- ホーム
- > 洋書
- > 英文書
- > Business / Economics
Full Description
"Information security has become an important and critical component of every organization. In his book, Professor Chatterjee explains the challenges that organizations experience to protect information assets. The book sheds light on different aspects of cybersecurity including a history and impact of the most recent security breaches, as well as the strategic and leadership components that help build strong cybersecurity programs. This book helps bridge the gap between academia and practice and provides important insights that may help professionals in every industry."
Mauricio Angee, Chief Information Security Officer, GenesisCare USA, Fort Myers, Florida, USA
"This book by Dave Chatterjee is by far the most comprehensive book on cybersecurity management. Cybersecurity is on top of the minds of board members, CEOs, and CIOs as they strive to protect their employees and intellectual property. This book is a must-read for CIOs and CISOs to build a robust cybersecurity program for their organizations."
Vidhya Belapure, Chief Information Officer, Huber Engineered Materials & CP Kelco, Marietta, Georgia, USA
Cybersecurity has traditionally been the purview of information technology professionals, who possess specialized knowledge and speak a language that few outside of their department can understand. In our current corporate landscape, however, cybersecurity awareness must be an organization-wide management competency in order to mitigate major threats to an organization's well-being—and be prepared to act if the worst happens.
With rapidly expanding attacks and evolving methods of attack, organizations are in a perpetual state of breach and have to deal with this existential threat head-on. Cybersecurity preparedness is a critical and distinctive competency, and this book is intended to help students and practitioners develop and enhance this capability, as individuals continue to be both the strongest and weakest links in a cyber defense system.
In addition to providing the non-specialist with a jargon-free overview of cybersecurity threats, Dr. Chatterjee focuses most of the book on developing a practical and easy-to-comprehend management framework and success factors that will help leaders assess cybersecurity risks, address organizational weaknesses, and build a collaborative culture that is informed and responsive. Through brief case studies, literature review, and practical tools, he creates a manual for the student and professional alike to put into practice essential skills for any workplace.
Contents
Preface
Foreword
Endorsements
Acknowledgments
About the Author
Chapter 1. Introduction: The Challenge of Cybersecurity
Chapter 2. The Cyberattack Epidemic
2.1 Expanding Hardware and Software Attack Surfaces
2.2 The Human Vulnerability Factor
2.3 Growing Attack Vectors
2.4 Nature and Extent of Impact
Chapter 3. Breach Incidents and Lessons Learned
3.1 The Capital One Breach That Exposed 100 Million Applicants and Customer Information
3.2 British Airways Ordered to Pay a Record Fine of $230 Million
3.3 Target Retail Chain Experiences an External Intrusion That Compromised Millions of Customers' Data
3.4 Adult Friend Finder Site Breach Exposes Millions of Customer Records
3.5 Three Billion Yahoo User Accounts Compromised
3.6 Equifax Data Breach Exposes Millions of Customers' Data
3.7 Adobe Breach Exposes 38 Million Customer Records
3.8 Anthem Breach Affects 78.8 Million People
Chapter 4. Foundations of the High-Performance Information Security Culture Framework
4.1 Organizational Culture and Firm Performance
4.2 Organizational Culture and Cybersecurity
4.3 High-Reliability Organizational Culture Traits
Chapter 5. Commitment
5.1 Hands-On Top Management
5.2 "We-Are-in-It-Together" Culture
5.3 Cross-Functional Participation
5.4 Sustainable Budget
5.5 Strategic Alignment and Partnerships
5.6 Joint Ownership and Accountability
5.7 Empowerment
Chapter 6. Preparedness
6.1 Identify
6.2 Protect
6.3 Detect
6.4 Respond and Recover
Chapter 7. Discipline
7.1 Information Security Governance Policy
7.2 Communications and Enforcement of Policies
7.3 Continuous Monitoring
7.4 Continuous Performance Assessment and Improvement
7.5 Security Audits and Drills
7.6 Penetration Testing and Red Team Exercises
Chapter 8. Key Messages and Actionable Recommendations
8.1 Commitment
8.2 Preparedness
8.3 Discipline
Appendix 1 Information Security Monitoring Controls
Appendix 2 Cybersecurity Performance Measures
Appendix 3A Cybersecurity Readiness Scorecard: Commitment
Appendix 3B Cybersecurity Readiness Scorecard: Preparedness
Appendix 3C Cybersecurity Readiness Scorecard: Discipline
Appendix 4 Cybersecurity and Privacy Laws and Regulations
Appendix 5 Physical, Technical, and Administrative Controls: A Representative List
Appendix 6 Case Studies
Cybersecurity Resources
Index
