In the world as we know it, you can be attacked both physically and virtually. For today's organisations, which rely so heavily on technology – particularly the Internet – to do business, the latter is the far more threatening of the two. The cyber threat landscape is complex and constantly changing. For every vulnerability fixed, another pops up, ripe for exploitation. This book is a comprehensive cyber security implementation manual which gives practical guidance on the individual activities identified in the IT Governance Cyber Resilience Framework (CRF) that can help organisations become cyber resilient and combat the cyber threat landscape. Suitable for senior directors (CEO, CISO, CIO), compliance managers, privacy managers, IT managers, security analysts and others, the book is divided into six parts: Part 1: Introduction. The world of cyber security and the approach taken in this book. Part 2: Threats and vulnerabilities. A discussion of a range of threats organisations face, organised by threat category, to help you understand what you are defending yourself against before you start thinking about your actual defences. Part 3: The CRF processes. Detailed discussions of each of the 24 CRF processes, explaining a wide range of security areas by process category and offering guidance on how to implement each. Part 4: Eight steps to implementing cyber security. Our eight-step approach to implementing the cyber security processes you need and maintaining them. Part 5: Reference frameworks. An explanation of how standards and frameworks work, along with their benefits. It also presents ten framework options, introducing you to some of the best-known standards and giving you an idea of the range available. Part 6: Conclusion and appendices. The appendices include a glossary of all the acronyms and abbreviations used in this book. Whether you are just starting out on the road to cyber security or looking to enhance and improve your existing cyber resilience programme, it should be clear that cyber security is no longer optional in today's information age; it is an essential component of business success. Make sure you understand the threats and vulnerabilities your organisation faces and how the Cyber Resilience Framework can help you tackle them. Start your journey to cyber security now – buy this book today! Alan Calder is an acknowledged international cyber security guru and a leading author on information security and IT governance issues. Alan has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ).  Alan has consulted for clients in the UK and abroad, and is a regular media commentator and speaker.

Part 1: Introduction

Chapter 1: The threat landscape
Chapter 2: Information and cyber security
Chapter 3: Cyber resilience
Chapter 4: Regulatory and contractual requirements
Chapter 5: Implementing cyber security

Part 2:Threats and vulnerabilities

Chapter 6: The anatomy of threats
Chapter 7: Technical threats
Chapter 8: Human threats
Chapter 9: Physical threats
Chapter 10: Third-party threats

Part 3: The CRF processes

Chapter 11: An overview of the CRF processes
Chapter 12: Manage and protect
Chapter 13: Identify and detect
Chapter 14: Respond and recover
Chapter 15: Govern and assure
Chapter 16: Maturity levels

Part 4: Eight steps to implementing cyber security

Chapter 17: Introducing the IT Governance eight-step approach
Chapter 18: Step 1 – Start the project
Chapter 19: Step 2 – Determine requirements and objectives
Chapter 20: Step 3 – Determine the scope
Chapter 21: Step 4 – Define current and ideal target states
Chapter 22: Step 5 – Establish a continual improvement model
Chapter 23: Step 6 – Conduct a risk assessment
Chapter 24: Step 7 – Select and implement controls
Chapter 25: Step 8 – Measure and review performance

Part 5: Reference frameworks

Chapter 26: Why you should consider reference frameworks
Chapter 27: Core
Chapter 28: Baseline
Chapter 29: Extended
Chapter 30: Embedded

Part 6: Conclusion and appendices

Chapter 31: Conclusion
Appendix 1: IT and information asset checklist
Appendix 2: Template outline project plan
Appendix 3: Glossary of acronyms and abbreviations

GRC International Group resources

Publicado por: IT Governance Publishing Ltd