وبلاگ بلیان

Enterprise Cyber Risk Management as a Value Creator: Leverage Cybersecurity for Competitive Advantage

جلد کتاب Enterprise Cyber Risk Management as a Value Creator: Leverage Cybersecurity for Competitive Advantage

معرفی کتاب «Enterprise Cyber Risk Management as a Value Creator: Leverage Cybersecurity for Competitive Advantage» نوشتهٔ Chris، Wraight و Bob Chaput، منتشرشده توسط نشر Apress L. P. در سال 2024. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.

This book will help you learn the importance of organizations treating enterprise cyber risk management (ECRM) as a value creator, a business enabler, and a mechanism to create a competitive advantage. Organizations began to see the real value of information and information technology in the mid-1980s. Forty years later, it’s time to leverage your ECRM program and cybersecurity strategy in the same way.The main topics covered include the case for action with specific coverage on the topic of cybersecurity as a value creator, including how the courts, legislators, and regulators are raising the bar for C-suite executives and board members. The book covers how the board’s three primary responsibilities (talent management, strategy, and risk management) intersect with their ECRM responsibilities.ECRM was once solely focused on managing the downside of risk by defending the organization from adversarial, accidental, structural, and environmental threat sources. Author Bob Chaput presents the view that we must focus equally on managing the upside of cyber strengths to increase customer trust and brand loyalty, improving social responsibility, driving revenue growth, lowering the cost of capital, attracting higher quality investments, creating competitive advantage, attracting and retaining talent, and facilitating M&A work. He focuses on the C-suite and board role in the first part and provides guidance on their roles and responsibilities, the most important decision about ECRM they must facilitate, and how to think differently about ECRM funding. You will learn how to the pivot from cost-center thinking to value-center thinking. Table of Contents Endorsements for Enterprise Cyber Risk Management as a Value Creator Acknowledgments About the Author About the Technical Reviewer Foreword Preface Abbreviations Part I: A Case for Action Chapter 1: Enterprise Cyber Risk Management as a Value Creator The Next Cybersecurity Pivot Digital Transformation Is Not Slowing Down Creating Business Value Increasing Customer Trust and Brand Loyalty Improving Social Responsibility Driving Revenue Growth Facilitating Digital Transformation and Innovation Lowering the Cost of Capital Attracting Higher-Quality Investments Assuring Operational Continuity and Resilience Creating Competitive Advantage Attracting and Retaining Talent Facilitating M&A Activity Leveraging Regulatory Compliance Requirements Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 2: SEC and Other Important Cyber Regulations Overview of the SEC “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” Final Rule Why Are These Changes Being Made? When Will the SEC “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” Changes Be Implemented? Who Is Covered? What Changes Are Being Made? Who Enforces These and Other SEC Regulations? What Happens If Your Company Doesn’t Comply? Disclosure of Cybersecurity Incidents on Current Reports Disclosure About Cybersecurity Incidents in Periodic Reports Disclosure of a Registrant’s Risk Management, Strategy, and Governance Regarding Cybersecurity Risks Disclosure Regarding the Board of Directors’ Cybersecurity Expertise What Is Cybersecurity Expertise? Should Your Not-for-Profit and Private Company Care About SEC Cyber Disclosure Requirements? Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 3: The Courts Are Picking Up the Cyber Pace The Board and Risk Management Responsibilities Cyber Legal Cases The Caremark Standard and Recent Cyber Cases An Important Healthcare Case to Watch Three Other Relevant Cybersecurity Cases Effective Compliance Programs: US Sentencing Guidelines and Federal Prosecution of Business Organizations Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 4: The Most Critical Cybersecurity Decision What Does “HOW Your Organization Will Conduct ECRM” Mean? Risk Risk Owner/Executive Risk Management Enterprise Risk Management (ERM) Enterprise Cyber Risk Management (ECRM) Cybersecurity Strategy Cybersecurity Strategy The Board and Risk Management Responsibilities Regulatory and Enforcement Changes Key Actions/Decisions to Facilitate Your Important “HOW Your Organization Will Conduct ECRM” Decision Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 5: Justifying ECRM Funding The Challenge of Cybersecurity Investments Being Wasted A New ECRM Budget Philosophy Is Needed Why Create an ECRM Budget Philosophy Building Your ECRM Budget Philosophy ECRM Budget Philosophy The Single Most Important Cybersecurity Question for the Board to Ask The Solution: Overcoming ECRM and Cybersecurity Investment Challenges Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 6: The