You're reading from Building a Cyber Resilient Business A cyber handbook for executives and boards

Product type Paperback

Published in Nov 2022

Publisher Packt

ISBN-13 9781803246482

Length 232 pages

Edition 1st Edition

Concepts

Cybersecurity

Authors (3):

Dr. Magda Lilia Chelly

Hai Tran

Shamane Tan

View More author details

Table of Contents (14) Chapters

Preface

1. Chapter 1: The CEO Cyber Manual

2. Chapter 2: A Modern Cyber-Responsible CFO FREE CHAPTER

3. Chapter 3: The Role of the CRO in Cyber Resilience

4. Chapter 4: Your CIO—Your Cyber Enabler

5. Chapter 5: Working with Your CISO

6. Chapter 6: The Role of the CHRO in Reducing Cyber Risk

7. Chapter 7: The COO and Their Critical Role in Cyber Resilience

8. Chapter 8: The CTO and Security by Design

9. Chapter 9: The CMO and CPO—Convergence Between Privacy and Security

10. Chapter 10: The World of the Board

11. Chapter 11: The Recipe for Building a Strong Security Culture—Bringing It All Together

12. Index

Why subscribe?

13. Other Books You May Enjoy

What this book covers

Chapter 1, The CEO Cyber Manual, starts by laying out the fundamentals of building a cyber-resilient business in a digitized world. The Chief Executive Officer has a critical role in cybersecurity and cyber resilience, as they are ultimately responsible for the overall security of the company and its data.

Chapter 2, A Modern Cyber-Responsible CFO, lines up the fundamentals for a CFO’s success in supporting cyber resilience. The Chief Financial Officer has a critical role in cybersecurity and cyber resilience. One of their key functions is to ensure the organization has accurate data to make decisions. The CFO is also responsible for ensuring there is a process in place to quantify the losses associated with a cyberattack, in collaboration with the Chief Information Security Officer. This includes quantifying the financial loss but also the cost of downtime, loss of customer data, and loss of employee productivity.

Chapter 3, The Role of the CRO in Cyber Resilience, looks at the Chief Risk Officer’s perspectives, challenges, and how cyber risk is integrated into an enterprise’s risk management strategy. The CRO is responsible for making sure the company is managing all types of risks, and when it comes to cyber, they need to collaborate closely with the CISO to achieve a balanced risk posture.

Chapter 4, Your CIO—Your Cyber Enabler, explores the Chief Information Officer’s role in cyber resilience, which is to ensure an organization has a technology infrastructure while protecting its digital assets and that these assets are accessible to the appropriate stakeholders when needed. It is the CIO’s responsibility to keep up with new technologies and to develop policies and procedures for incorporating these technologies into the organization’s infrastructure, including security and privacy concerns. This can be a challenging task, as it often requires balancing security needs with business needs. This chapter presents examples of conflict of interest inherent in the CIO’s responsibilities and how to address them while continuing to innovate.

Chapter 5, Working with Your CISO, is a thorough overview of the Chief Information Security Officer’s world, challenges, lessons learned, and practical insights on cyber-risk quantification and risk transfer. The CISO is responsible for risk management within an organization. They work with senior leadership to ensure the company is protected from cyber threats and business processes can continue in the event of a cyber incident. The CISO is also responsible for usability while maintaining a balance with security. They work with departments across the company to ensure employees have access only to data they need to do their jobs, and that information is accessible in a way that makes sense for the business.

Chapter 6, The Role of the CHRO in Reducing Cyber Risk, delves into the Chief Human Resources Officer’s role in cybersecurity, which is to ensure the company has the proper HR policies and procedures in place to protect employees’ personal data and mitigate the risk of a cyberattack. The CHRO, together with the CISO, is responsible for developing and implementing a security awareness program that educates employees about how to protect themselves online, how to spot phishing emails, and what to do if they suspect they’ve been compromised. As well, the CHRO must work with the CISO to establish a cultural change and cyber awareness adoption.

Chapter 7, The COO and Their Critical Role in Cyber Resilience, examines the role of the Chief Operating Officer in cybersecurity, which is to help develop and execute an organization’s Business Continuity Plan (BCP). The BCP outlines how the company will continue to function in the event of a major disruption, such as a cyberattack. The COO is responsible for ensuring the BCP is up to date and comprehensive and all departments are aware of their roles and responsibilities in relation to it. Collaboration between the COO and the CISO is critical in achieving a successful resilient journey.

Chapter 8, The CTO and Security by Design, specifically addresses the responsibilities of the Chief Technology Officer in supporting cyber resilience. The role of the CTO in cybersecurity is to ensure software development processes are secure and compliant with industry standards. This includes overseeing the Secure Development Life Cycle (SDLC), which encompasses code review, testing, and other activities designed to ensure applications are free of vulnerabilities. In addition, the CTO works closely with other parts of the organization to ensure security is embedded into every facet of the business, which necessitates strong collaboration with the CISO.

Chapter 9, The CMO and CPO—Convergence Between Privacy and Security, explores how, in recent years, the roles of Chief Marketing Officer and Chief Privacy Officer have become increasingly important in cybersecurity. As the world becomes more connected, businesses are collecting and storing more data than ever before. And with the General Data Protection Regulation (GDPR) recently coming into effect, companies must be extra careful about how they collect, process, and store customer data. That’s where the CMO and CPO come in. The CMO is responsible for overseeing all marketing activities within a company. This includes developing marketing strategies, planning and executing marketing campaigns, and analyzing market trends. The CPO, on the other hand, is responsible for ensuring a company’s privacy policy complies with all applicable laws and regulations. This chapter provides good insights on how those two roles support cyber resilience.

Chapter 10, The World of the Board, looks at business priorities and clarifies a board of directors’ role in achieving business resilience while supporting the CISO. The role of the board in cybersecurity is to ensure an organization has adequate defenses in place to protect its digital assets and management has put in place processes and protocols to mitigate risk and respond to incidents. The board should also ensure the organization has a risk management framework in place, which includes assessing vulnerabilities and threats, determining acceptable levels of risk, and implementing mitigating controls. Finally, the board should review incident response plans to make sure they are adequate and enable the organization to quickly restore normal operations after an incident.

Chapter 11, The Recipe for Building a Strong Security Culture – Bringing It All Together, brings together everything we have learned and provides a holistic overview of how a team effort leads to a resilient business. An organization’s cyber-awareness culture is a collection of values, policies, and norms governing how its employees use personal data and information technology. A strong cyber-awareness culture helps an organization protect itself from cyber threats by educating and empowering its employees to be security conscious in their daily work routines.