Cybersecurity Program Development for Business The Essential Planning Guide

"This is the book executives have been waiting for. It is clear: With deep expertise but in nontechnical language, it describes what cybersecurity risks are and the decisions executives need to make to address them. It is crisp: Quick and to the point, it doesn't waste words and won't waste your time. It is candid: There is no sure cybersecurity defense, and Chris Moschovitis doesn't pretend there is; instead, he tells you how to understand your company's risk and make smart business decisions about what you can mitigate and what you cannot.

It is also, in all likelihood, the only book ever written (or ever to be written) about cybersecurity defense that is fun to read."

In 2016, we reached a tipping point—a moment where the global and local implications of cybersecurity became undeniable. Despite the seriousness of the topic, the term "cybersecurity" still exasperates many people. They feel terrorized and overwhelmed. The majority of business people have very little understanding of cybersecurity, how to manage it, and what's really at risk.

This essential guide, with its dozens of examples and case studies, breaks down every element of the development and management of a cybersecurity program for the executive. From understanding the need, to core risk management principles, to threats, tools, roles and responsibilities, this book walks the reader through each step of developing and implementing a cybersecurity program. Read cover-to-cover, it’s a thorough overview, but it can also function as a useful reference book as individual questions and difficulties arise.

• Unlike other cybersecurity books, the text is not bogged down with industry jargon
• Speaks specifically to the executive who is not familiar with the development or implementation of cybersecurity programs
• Shows you how to make pragmatic, rational, and informed decisions for your organization
• Written by a top-flight technologist with decades of experience and a track record of success

If you’re a business manager or executive who needs to make sense of cybersecurity, this book demystifies it for you.

CHRIS MOSCHOVITIS is the founder of tmg-emedia, a consultancy focused on providing independent technology and cybersecurity management expertise, development, and outsourcing services. It is one of the premier independent consulting firms in the country. He is sought after by private industry, government, and nonprofits for his ability to explain complex IT and cybersecurity topics to executives.

Foreword vii

Preface xi

About The Author xiii

Acknowledgments xv

CHAPTER 1 Understanding Risk 1

CHAPTER 2 Everything You Always Wanted to Know About Tech (But Were Afraid to Ask Your Kids) 9

CHAPTER 3 A Cybersecurity Primer 15

CHAPTER 4 Management, Governance, and Alignment 47

CHAPTER 5 Your Cybersecurity Program: A High-Level Overview 67

CHAPTER 6 Assets 81

CHAPTER 7 Threats 95

CHAPTER 8 Vulnerabilities 105

CHAPTER 9 Environments 113

CHAPTER 10 Controls 131

CHAPTER 11 Incident-Response Planning 147

CHAPTER 12 People 163

CHAPTER 13 Living Cybersecure! 175

Bibliography 187

Appendix: Clear And Present Danger 195

Index 199

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.