C-Suite and Board Role Set the “Tone at the Top” with Strong ECRM Guiding Principles Require ECRM to Be Formally Established and Documented Ensure Equal Focus on Positive Cyber Opportunities Increasing Customer Trust and Brand Loyalty Improving Social Responsibility Driving Revenue Growth Facilitating Digital Transformation and Innovation Attracting and Retaining Talent Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Part II: Building and Implementing Your ECRM Program Chapter 7: Integrating ECRM into Business Strategy The Challenge The Case for Action Actions to Take Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 8: Getting Started Document Management History Location Revision History Authorization Distribution Related Documents Table of Contents Executive Summary Introduction Glossary Cyber Risk and Cyber Opportunity Notional Equations Cyber Risk Notional Equation Cyber Opportunity Notional Equation Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 9: ECRM Guiding Principles and Business Alignment ECRM Guiding Principles Scope of the ECRM Strategy Business Strategic Objectives ECRM Strategic Objectives Responsibility for and Governance of the ECRM Program Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 10: Three Vital ECRM Building Blocks ECRM Framework ECRM Process ECRM Maturity Model Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 11: Adapting Your Process to Include Cyber Opportunities Risk and Opportunity Framing ECRM Key Inputs and Preconditions ECRM Assumptions | Information Asset Assumptions ECRM Assumptions | Vulnerability and Strength Assumptions ECRM Risk Appetite and Opportunity Threshold ECRM Constraints | Legal, Regulatory, and Contractual Constraints Risk and Opportunity Assessment Risk and Opportunity Response Risk and Opportunity Monitoring ECRM Process Standards, Policies, and Procedures Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 12: Additional Essential ECRM Program Elements ECRM Education and Training ECRM Automation and Technology Tools ECRM Third-Party Risk Management ECRM Recordkeeping and Reporting Standards, Plans, Policies, and Procedures Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Chapter 13: Ten Recommended Implementation Steps Implementation Step #1: Establish ECRM Governance Implementation Step #2: Design and Deliver Ongoing ECRM and Cybersecurity Education Implementation Step #3: Establish and Document ECRM Guiding Principles Implementation Step #4: Establish and Document Strategic Business and ECRM Objectives Strategic Business Objectives Strategic ECRM Objectives Implementation Step #5: Set the Scope of Your ECRM Program Implementation Step #6: Establish and Document Your ECRM Budget Philosophy Implementation Step #7: Formally Adopt Your ECRM Framework, Process, and Maturity Model Implementation Step #8: Conduct a Comprehensive, ­NIST-Based Enterprise- Wide Risk and Opportunity Assessment Implementation Step #9: Establish Your Cyber Risk Appetite, Opportunity Threshold, and Complete Risk and Opportunity Treatment Implementation Step #10: Formally Document Your ECRM Program and Cybersecurity Strategy Conclusion Questions Management and the Board Should Ask and Discuss Endnotes Appendix A What to Look for in an ECRM Company and Solution Alignment with Your Organization’s Strategic ECRM Objectives Competency and Expertise Capability and Capacity to Scale to Enterprise Industry Commitment Reputation Customer Service Appendix B Enterprise Cyber Risk Management Software (ECRMS) Risk and Opportunity Assessment Features and Functionality Compliance and Technical Testing Assessment Features and Functionality Cybersecurity Framework Support General Additional Features and Functionality A Word About Cloud-Based Software Solutions, Software-as-a-Service (SaaS) Reputation Customer Service The Benefits of Using an ECRMS Solution Appendix C The Benefits of a NIST-Based ECRM Approach A Strong ECRM Program and Cybersecurity Strategy Creates Competitive Advantage The Benefits of Implementing a NIST-Based ECRM Program and Cybersecurity Strategy The NIST Approach Was Developed Using an Open, Inclusive Process The NIST Approach Uses Accessible Language That All Stakeholders in Your Organization Can Understand The NIST Approach Facilitates Information Governance The NIST Approach Leverages Current Standards, Guidelines, and Best Practices from Multiple Internationally Recognized Sources Numerous Industries Align with and Have Adopted the NIST Approach The NIST Cybersecurity Framework Has Become the Standard for the US Government The NIST Approach Is Customizable The NIST Cybersecurity Framework Is Scalable The NIST Approach Is Affordable The NIST Cybersecurity Framework Does Not Require Certification The NIST Approach Is Designed to Accommodate Changes in Technology Appendix D Twenty-Five Essential Terms for Your ECRM Glossary Key ECRM and Cybersecurity Terminology Bringing It All Together Appendix E Sample ECRM Program and Cybersecurity Strategy Table of Contents Index
دانلود کتاب Enterprise Cyber Risk Management as a Value Creator: Leverage Cybersecurity for Competitive Advantage