You're reading from Resilient Cybersecurity Reconstruct your defense strategy in an evolving cyber world

Product type Paperback

Published in Sep 2024

Publisher Packt

ISBN-13 9781835462515

Length 752 pages

Edition 1st Edition

Concepts

Cybersecurity

Author (1):

Mark Dunkerley

View More author details

Table of Contents (19) Chapters

Preface

1. Current State FREE CHAPTER

2. Setting the Foundations

3. Building Your Roadmap

4. Solidifying Your Strategy

5. Cybersecurity Architecture

6. Identity and Access Management

7. Cybersecurity Operations

8. Vulnerability Management

9. User Awareness, Training, and Testing

10. Vendor Risk Management

11. Proactive Services

12. Operational Technology and the Internet of Things

13. Governance Oversight

14. Managing Risk

15. Regulatory and Compliance

16. Some Final Thoughts

17. Other Books You May Enjoy

18. Index

Preface

I’m excited to bring to you Resilient Cybersecurity: Reconstruct your defense strategy in an evolving cyber world, which addresses the need for a more robust cybersecurity program for every organization. Every organization should be assessing the current state of their cybersecurity program to ensure that it continues to evolve to meet the needs of today’s ongoing cybersecurity threats. We are in a place where organizations still do not have a dedicated cybersecurity program in place. Unfortunately, this is no longer acceptable, and the risk of a major cybersecurity incident or breach increases significantly. Having a mature cybersecurity program in place doesn’t guarantee that you will not suffer a major cybersecurity incident or breach, but having a mature program in place will reduce the risk and potential impact of a major cybersecurity incident or breach. More importantly, it will best prepare your organization on how to efficiently respond when a major cybersecurity incident occurs. The reality is, it is only matter of ‘when’ and not ‘if’ a major cybersecurity incident or breach occurs.

The idea behind this book is to provide a foundation for your organization’s cybersecurity program that is all-inclusive and can serve as a reference for any organization. The hope with this book is that you can take something meaningful away, even if it is just one piece of information that can be applied to support your cybersecurity program whether you are just getting started, or if you already have one in place. The principles in this book may not necessarily be the same as the ones you have in place today, but I am sharing the knowledge I have gained over the years from building a cybersecurity program from the ground up. The end goal is to share as much knowledge as possible with the optimism that we continue to work together and collaborate as one unified front to better protect the confidentiality, integrity, and availability (also known as the CIA triad) of the data and information being stored and accessed within our organizations.

One area we address in more detail is how critical the CISO role has become within the organization, quickly becoming a figure of significance in a very short period of time, and a role that every organization needs to have in place.

The CISO role continues to evolve at a very fast pace from one that traditionally focused more on the technical controls to protect an organization to a much broader risk-based role that needs to interact with every part of the business. With this evolution, we are entering a new generation and era for the CISO with new and expanded responsibilities and expectations, that of the CISO v2.0. As part of this evolving role, the CISO is not only expected to be technical in nature, but more of a business acumen who is integrated into every part of the business and is able to translate technical risk into more quantifiable and business terms for the leadership teams including the Board of Directors (BoD).

It is also important for today’s CISO to effectively ensure that accountability for cybersecurity is appropriately distributed across the organization, rather than being solely the responsibility of the CISO. Accountability sits at the top of an organization, more specifically with the executive leadership team and the BoD.

It is important to acknowledge that we have come to a critical point with cybersecurity, and it does not look like it is going to get any easier anytime soon. Threat actors are making substantial profits from cybercrime and businesses have been formed to support these ongoing efforts. With the world we live in becoming more interconnected with the advancement of technology and the internet, preventing these crimes has become extremely complex because of cross-border challenges with differing laws and conflicts. Because of this, we all need to focus on the theme of cybersecurity culture for our users, not just within the organization but for everyone’s everyday lives. Cybersecurity should not be an afterthought proceeding forward, but a concept that is engrained in everyone’s mindset with everything they do, including their personal lives. With a cybersecurity culture comes a shared responsibility that we all must hold ourselves accountable for. Everyone MUST take responsibility for the protection of the information they are responsible for within an organization in addition to the information they must protect for their personal lives.