reverse this trend. Only sound governance, originating with the board, can turn the tide. Protection against cyberattacks can't be treated as a problem solely belonging to an IT or cybersecurity department. It needs to cast a wide and impenetrable net that covers everything an organization does--from its business operations, models, and strategies to its products and intellectual property. And boards are in the best position to oversee the needed changes to strategy and hold their companies accountable. Not surprisingly, many boards aren't prepared to assume this responsibility. In A Leader's Guide to Cybersecurity, Thomas Parenty and Jack Domet, who have spent over three decades in the field, present a timely, clear-eyed, and actionable framework that will empower senior executives and board members to become stewards of their companies' cybersecurity activities. This includes: Understanding cyber risks and how best to control them Planning and preparing for a crisis--and leading in its aftermath Making cybersecurity a companywide initiative and responsibility Drawing attention to the nontechnical dynamics that influence the effectiveness of cybersecurity measures Aligning the board, executive leadership, and cybersecurity teams on priorities Filled with tools, best practices, and strategies, A Leader's Guide to Cybersecurity will help boards navigate this seemingly daunting but extremely necessary transition.
Examines the governance challenges of cybersecurity through twelve, real-world case studies Through twelve detailed case studies, this superb collection provides an overview of the ways in which government officials and corporate leaders across the globe are responding to the challenges of cybersecurity. Drawing perspectives from industry, government, and academia, the book incisively analyzes the actual issues, and provides a guide to the continually evolving cybersecurity ecosystem. It charts the role that corporations, policymakers, and technologists are playing in defining the contours of our digital world. Rewired: Cybersecurity Governance places great emphasis on the interconnection of law, policy, and technology in cyberspace. It examines some of the competing organizational efforts and institutions that are attempting to secure cyberspace and considers the broader implications of the in-place and unfolding efforts—tracing how different notions of cybersecurity are deployed and built into stable routines and practices. Ultimately, the book explores the core tensions that sit at the center of cybersecurity efforts, highlighting the ways in which debates about cybersecurity are often inevitably about much more. Introduces the legal and policy dimensions of cybersecurity Collects contributions from an international collection of scholars and practitioners Provides a detailed "map" of the emerging cybersecurity ecosystem, covering the role that corporations, policymakers, and technologists play Uses accessible case studies to provide a non-technical description of key terms and technologies Rewired: Cybersecurity Governance is an excellent guide for all policymakers, corporate leaders, academics, students, and IT professionals responding to and engaging with ongoing cybersecurity challenges.
The Complete Guide to Cybersecurity Risks and Controls presents the fundamental concepts of information and communication technology (ICT) governance and control. In this book, you will learn how to create a working, practical control structure that will ensure the ongoing, day-to-day trustworthiness of ICT systems and data. The book explains how to establish systematic control functions and timely reporting procedures within a standard organizational framework and how to build auditable trust into the routine assurance of ICT operations. The book is based on the belief that ICT operation is a strategic governance issue rather than a technical concern. With the exponential growth of security breaches and the increasing dependency on external business partners to achieve organizational success, the effective use of ICT governance and enterprise-wide frameworks to guide the implementation of integrated security controls are critical in order to mitigate data theft. Surprisingly, many organizations do not have formal processes or policies to protect their assets from internal or external threats. The ICT governance and control process establishes a complete and correct set of managerial and technical control behaviors that ensures reliable monitoring and control of ICT operations. The body of knowledge for doing that is explained in this text. This body of knowledge process applies to all operational aspects of ICT responsibilities ranging from upper management policy making and planning, all the way down to basic technology operation.
An accessible, comic book-like, illustrated introduction to how the internet works under the hood, designed to give people a basic understanding of the technical aspects of the Internet that they need in order to advocate for digital rights. The internet has profoundly changed interpersonal communication, but most of us don't really understand how it works. What enables information to travel across the internet? Can we really be anonymous and private online? Who controls the internet, and why is that important? And... what's with all the cats? How the Internet Really Works answers these questions and more. Using clear language and whimsical illustrations, the authors translate highly technical topics into accessible, engaging prose that demystifies the world's most intricately linked computer network. Alongside a feline guide named Catnip, you'll learn about: • The "How-What-Why" of nodes, packets, and internet protocols • Cryptographic techniques to ensure the secrecy and integrity of your data • Censorship, ways to monitor it, and means for circumventing it • Cybernetics, algorithms, and how computers make decisions • Centralization of internet power, its impact on democracy, and how it hurts human rights • Internet governance, and ways to get involved This book is also a call to action, laying out a roadmap for using your newfound knowledge to influence the evolution of digitally inclusive, rights-respecting internet laws and policies. Whether you're a citizen concerned about staying safe online, a civil servant seeking to address censorship, an advocate addressing worldwide freedom of expression issues, or simply someone with a cat-like curiosity about network infrastructure, you will be delighted -- and enlightened -- by Catnip's felicitously fun guide to understanding how the internet really works!
