Managing Cybersecurity Risk: Book 3
()
About this ebook
Cybersecurity is the practice of protecting systems, networks and programs from digital attacks. These attacks are usually aimed at accessing, changing or destroying sensitive information, extorting money from users or interrupting normal business processes.
This new edition will provide valuable information on the cyber environment and threats that businesses may encounter. Such is the scale and variety of cyber threats, it is essential to recognise issues such as gaps in the workforce and the skills required to combat them. The guide also addresses the social and financial impacts of cyber breaches and the development of cyber protection for the future.
Offering understanding and advice the book covers topics such as the following, all from key speakers and industry experts:
- Training
- Technology trends
- New theories
- Current approaches
- Tactical risk management
- Stories of human errors and their results
Managing Cybersecurity Risk is an essential read for all businesses, whether large or small.
With a Foreword by Don Randall, former head of Security and CISO, the Bank of England, contributors include Vijay Rathour, Grant Thornton and Digital Forensics Group, Nick Wilding, General Manager of Cyber Resilience at Axelos, IASME Consortium Ltd, CyberCare UK, DLA Piper, CYBERAWARE and more.
Read more from Jonathan Reuvid
Global Innovation: Developing Your Business for a Global Market Rating: 0 out of 5 stars0 ratingsBe Cyber Secure: Tales, Tools and Threats Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Cases Studies and Solutions Rating: 5 out of 5 stars5/5Growing Business Innovation: Developing, Promoting and Protecting IP Rating: 0 out of 5 stars0 ratingsGrowing Business Innovation: Developing, Promoting and Protecting IP Rating: 0 out of 5 stars0 ratingsInvestors’ Guide to the United Kingdom 2015-16 Rating: 0 out of 5 stars0 ratingsStart Up Wise: Your step-by-step guide to the Seven Stages of Success Rating: 0 out of 5 stars0 ratingsEasy Steps to Managing Cybersecurity Rating: 0 out of 5 stars0 ratingsThe Investors' Guide to the United Kingdom 2011/12 Rating: 0 out of 5 stars0 ratingsThe Investors' Guide to the United Kingdom 2013/14 Rating: 0 out of 5 stars0 ratingsConquer the Web: The Ultimate Cybersecurity Guide Rating: 0 out of 5 stars0 ratingsInvestors' Guide to the United Kingdom 2012/13 Rating: 0 out of 5 stars0 ratingsRites of Spring Rating: 0 out of 5 stars0 ratings
Related to Managing Cybersecurity Risk
Related ebooks
Cybersecurity and Infrastructure Protection Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for Corporate Directors and Board Members Rating: 1 out of 5 stars1/5Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Cyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5Easy Steps to Managing Cybersecurity Rating: 0 out of 5 stars0 ratingsCyber Essentials: A Pocket Guide Rating: 5 out of 5 stars5/5The Five Anchors of Cyber Resilience: Why some enterprises are hacked into bankruptcy, while others easily bounce back Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Mindset: Cultivating a Culture of Vigilance Rating: 0 out of 5 stars0 ratingsThe Psychology of Information Security: Resolving conflicts between security compliance and human behaviour Rating: 5 out of 5 stars5/5The Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsSecurity Operations in Practice Rating: 0 out of 5 stars0 ratingsThe Human Fix to Human Risk: 5 Steps to Fostering a Culture of Cyber Security Awareness Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: How Directors and Corporate Officers Can Protect their Businesses Rating: 5 out of 5 stars5/5The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsTrends In Cybersecurity: The Insider To Insider Risks Rating: 0 out of 5 stars0 ratingsFight Fire with Fire: Proactive Cybersecurity Strategies for Today's Leaders Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThe Ransomware Threat Landscape: Prepare for, recognise and survive ransomware attacks Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5IT Induction and Information Security Awareness: A Pocket Guide Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsHands-on Incident Response and Digital Forensics Rating: 0 out of 5 stars0 ratingsBecoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders Rating: 5 out of 5 stars5/57 Rules To Become Exceptional At Cyber Security Rating: 5 out of 5 stars5/5Cyber Security Consultants Playbook Rating: 0 out of 5 stars0 ratings8 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratings
Security For You
How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking For Dummies Rating: 4 out of 5 stars4/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5CISSP Study Guide Rating: 4 out of 5 stars4/5Cybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsGame Console Hacking: Xbox, PlayStation, Nintendo, Game Boy, Atari and Sega Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratings
Reviews for Managing Cybersecurity Risk
0 ratings0 reviews
Book preview
Managing Cybersecurity Risk - Jonathan Reuvid
resilience.
