Cybersecurity: A Business Solution: An executive perspective on managing cyber risk

Front Cover
Threat Sketch, LLC, Sep 26, 2017 - Business & Economics - 100 pages
0 Reviews

 As a business leader, you might think you have cybersecurity under control because you have a great IT team. But managing cyber risk requires more than firewalls and good passwords. Cash flow, insurance, relationships, and legal affairs for an organization all play major roles in managing cyber risk. Treating cybersecurity as “just an IT problem” leaves an organization exposed and unprepared. Therefore, executives must take charge of the big picture.

Cybersecurity: A Business Solution is a concise guide to managing cybersecurity from a business perspective, written specifically for the leaders of small and medium businesses. In this book you will find a step-by-step approach to managing the financial impact of cybersecurity. The strategy provides the knowledge you need to steer technical experts toward solutions that fit your organization’s business mission. The book also covers common pitfalls that lead to a false sense of security. And, to help offset the cost of higher security, it explains how you can leverage investments in cybersecurity to capture market share and realize more profits.

The book’s companion material also includes an executive guide to The National Institute of Standards and Technology (NIST) Cybersecurity Framework. It offers a business level overview of the following key terms and concepts, which are central to managing its adoption.

TiersProfilesFunctionsInformative References
 

What people are saying - Write a review

We haven't found any reviews in the usual places.

Contents

Background
3
Strategic Cyber Risk Management
15
Objectives and Risk Assessments
31
Prevention and Preparedness
41
Regulatory Pressures on Prevention and Preparedness
51
Budget Planning
69
Implementation and Beyond
80
About the Author
91
Copyright

Common terms and phrases

About the author (2017)

 Rob Arnold’s passion for computers and technology began when he was a teenager, on computers that predated the modern IBM PC. If you were around in the late 1970s and early 1980s, you may recall names like Commodore, Timex-Sinclair, and Tandy. Rob experienced them all and, like every modern-day teenage boy, he wanted to play video games. While he could not afford the luxury of a lot of games, he did not let that be an obstacle. Instead, he taught himself how to write his own games. These early forays into the world of computing lit a passion that would later define his career. But even before turning his passion into a profession, Rob had his first experience with modern computer security issues. While in college, he was helping his professor manage a small fleet of computers when he discovered a flaw that made brute-force password attacks way too easy for remote hackers. Changing the default installation for the software involved solved the issue and that became Rob’s first meaningful contribution to the software systems that underpin our modern Internet.


Upon entering the professional world of information technology, what is today known as cybersecurity, was then just part of the job. Rob spent two decades working and providing IT consulting, for companies ranging from Fortune 500 and large private firms, to small mom-and-pop shops, and everything in between. During this time, Rob wrote security policies, led companies through security-related compliance audits, and had several opportunities to do what is now called ethical hacking. One defining moment was on the morning of 9-11, when Rob was called to examine and repair the hacking of a major airline-related website that occurred while planes crashed along the East Coast. On other occasions, he was hired to crack systems for which the administrator (or root) password had been lost. Rob has solved many other problems for clients, ranging from securing executive communication from the prying eyes of untrusted IT staffers, to disaster recovery planning, to developing authentication and permission management software. 

Rob returned to graduate school in 2010 to round out his real-world experience with an academic view of the cybersecurity landscape. As part of an early assignment, he discovered, and quietly disclosed to the manufacture, a major flaw in a popular e-reader. But what really caught his attention was the concept of risk management as applied to cybersecurity. It was clear to him that risk management and the primary tool for measuring risk (a risk assessment) was well-suited to make investment decisions related to security. For his capstone project, he developed a unique strategic risk assessment that would lay the foundation for his next professional endeavor.
Rob founded Threat Sketch in 2015 and partnered with a financial and insurance risk expert to continue research and development. Their focus is on the development of cyber risk assessments to solve budgeting and planning problems for small and medium businesses. The addition of his business partner’s professional risk-analysis knowledge marked the point where academic research transitioned to a practical tool. 

The cybersecurity industry is awash with highly-technical advice, guides, and solutions. But there are few resources for business-minded owners and executives who need to understand the business aspects of managing cyber risk. This book distills Rob’s practical and academic knowledge to help the leaders and decision-makers of small companies navigate the management of cyber risk. He is particularly in tune with what resources are available to small businesses and how they need to approach cybersecurity. His background helps him understand the unique constraints businesses of this size face, having worked many years in this industry.

Bibliographic information