Cybersecurity program development for business : the essential planning guide / Chris Moschovitis.

"Get answers to all your cybersecurity questions In 2016, we reached a tipping point--a moment where the global and local implications of cybersecurity became undeniable. Despite the seriousness of the topic, the term "cybersecurity" still exasperates many people. They feel terrorized and overwhelmed. The majority of business people have very little understanding of cybersecurity, how to manage it, and what's really at risk. This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. From understanding the need, to core risk management principles, to threats, tools, roles and responsibilities, this book walks the reader through each step of developing and implementing a cybersecurity program. Read cover-to-cover, its a thorough overview, but it can also function as a useful reference book as individual questions and difficulties arise. Unlike other cybersecurity books, the text is not bogged down with industry jargon; Speaks specifically to the executive who is not familiar with the development or implementation of cybersecurity programs; Shows you how to make pragmatic, rational, and informed decisions for your organization; Written by a top-flight technologist with decades of experience and a track record of success. If you're a business manager or executive who needs to make sense of cybersecurity, this book demystifies it for you."-- Provided by publisher.

Includes bibliographical references and index.

Print version record and CIP data provided by publisher; resource not viewed.

Intro; TITLE PAGE; TABLE OF CONTENTS; FOREWORD; PREFACE; Something Completely Different; ABOUT THE AUTHOR; ACKNOWLEDGMENTS; CHAPTER 1: Understanding Risk; How Much Is It Worth to You?; Risk! Not Just a Board Game; CHAPTER 2: Everything You Always Wanted to Know About Tech (But Were Afraid to Ask Your Kids); In the Beginning ... ; Key Definitions; Note; CHAPTER 3: A Cybersecurity Primer; Cybersecurity Defined; The Meaning of Security; Measuring Cybersecurity's Success; Deter, Identify, Protect, Detect, Respond; Cybersecurity Controls and Defense in Depth; Defense in Depth; The Threats.

Threat Agents; Key Trends Influencing Threat Agents; The Nature of Hackers; Attack Process; Types of Attacks; A Brief Cyberglossary of Terms; CHAPTER 4: Management, Governance, and Alignment; Why Governance Matters; Strategy, Steering, and Standards; Critical Success Factors; CHAPTER 5: Your Cybersecurity Program: A High-Level Overview; Vision and Mission Statements; Culture and Strategy; Off to See the Wizard; What's at Risk?; Threat Assessment; At the Club House Turn!; Mitigating Risk; Incident-Response Planning; CHAPTER 6: Assets; Asset Classification; Asset Metadata.

Business-Impact Analysis; One Spreadsheet to Rule Them All; CHAPTER 7: Threats; Types of Threats; Threat Rankings; Threat Intelligence; Threat Modeling; CHAPTER 8: Vulnerabilities; Who Is Who in Vulnerabilities Tracking; Zero-Day Exploits; Vulnerabilities Mapping; Vulnerability Testing; Prioritizing Vulnerability Remediation; CHAPTER 9: Environments; On-Premises (Onsite) Computing Environments; Private-Cloud Computing Environments; Public-Cloud Computing Environments; Hybrid-Cloud Computing Environments; The Internet of Things (IoT); Distributed Workforces; CHAPTER 10: Controls.

Preventative Controls; Detective Controls; Corrective Controls; Compensatory Controls; Defense in Depth; People, Technology, and Operations; Communications; Policies, Standards, Procedures, and Guidelines; Regulatory Compliance: The European Example; Pulling It All Together; CHAPTER 11: Incident-Response Planning; Incident-Response Planning: Not Just a Good Idea-It's the Law!; Incident-Response Plan Phases; Preparing Your Incident-Response Plan; Identifying Incidents; Containing Incidents; Treating Incidents; Incident Recovery; Post-Incident Review; Do It All Over Again!; CHAPTER 12: People.

What's in It for Me?; Attitude Adjustment!; The Right Message, Delivered the Right Way; Cybersecurity-Awareness Training; CHAPTER 13: Living Cybersecure!; General Data Protection Regulation (GDPR), Privacy, and Regulators; Artificial Intelligence and Machine Learning; Blockchain; Quantum Computing; BIBLIOGRAPHY; APPENDIX: Clear and Present Danger; INDEX; END USER LICENSE AGREEMENT.