‘Information security has become an important and critical component of every organization. In his book, Professor Chatterjee explains the challenges that organizations experience to protect information assets. The book sheds light on different aspects of cybersecurity including a history and impact of the most recent security breaches, as well as the strategic and leadership components that help build strong cybersecurity programs. This book helps bridge the gap between academia and practice and provides important insights that may help professionals in every industry.’
Mauricio Angee, Chief Information Security Officer, Genesis Care USA, Fort Myers, Florida, USA
‘This book by Dave Chatterjee is by far the most comprehensive book on cybersecurity management. Cybersecurity is on top of the minds of board members, CEOs, and CIOs as they strive to protect their employees and intellectual property. This book is a must-read for CIOs and CISOs to build a robust cybersecurity program for their organizations.’
Vidhya Belapure, Chief Information Officer, Huber Engineered Materials & CP Kelco, Marietta, Georgia, USA
Cybersecurity has traditionally been the purview of information technology professionals, who possess specialized knowledge and speak a language that few outside of their department can understand. In our current corporate landscape, however, cybersecurity awareness must be an organization-wide management competency in order to mitigate major threats to an organization’s well-being—and be prepared to act if the worst happens.
With rapidly expanding attacks and evolving methods of attack, organizations are in a perpetual state of breach and have to deal with this existential threat head-on. Cybersecurity preparedness is a critical and distinctive competency, and this book is intended to help students and practitioners develop and enhance this capability, as individuals continue to be both the strongest and weakest links in a cyber defense system.
In addition to providing the non-specialist with a jargon-free overview of cybersecurity threats, Dr. Chatterjee focuses most of the book on developing a practical and easy-to-comprehend management framework and success factors that will help leaders assess cybersecurity risks, address organizational weaknesses, and build a collaborative culture that is informed and responsive. Through brief case studies, literature review, and practical tools, he creates a manual for the student and professional alike to put into practice essential skills for any workplace.
Jadual kandungan
Preface
Foreword
Endorsements
Acknowledgments
About the Author
Chapter 1. Introduction: The Challenge of Cybersecurity
Chapter 2. The Cyberattack Epidemic
2.1 Expanding Hardware and Software Attack Surfaces
2.2 The Human Vulnerability Factor
2.3 Growing Attack Vectors
2.4 Nature and Extent of Impact
Chapter 3. Breach Incidents and Lessons Learned
3.1 The Capital One Breach That Exposed 100 Million Applicants and Customer Information
3.2 British Airways Ordered to Pay a Record Fine of $230 Million
3.3 Target Retail Chain Experiences an External Intrusion That Compromised Millions of Customers’ Data
3.4 Adult Friend Finder Site Breach Exposes Millions of Customer Records
3.5 Three Billion Yahoo User Accounts Compromised
3.6 Equifax Data Breach Exposes Millions of Customers’ Data
3.7 Adobe Breach Exposes 38 Million Customer Records
3.8 Anthem Breach Affects 78.8 Million People
Chapter 4. Foundations of the High-Performance Information Security Culture Framework
4.1 Organizational Culture and Firm Performance
4.2 Organizational Culture and Cybersecurity
4.3 High-Reliability Organizational Culture Traits
Chapter 5. Commitment
5.1 Hands-On Top Management
5.2 “We-Are-in-It-Together” Culture
5.3 Cross-Functional Participation
5.4 Sustainable Budget
5.5 Strategic Alignment and Partnerships
5.6 Joint Ownership and Accountability
5.7 Empowerment
Chapter 6. Preparedness
6.1 Identify
6.2 Protect
6.3 Detect
6.4 Respond and Recover
Chapter 7. Discipline
7.1 Information Security Governance Policy
7.2 Communications and Enforcement of Policies
7.3 Continuous Monitoring
7.4 Continuous Performance Assessment and Improvement
7.5 Security Audits and Drills
7.6 Penetration Testing and Red Team Exercises
Chapter 8. Key Messages and Actionable Recommendations
8.1 Commitment
8.2 Preparedness
8.3 Discipline
Appendix 1 Information Security Monitoring Controls
Appendix 2 Cybersecurity Performance Measures
Appendix 3A Cybersecurity Readiness Scorecard: Commitment
Appendix 3B Cybersecurity Readiness Scorecard: Preparedness
Appendix 3C Cybersecurity Readiness Scorecard: Discipline
Appendix 4 Cybersecurity and Privacy Laws and Regulations
Appendix 5 Physical, Technical, and Administrative Controls: A Representative List
Appendix 6 Case Studies
Cybersecurity Resources
Index
Mengenai Pengarang
Dave Chatterjee, Ph.D. is Associate Professor in the Department of Management Information Systems at the Terry College of Business at the University of Georgia and a Visiting Professor at Duke’s Pratt School of Engineering. Dr. Chatterjee’s interest and expertise lie in the various facets of information technology management, with current focus on cybersecurity and enterprise digitization. His work has been published in prestigious outlets such as The Wall Street Journal, MIT Sloan Management Review, California Management Review, Business Horizons, MIS Quarterly, and the Journal of Management Information Systems. Dr. Chatterjee has taught at the graduate and undergraduate levels, including classes on: information systems leadership, information technology and strategy, business process management, and enterprise digitization trends and implications. He serves as Senior Editor on the Journal of Organizational Computing and Electronic Commerce. Dr. Chatterjee delivers talks around the world; moderates CXO panel discussions; conducts corporate training, workshops, and webinars; and provides consulting and advisory services. He has appeared on radio and TV interviews and is often quoted by news media on major technology-related developments. He has served on the corporate and community leadership board of a prestigious cybersecurity network of Chief Information Security Officers (CISOs) and on a CISO SWAT team. For more details please visit https://dchatte.com.
Lebih banyak ebook daripada pengarang yang sama / Penyunting
35,206 Ebooks dalam kategori ini
