The Cybersecurity Guide to Governance, Risk, and Compliance / Jason Edwards and Griffin Weaver.

Format:

Book

Author/Creator:

Edwards, Jason, 1959- author.

Weaver, Griffin, author.

Language:

English

Subjects (All):

Business enterprises--Computer networks--Security measures.

Business enterprises.

Computer security.

Computer crimes--Prevention.

Computer crimes.

Physical Description:

1 online resource (667 pages)

Edition:

First edition.

Place of Publication:

Hoboken, NJ : Wiley, [2024]

Summary:

"Cyber Security Governance & Risk Management is the monitoring of compliance with agreed cyber security policies and the assessment and management of relevant risks. Cybersecurity is a critical concern for modern businesses, and understanding how to navigate it is vital"-- Provided by publisher.

Contents:

Cover

Title Page

Copyright Page

Dedication by Griffin Weaver

Dedication by Jason Edwards

Contents

Purpose of the Book

Target Audience

Structure of the Book

Foreword by Wil Bennett

Foreword by Gary McAlum

Chapter 1 Governance, Risk Management, and Compliance

Understanding GRC

The Business Case for GRC

Governance: Laying the foundation

Risk Management: Managing Uncertainties

Compliance: Adhering to regulations and Standards

The Intersection of governance, Risk, and Compliance

GRC Frameworks and Standards

GRC Tools and Technologies

Building a GRC Culture

The Role of GRC in Strategic Planning

Chapter Conclusion

Case Study: GRC Implementation at SpectraCorp

Chapter 2 The Landscape of Cybersecurity

Comprehensive Overview of cybersecurity Maturity

Cybersecurity In the Financial Industry

Cybersecurity in the Healthcare Industry

Cybersecurity in the Government Sector

Cybersecurity in Small to Large Enterprises

Case Study: TechGiant Inc.'s Holistic Approach to Information Security

Chapter 3 Cybersecurity Leadership: Insights and Best Practices

The Essential Traits of a Cybersecurity Leader

Building and Leading Effective Cybersecurity Teams

Adapting to Emerging Trends in Cybersecurity Leadership

Strategic Decision-making in Cybersecurity Leadership

Developing the Next Generation of Cybersecurity Leaders

Personal Development for Cybersecurity Leaders

Incident Management and Crisis Leadership

Leading Cybersecurity Culture and Awareness

The Ethical Dimension of Cybersecurity Leadership

Balancing Business Objectives and Cybersecurity

Learning from Military Leadership

Future Trends and Preparing for What's Next

Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc.

Chapter 4 Cybersecurity Program and Project Management

Program and Project Management in Cybersecurity

Types of Cybersecurity Projects

Project Management Fundamentals Applied to Cybersecurity

Agile Project Management for Cybersecurity

Managing Cybersecurity Programs

Communication and Collaboration in Cybersecurity Projects

A Guide for Project Managers in Cybersecurity

Case Study: Proactive Program Management at Acme Tech

Chapter 5 Cybersecurity for Business Executives

Why Business Executives Need to be Involved in Cybersecurity

Roles and Responsibilities of Business Executives in Cybersecurity

Effective Collaboration Between Business Executives and Cybersecurity Teams

Key Cybersecurity Concepts for Business Executives

Incorporating Cybersecurity into Business Decision-making

Developing a Cybersecurity Risk Appetite

Training and Awareness for Business Executives

Legal and Regulatory Considerations for Business Executives

The Future of business Executive Engagement in Cybersecurity

Case Study: Engaging Cybersecurity at Spectrum Enterprises

Chapter 6 Cybersecurity and the Board of Directors

The Critical Role of the Board in Cybersecurity

Perspectives from the Board of Directors

Perspectives from Cybersecurity Executives

The Board's Responsibilities in Cybersecurity

Effective Communication Between the Board and Cybersecurity Executives

Specific Recommendations for Reporting to the Board

Insights from the FFIEC and other Standards on Board Involvement

Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture

Legal and Regulatory Considerations for the Board

The Future of Board Involvement in Cybersecurity

Case Study: Cybersecurity Board Governance at TechPioneer Inc.