INTRODUCTION
As Don Randall asserts in his foreword, the fight against cyber crime is a never-ending battle against resourceful criminals targeting all data and communications security from national defence and counter-espionage through to corporate business and personal online activity. What is more, we are not winning. As the incidence of cyber incidents increases remorselessly the best we can do is to contain the level of successful breaches; to do that we need to be fully aware of the sophisticated software, ever-evolving and mutating, which attackers employ. We also need to keep ourselves informed of the fraudulent techniques that invaders use to exploit our ignorance and penetrate our defences.
This third edition of Managing Cybersecurity Risk attempts to survey the battlefield, alert readers to the threats which they need to address, comment on their cultural implications and advise on managing the financial and social impacts of cyber incidents. Throughout the book there is a strong emphasis on training and achieving resilience.
There is a combiation of new contributors to this book with authors who have written for the title before and are updating and restating their analysis and advice. Among the former are Julian Richards of the University of Buckingham, whose opening chapter is a chilling account of the mega threats on the world stage, and Tim Ward of ThinkCyber, Steve Durbin of Information Security Forum and Chris Pinder of IASME Consortium who are each focused on aspects of human behaviour in terms of training and work culture.
Previous contributors are led by Nick Wilding of AXELOS RESILIA, sponsors of the title, who writes on the key role of training as the driver of behaviour change. He is supported by Karla Reffold on the retention of cybersecurity staff within an organisation, while the DLA Piper team provide advice on balancing information security good practice with the data protection and employment requirements. One year after its UK adoption, Dan Hyde of Penningtons reports on the current status of GDPR and the DPA.
Christopher Greany stresses the importance of securing companies from insider threats while Richard Knowlton reflects on the balance between cybersecurity risk and reward for small businesses. Nick Ioannou of Boolean Logical provides tutorials for us all on how to recognize and avoid the latest tricks and techniques that cyber criminals deploy to trap the unwary. The concluding chapter of the book is an authoritative dissertation on the social and financial impacts of cyber breaches provided by Vijay Rathour, leader of Grant Thornton’s Digital Forensics Group.
I endorse fully Don Randall’s thanks to all authors and sponsors of this new edition of Managing Cybersecurity Risk for their contributions and add my appreciation to Don himself for his return to the title of which he was a founding father.
Jonathan Reuvid
Editor
PART ONE
THE SCALE OF CYBER THREATS –
TRAINING IS KEY
1
THE THREAT FROM BIG STATES
JULIAN RICHARDS, UNIVERSITY OF BUCKINGHAM
We might imagine that cyber threats from big states like Russia and China are primarily the concern of state intelligence agencies such as GCHQ and MI5. This, however, is the wrong way to look at the situation. Due to increasingly blurry lines between activists, criminals and states, everyone now needs to think about the threat from the big state actors, from governments to businesses, large and small.
In this chapter, I will begin by considering which state actors are the ones to worry about. We will consider their objectives in the cyber threat landscape; the complex array of actors involved; the effects their actions have on a range of organisations; and the key messages we should take away in conclusion.
STATES POSING CYBER THREAT
Taking a Western perspective on the situation, there is no doubt that Russia and China continue to pose a substantial and constantly evolving cyber threat to the interests of a number of states and their allies. Both of these states have a strong interest in developing their hostile cyber capabilities, for a range of strategic political and economic reasons. Both will increasingly seek to appear at the cutting-edge of cyber threat technology and capability, and will aim to be leading players in cyberspace. There is also mounting evidence that Russia in particular – or at least forces sympathetic to it – is engaged in comprehensive information warfare against the West and its citizens using industrialised cyber