How Cyber Security Can Protect Your Business A guide for all stakeholders
Produktdetaljer
Biographical note
Chris Wright is a qualified accountant and CISA (certified information systems auditor) with more than 30 years’ experience providing financial and IT advisory and risk management services. He worked for 16 years at KPMG, where he managed a number of IT due diligence reviews and was head of information risk training in the UK. He has also worked in a wide range of industry sectors, including oil and gas, small and medium enterprises, public sector, aviation and travel.
Summary
- Explains in easy-to-understand terms what executives and senior managers need to know and do about the ever-changing cyber threat landscape.
- Gives strategic, business-focused guidance and advice relevant to C-suite executives.
- Provides an effective and efficient framework for managing cyber governance, risk and compliance.
- Explains what is required to implement an effective cyber security strategy.
Description
With high-profile cyber attacks, data breaches and fines for GDPR (General Data Protection Regulation) non-compliance hitting the headlines daily, businesses must protect themselves and their reputations, while reassuring stakeholders they take cyber security seriously.
Cyber attacks are becoming more sophisticated and prevalent, and the cost of data breaches is soaring. In addition, new regulations and reporting requirements make cyber security a critical business issue.
Board members and senior management must understand the threat landscape and the strategies they can employ to establish, implement and maintain effective cyber resilience throughout their organisation.
How Cyber Security Can Protect your Business – A guide for all stakeholders provides an effective and efficient framework for managing cyber governance, risk and compliance, which organisations can adapt to meet their own risk appetite and synchronise with their people, processes and technology. It explains what is meant by governance, risk and compliance, how it applies to cyber security and what is required to implement an effective cyber security strategy.
The pocket guide:
- Gives readers a greater understanding of cyber governance, risk and compliance;
- Explains what executives, senior managers and their advisors need to know and do about the ever-changing cyber threat landscape;
- Provides context as to why stakeholders need to be aware of and in control of their organisation’s cyber risk management and cyber incident response;
- Gives guidance on building an appropriate and efficient governance framework that enables organisations to demonstrate their cyber approach in a non-technical, strategic, business-focused way;
- Details an overview process to enable risk assessment, assess existing defence mitigations and provide a framework for developing suitable controls; and
- Includes a checklist to help readers focus on their higher-priority cyber areas.
Suitable for all managers and executives, this pocket guide will be of interest to non-cyber specialists, including non-executive directors, who may be required to review cyber arrangements. For cyber specialists, it provides an approach for explaining cyber issues in non-jargonistic, business-based language.
Kick-start your journey to becoming cyber secure – buy this pocket guide today!
How Cyber Security Can Protect your Business – A guide for all stakeholders provides an effective and efficient framework for managing cyber governance, risk and compliance, which organisations can adapt to meet their own risk appetite and synchronise with their people, processes and technology.
Chapter 1: Introduction to Cyber Security GRC
Background to GRC
The three lines of defence model
What is the relevance of GRC to cyber?
Chapter 2: Cyber Security Governance
Introduction and overview
Culture and awareness
Threat and risk awareness
Risk management
Responding to cyber incidents
Cyber SOX
Summary: Key cyber security questions for directors to ask
Chapter 3: Cyber Security Risk Management
Introduction and overview
Risk management scoping
Process and control mapping
Risk assessment
Designing and implementing controls
Testing of controls
Summary and conclusions
Chapter 4: Cyber Risks and Controls
Introduction and overview
Identifying cyber risks and controls
Third-party service providers
Protecting against cyber risks
Access management
Firewalls
Security patching
Vulnerability management
Anti-malware
Security by design
Summary and conclusion
Chapter 5: Responding to an Attack
Introduction and overview
Preparing for cyber attacks
Detecting potential cyber attacks
Security operations centre
IT service helpdesk
Recovery following a cyber attack
Summary
Chapter 6: Cyber Compliance
Overview and introduction
Cyber compliance requirements
IT (or information) security policy
ISO 27001
General Data Protection Regulation
Network and Information Systems (NIS) requirements
Payment Card Industry Data Security Standard
Sarbanes-Oxley Act
Third-party compliance
Cyber insurance policy clauses
Summary
References
Further Reading
Produktdetaljer
Biographical note
Chris Wright is a qualified accountant and CISA (certified information systems auditor) with more than 30 years’ experience providing financial and IT advisory and risk management services. He worked for 16 years at KPMG, where he managed a number of IT due diligence reviews and was head of information risk training in the UK. He has also worked in a wide range of industry sectors, including oil and gas, small and medium enterprises, public sector, aviation and travel.