Chapter 7 Risk Management

Risk Management in the Business

Understanding the Risk Management Life Cycle

FFIEC Handbooks and Risk Management Guidance

Governance and Risk Management Framework

Risk Approvals and the Role of Committees

Risk Identification and Analysis

Third-Party Risk Management

Regulatory Expectations For third-party Risk Management

Compliance and Legal Risk Management

Monitoring and Reporting

Case Study: Navigating Risk Management at Phoenix Innovations

Chapter 8 The NIST Risk Management Framework

The NIST Risk Management Framework

Understanding RMF's Authorization Process

NIST RMF in Practice: Step-by-Step Analysis

Applicability to Regulatory Expectations

Integrating NIST RMF into an Organization

Using NIST RMF for Risk Assessment and Management

NIST RMF and Technology Implementation

Challenges and Solutions in Implementing NIST RMF

NIST RMF and Third-Party Risk Management

Case Study: OmniTech Corporation and NIST RMF Implementation

Sample RMF Authorization Document Package

Chapter 9 Cybersecurity Metrics

Understanding Cybersecurity Metrics

The Importance of Metrics in cybersecurity

The Role of Metrics in Decision-making and Resource Allocation

Differentiating Between KPIs and KRIs

The Role of Metrics in Compliance

Challenges and Considerations

Key Performance Indicators (KPIs)

Key Risk Indicators (KRIs)

Integrating KPIs and KRIs into Cybersecurity Strategy

Case Study: Transforming TechNova's Defense Landscape

Chapter 10 Risk Assessments

The Importance of Risk Assessments

The FFIEC's Perspective on Risk Assessments

NIST's Approach to Risk Assessments

Risk Assessment Frameworks

Conducting a Cybersecurity Risk Assessment

Managing Third-Party Risks.

Challenges and Best Practices in Risk Assessments

Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions

Risk Assessment Template Example

Chapter 11 NIST Cybersecurity Framework

Background on the NIST CSF

Core Functions and Categories

Implementation Tiers

Tier 1: Partial

Tier 2: Risk-Informed

Tier 3: Repeatable

Tier 4: Adaptive

Profiles

Purpose and Use of Profiles

Creating a Profile

Customizing Profiles

Profile Examples

Profile Maintenance and Updates

Implementation

Understanding Organizational Requirements

Assessing the Current State

Defining the Desired State

Gap Analysis and Prioritization

Developing and Executing the Action Plan

Continuous Improvement

Case Study: Cybersecurity Journey of TechPulse Inc.

Chapter 12 Cybersecurity Frameworks

ISO/IEC 27001: Information Security Management

COBIT (Control Objectives for Information and Related Technologies)

CMMC (Cybersecurity Maturity Model Certification)

CIS (Center for Internet Security) Controls

PCI DSS (Payment Card Industry Data Security Standard)

ICFR (internal Control over Financial Reporting)

Cloud Security Alliance Controls

ISO 27017: Code of Practice for Information Security Controls

ISO 27701: Privacy Information Management

Comparing and Integrating Different Cybersecurity Frameworks

Future Trends in Cybersecurity Frameworks

Case Study: Securing Globex Corporation

Top Strengths of Each Framework

Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework

Overview of NIST SP 800-53

Structure and Organization of NIST SP 800-53

Understanding Controls and Control Families

Case Study: SecureTech Solutions.

NIST 800-53 Control Families and Descriptions

AC: Access Control

PE: Physical and Environmental Protection

AT: Awareness and Training

PL: Planning

AU: Audit and Accountability

PM: Program Management

CA: Assessment, Authorization, and Monitoring

PS: Personnel Security

CM: Configuration Management

PT: PII Processing and Transparency

CP: Contingency Planning

RA: Risk Assessment

IA: Identification and Authentication

SA: System and Services Acquisition

IR: Incident Response

SC: System and Communications Protection

MA: Maintenance

SI: System and Information Integrity

MP: Media Protection

SR: Supply Chain Risk Management

Chapter 14 The FFIEC: An Introduction

FFIEC History and Background

Role and Responsibilities

Understanding the FFIEC Examination Handbooks

The FFIEC Cybersecurity Assessment Tool (CAT)

The FFIEC Audit Handbook

The FFIEC Business Continuity Handbook

The FFIEC Development and Acquisition Handbook

The FFIEC Information Security Handbook

The FFIEC Management Handbook

The Architecture, Infrastructure, and Operations Handbook

The Outsourcing Technology Services Handbook

The Retail Payment Systems Handbook

The Supervision of Technology Service Providers Handbook

The Wholesale Payment Systems Handbook

Chapter 15 U.S. Federal Cybersecurity Regulations

Gramm-Leach-Bliley Act (GLBA)

The Health Insurance Portability and Accountability Act (HIPAA)

Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B)

Payment Card Industry Data Security Standard (PCI DSS)

Sarbanes-Oxley Act (SOX)

The Cloud Act

Internal Revenue Service Publication 1075

Criminal Justice Information Services (CJIS) Security Policy

Defense Federal Acquisition Regulation Supplement (DFARS).

Department of Defense Cloud Computing Security Requirements Guide.

Notes:

Description based on publisher supplied metadata and other sources.

Description based on print version record.

Includes bibliographical references and index.

Includes index.

ISBN:

9781394250226

1394250223

9781394250219

1394250215

OCLC:

1423504419