Chapter summary
In this chapter we discussed what a cybersecurity strategy is and some of the ingredients that give a strategy the best chance of success. We briefly reviewed the cybersecurity fundamentals and the cybersecurity usual suspects in this chapter. I also introduced High Value Assets (HVAs) and other concepts, that I refer to frequently throughout the rest of this book.
What is a cybersecurity strategy? There are at least two critical inputs to a cybersecurity strategy: your organization's HVAs, and the specific requirements, threats, and risks that apply to your organization, informed by the industry you are in, the place(s) in the world where you do business, and the people associated with the organization. If an HVA's confidentiality, integrity, or availability is compromised, the organization will fail or be severely disrupted. Therefore, identifying HVAs and prioritizing protection, detection, and response for them is critical. This does not give security teams...
