ارزیابی و بیمهگذاری ریسک امنیت سایبری
Assessing and Insuring Cybersecurity Risk
معرفی کتاب «ارزیابی و بیمهگذاری ریسک امنیت سایبری» (با عنوان لاتین Assessing and Insuring Cybersecurity Risk) نوشتهٔ Ravindra Das، منتشرشده توسط نشر Auerbach Publications در سال 2021. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
Remote workforces using VPNs, Cloud-based infrastructure and critical systems, and a proliferation in phishing attacks and fraudulent websites are all raising the level of risk for every company. It all comes down to just one thing that is at stake: how to gauge a company’s level of cyber risk and the tolerance level for this risk. Loosely put, this translates to how much level of uncertainty an organization can tolerate before the uncertainty starts to negatively affect mission critical flows and business processes. Trying to gauge this can be a huge and nebulous task for any IT security team to accomplish. Making this task so difficult are the many frameworks and models that can be utilized. It is very confusing to know which one to utilize in order to achieve a high level of security. Complicating this situation further is that both quantitative and qualitative variables must be taken into consideration and deployed into a cyber risk model. Assessing and Insuring Cybersecurity Risk provides an insight into how to gauge an organization’s particular level of cyber risk, and what would be deemed appropriate for the organization’s risk tolerance. In addition to computing the level of cyber risk, an IT security team has to determine the appropriate controls that are needed to mitigate cyber risk. Also to be considered are the standards and best practices that the IT security team has to implement for complying with such regulations and mandates as CCPA, GDPR, and HIPAA. To help a security team to comprehensively assess an organization’s cyber risk level and how to insure against it, the book covers: The mechanics of cyber risk Risk controls that need to be put into place The issues and benefits of cybersecurity risk insurance policies GDPR, CCPA, and the CMMC Gauging how much cyber risk and uncertainty an organization can tolerate is a complex and complicated task, and this book helps to make it more understandable and manageable. Cover Half Title Title Page Copyright Page Dedication Table of Contents Acknowledgments Authors Chapter 1: Cybersecurity Risk Introduction What Cyber Measurement Is All About The Concept of Bayesian Measurement The Classification Chain Uncertainty Measurement of Uncertainty Risk Measurement of Risk The Statistical Methods of Measurement The Rule of Five The Various Quantitative Methods for Gauging Cyber Risk The Risk Matrix The Monte Carlo Method The Creation of Random Cyber-Related Events The Lognormal Distribution The Summation of the Cyber Risks How to Visualize Cyber Losses The Return on Mitigation The Decomposition of the One for One Substitution Cyber Risk Model A Decomposition Strategy A Newer Decomposition Strategy How to Avoid Over-Decomposing the Variables A Critical Variable Related to Cyber Risk: Reputational Damage How to Reduce the Level of Cyber Risk with Bayesian Techniques The Important Statistical Concepts of the Bayesian Theory Making Use of Prior Cyber Events in the Bayesian Methodology Statistically Proving the Bayesian Theorem The Applications of the Bayesian Methodology How to Reduce the Level of Cyber Risk with More Sophisticated Bayesian Techniques The Beta Distribution Making Use of the Log Odds Ratio How to Use the Log Odds Ratio (LOR) Methodology The Lens Methodology A Cross Comparison of the LOR and Lens Methodologies How to Ascertain the Value of Information and Data How a Known Factor Can Have an Impact on a Predicted Event A Brief Overview of Cybersecurity Metrics Notes Chapter 2: Cybersecurity Audits, Frameworks, and Controls An Overview of the Cybersecurity Controls A Technical Review of the Cybersecurity Audit Why the Cyber Audit Is Conducted The Principles of Control in the Cyber Audit The Validation of the Audit Frameworks A Macro View of How the Cyber Audit Process Works The Importance of Cyber Audit Management A Holistic View of How the Cyber Audit Process Works A Review of the Cyber Audit Frameworks Breaking Down the Importance of Information Technology (IT) Security Governance A Deep Dive into the Cybersecurity Frameworks The ISO 27001 The COBIT 5 The National Institute of Standards and Technology The Framework for Improving Critical Infrastructure Cybersecurity The Information Security Forum Standard of Good Practice for Information Security The Payment Card Industry Data Security Standards The Cyber Risk Controls The Goal-Based Security Controls The Preventive Controls The Detective Controls The Operational Controls Notes Chapter 3: Cybersecurity Insurance Policies Cybersecurity Risk Insurance Policies The State of the Cybersecurity Insurance Market An Analysis of the Major Insurance Carriers That Offer Cyber Insurance The Major Components of a Cyber Insurance Policy How Should an SMB Decide on What Kind of Cyber Policy to Get Notes Chapter 4: The Compliance Laws of the GDPR, CCPA, and CMMC GDPR Implications for Business and Cybersecurity More about GDPR DPO, DCs, and DPs Conclusions on GDPR California Consumer Privacy Act (CCPA) Cybersecurity Maturity Model Certification (CMMC) Who Cares? Levels Summary Notes Chapter 5: Conclusions Chapter 1 Chapter 3 An Example of Cyber Resiliency How the Definition of Cyber Resiliency Was Met What Is the Difference between Cyber Resiliency and Cybersecurity? The NIST Special Publication 800-160 Volume 2 What Cybersecurity Insurance Is and Its History The Advantages and Disadvantages of Cybersecurity Insurance The Advantages The Disadvantages The Factors That Insurance Companies Consider When Providing Coverage Chapter 4 PII Versus Personal Data The Rights That Are Afforded to Individuals The CCPA The GDPR The Usage of Data The CCPA The GDPR The Components of the Maturity Level 1 The Access Control (AC) The Identification and Authentication (IA) The Media Protection (MP) The Physical Protection (PE) The System and Communications Protection (SC) The System and Information Integrity (SI) The Background of the PCI-DSS The Compliance Levels of the PCI-DSS The Requirements of the PCI-DSS Notes Index Remote workforces using VPNs, cloud-based infrastructure and critical systems, and a proliferation in phishing attacks and fraudulent websites are all raising the level of risk for every company. It all comes down to just one thing that is at stake: how to gauge a company's level of cyber risk and the tolerance level for this risk. Loosely put, this translates to how much uncertainty an organization can tolerate before it starts to negatively affect mission critical flows and business processes. Trying to gauge this can be a huge and nebulous task for any IT security team to accomplish. Making this task so difficult are the many frameworks and models that can be utilized. It is very confusing to know which one to utilize in order to achieve a high level of security. Complicating this situation further is that both quantitative and qualitative variables must be considered and deployed into a cyber risk model. Assessing and Insuring Cybersecurity Risk provides an insight into how to gauge an organization's particular level of cyber risk, and what would be deemed appropriate for the organization's risk tolerance. In addition to computing the level of cyber risk, an IT security team has to determine the appropriate controls that are needed to mitigate cyber risk. Also to be considered are the standards and best practices that the IT security team has to implement for complying with such regulations and mandates as CCPA, GDPR, and the HIPAA. To help a security team to comprehensively assess an organization's cyber risk level and how to insure against it, the book covers: The mechanics of cyber risk Risk controls that need to be put into place The issues and benefits of cybersecurity risk insurance policies GDPR, CCPA, and the the CMMC Gauging how much cyber risk and uncertainty an organization can tolerate is a complex and complicated task, and this book helps to make it more understandable and manageable. The cyber threat landscape is changing constantly and corporations are looking to measure their level of risk and deciding how to insure against it. This book helps IT security team members and managers to asses cyber risk levels and insurance needs.
دانلود کتاب ارزیابی و بیمهگذاری ریسک امنیت سایبری