The Business of Cyber : Why You Should Question What Your Security Team Are Telling You.

Format:

Book

Author/Creator:

Fagan, Peter.

Language:

English

Subjects (All):

Computer security.

Physical Description:

1 online resource (279 pages)

Edition:

1st ed.

Place of Publication:

Milton : Taylor & Francis Group, 2023.

Summary:

This book examines the cybersecurity phenomenon, looking at the folklore, the hype, and the behaviour of its practitioners. The content is strongly rooted in available research, presented in an accessible manner, with a number of business-related case studies.

Contents:

Cover

Half Title

Title Page

Copyright Page

Table of Contents

Preface

References

About the Author

1 The Current and Future State of Cyber

The Current State of Cyber

Some Statistics

It's Complicated

Industry Growth and Positioning

The Growth of Cyber

Measuring Success

Systems Thinking

Outcomes for the Customer

Achieving Protection

Where the Money Goes

The Importance of Decision-Making

The Role of the Customer in the Cyber Market

Conclusion

The Future of Cyber

One Possible Future

The Definition of Cybersecurity

An End in Itself Vs a Means to an End

Conclusions

Drivers for Change

Internal Drivers for Change

External Drivers for Change

Case Study: Market Redefinition

Background

Causes

KnowBe4: Conclusion

Case Study: Meeting Unmet Needs

Competitive Advantage

Use of Niche Marketing

Notes

2 Security Culture Will Fix Things

Introduction to Security Culture

Context

Reviewing the Evidence

The Basis for Security Culture

Reviewing the Theory

A Digression On Questionnaires

Culture and Nudging

Biases and Heuristics

Examples of Security Nudging

Application of Nudging

Debiasing

Reducing the Effects of Biases

Theoretical Background

Debiasing: Summary

Boosts

Boosts: Summary

The Ethics of Security

Example: Personalised Nudging

Implications

A Modest Suggestion

Security Culture: Conclusions

Security Culture

Alternatives

3 If Only Users Would "Get It"

Why Won't They Listen?

Users…

Communication

Impact On Behaviours

Example

Applying Behavioural Science

Encouraging Honesty

Neutralisations.

Security Decision-Making

Coming to Terms With Our Decisions

The Role of Emotion

Security Decisions

Naming and Shaming

I-frames Vs S-Frames

Application

Awareness Training: Conclusions

The Current Situation

A Different Approach

4 Security = Confidentiality + Integrity + Availability

The General Idea

The Parkerian Hexad

Missing Components

The Importance of Context

Security and Morality

A Different Viewpoint

Security as a Social Construct

Credit Card Fraud

Cyber Insurance

Other Examples

Applying the Model

Security as a Negotiation

Complexity and Emergence

Practical Issues

Available Tools

The Chances of Success

Social Construction: Conclusions

Likely Developments

5 Security Is Best Done With Numbers

Marketing Context

Security and Marketing

Market Developments

A Suggestion

Risk as a Number

Calculating Risk

The Case Against Numbers

An Alternative View

Risk and Reward

Risk as a Perception

Communicating Risk

Avoiding Calculations

Alternative Approaches

A Different Model

Risk as a Number: Conclusions

6 Security Is Treated as a Business Issue

Available Business Models

Introduction

Growth

Environment

Culture

What Security as a Business Issue Might Look Like

Near Term Solutions

Reasons for Investing

The Case for Investment: Avoiding Losses

Standard Argument (1): The Impact On Share Price

Standard Argument (2): Unplanned Internal Costs

Standard Argument (3): Reputational Damage

Wrapping Things Up: Estimating Losses

Case Study: Travelex

History

The Breach

Share Price Details

Subsequent Events.

Epilogue

Travelex: Conclusion

The Case for Investment: Gaining Benefits

Benefits: Share Price

Benefits: Affecting Your Competitors

Benefits: Gaming the Market

Benefits: Reputation

Benefits: Managing the News

The Case for Investment: Constructing a Business Case

Some Realities

Value Chains

Value Networks

The Case for Investment: Compliance

The Management View

External Pressures

Outcomes

People Issues

The Case for Investment: Conclusions

7 The Enforcement of Compliance

Externalities

The Nature of Enforcement

The Justification for Enforcement

The Response From Industry

The Role of Government

Lobbying

Co-Production

Summary

Developing a Business Case

Impact Assessments

The Outcomes of Enforcement

Outcomes So Far

Looking Ahead

Collaboration, Not Enforcement

The UK Approach

A Wider Approach

The Enforcement of Compliance: Summary

The Use of Legislation

The Outcomes of Legislation

8 Aggregated Case Studies

Case Study: Privacy

The Concept of Privacy

Currency and Control

The Illusion of Control

The Impact of Legislation

Protecting the Rights of the User

The Impact of Privacy Activists

Case Study: Ransomware

Economics

Key Recommendations

The Business Case

How Much Should We Spend?

What Should We Be Spending It On?

Realities

Taxation

Implementation

The Audit Process

Discussion

Back in the Real World

9 Summary and Future Work

Theme Summary.

Security as a Dark Art

The Theatrics of Security

The Impact of Media Reporting

Masking the Problem

The Point

Future Work

Research Into the Application of Debiasing

A SABRE Equivalent

A Wider Look at Risk Analysis

More Research Into Complex Systems

Cyber Trolley Problems

Profiling of Cyber Practitioners

Inattentional Blindness

More Subtle Nudging

Refreshers

A Wider Profession

Certification

Extending the Standards

Thank You

Addendum

Disclosure

The Replication Crisis

Pre-Registration

Replication Markets

Note

Index.

Notes:

Description based on publisher supplied metadata and other sources.

ISBN:

1-003-84542-8

1-003-84544-4

OCLC:

1394994115