For many companies, their intellectual property can often be more valuable than their physical assets. Having an effective IT governance strategy in place can protect this intellectual property, reducing the risk of theft and infringement. Data protection, privacy and breach regulations, computer misuse around investigatory powers are part of a complex and often competing range of requirements to which directors must respond. There is increasingly the need for an overarching information security framework that can provide context and coherence to compliance activity worldwide. IT Governance is a key resource for forward-thinking managers and executives at all levels, enabling them to understand how decisions about information technology in the organization should be made and monitored, and, in particular, how information security risks are best dealt with. The development of IT governance - which recognises the convergence between business practice and IT management - makes it essential for managers at all levels, and in organizations of all sizes, to understand how best to deal with information security risk. The new edition has been full updated to take account of the latest regulatory and technological developments, including the creation of the International Board for IT Governance Qualifications. IT Governance also includes new material on key international markets - including the UK and the US, Australia and South Africa.
Welcome to the all-new second edition of Navigating the Digital Age. This edition brings together more than 50 leaders and visionaries from business, science, technology, government, aca¬demia, cybersecurity, and law enforce¬ment. Each has contributed an exclusive chapter designed to make us think in depth about the ramifications of this digi-tal world we are creating. Our purpose is to shed light on the vast possibilities that digital technologies present for us, with an emphasis on solving the existential challenge of cybersecurity. An important focus of the book is centered on doing business in the Digital Age-par¬ticularly around the need to foster a mu¬tual understanding between technical and non-technical executives when it comes to the existential issues surrounding cybersecurity. This book has come together in three parts. In Part 1, we focus on the future of threat and risks. Part 2 emphasizes lessons from today's world, and Part 3 is designed to help you ensure you are covered today. Each part has its own flavor and personal¬ity, reflective of its goals and purpose. Part 1 is a bit more futuristic, Part 2 a bit more experiential, and Part 3 a bit more practical. How we work together, learn from our mistakes, deliver a secure and safe digital future-those are the elements that make up the core thinking behind this book. We cannot afford to be complacent. Whether you are a leader in business, government, or education, you should be knowledgeable, diligent, and action-oriented. It is our sincerest hope that this book provides answers, ideas, and inspiration.If we fail on the cybersecurity front, we put all of our hopes and aspirations at risk. So we start this book with a simple proposition: When it comes to cybersecurity, we must succeed.
The Growing Imperative Need for Effective Information Security Governance With monotonous regularity, headlines announce ever more spectacular failures of information security and mounting losses. The succession of corporate debacles and dramatic control failures in recent years underscores the necessity for information security to be tightly integrated into the fabric of every organization. The protection of an organization's most valuable asset information can no longer be relegated to low-level technical personnel, but must be considered an essential element of corporate governance that is critical to organizational success and survival. Written by an industry expert, Information Security Governance is the first book-length treatment of this important topic, providing readers with a step-by-step approach to developing and managing an effective information security program. Beginning with a general overview of governance, the book covers: The business case for information security Defining roles and responsibilities Developing strategic metrics Determining information security outcomes Setting security governance objectives Establishing risk management objectives Developing a cost-effective security strategy A sample strategy development The steps for implementing an effective strategy Developing meaningful security program development metrics Designing relevant information security management metrics Defining incident management and response metrics Complemented with action plans and sample policies that demonstrate to readers how to put these ideas into practice, Information Security Governance is indispensable reading for any professional who is involved in information security and assurance.
The world has been sleep-walking into cyber chaos. The spread of misinformation via social media and the theft of data and intellectual property, along with regular cyberattacks, threaten the fabric of modern societies. All the while, the Internet of Things increases the vulnerability of computer systems, including those controlling critical infrastructure. What can be done to tackle these problems? Does diplomacy offer ways of managing security and containing conflict online? In this provocative book, Shaun Riordan shows how traditional diplomatic skills and mindsets can be combined with new technologies to bring order and enhance international cooperation. He explains what cyberdiplomacy means for diplomats, foreign services and corporations and explores how it can be applied to issues such as internet governance, cybersecurity, cybercrime and information warfare. Cyberspace, he argues, is too important to leave to technicians. Using the vital tools offered by cyberdiplomacy, we can reduce the escalation and proliferation of cyberconflicts by proactively promoting negotiation and collaboration online.
This pocket guide provides an introduction on how to approach the complex subject of IT governance. It describes the drivers for IT governance: why it matters, and the relationships between IT governance, risk management, information risk, project governance and compliance risk.