Book Image

Building a Cyber Resilient Business

By : Dr. Magda Lilia Chelly, Shamane Tan, Hai Tran
Book Image

Building a Cyber Resilient Business

By: Dr. Magda Lilia Chelly, Shamane Tan, Hai Tran

Overview of this book

With cyberattacks on the rise, it has become essential for C-suite executives and board members to step up and collectively recognize cyber risk as a top priority business risk. However, non-cyber executives find it challenging to understand their role in increasing the business’s cyber resilience due to its complex nature and the lack of a clear return on investment. This book demystifies the perception that cybersecurity is a technical problem, drawing parallels between the key responsibilities of the C-suite roles to line up with the mission of the Chief Information Security Officer (CISO). The book equips you with all you need to know about cyber risks to run the business effectively. Each chapter provides a holistic overview of the dynamic priorities of the C-suite (from the CFO to the CIO, COO, CRO, and so on), and unpacks how cybersecurity must be embedded in every business function. The book also contains self-assessment questions, which are a helpful tool in evaluating any major cybersecurity initiatives and/or investment required. With this book, you’ll have a deeper appreciation of the various ways all executives can contribute to the organization’s cyber program, in close collaboration with the CISO and the security team, and achieve a cyber-resilient, profitable, and sustainable business.

Related Content you might be interested in

Current Title:

Small book image
Building a Cyber Resilient Business
Dr. Magda Lilia Chelly | Shamane Tan | Hai Tran
Nov, 2022 | 232 pages
Small book image
Cybersecurity Leadership Demystified
Erdal Ozkaya
Jan, 2022 | 274 pages
Small book image
Cybersecurity Blue Team Strategies
Nikolaos Thymianis | Kunal Sehgal
Feb, 2023 | 208 pages
Small book image
Cybersecurity and Privacy Law Handbook
Walter Rocchi
Dec, 2022 | 230 pages
Table of Contents (14 chapters)
Preface
Preface
Who this book is for
What this book covers
Download the color images
Get in touch
Share your thoughts
1
Chapter 1: The CEO Cyber Manual
Chapter 1: The CEO Cyber Manual
Why cybersecurity should be a CEO’s priority
Understanding cyber risks and their implications for businesses
Understanding cybersecurity challenges, organization, and reporting
Quantifying cyber costs versus return on investment
Building a culture of cybersecurity
Preparing a business for cyberattacks
Cybersecurity considerations for a CEO’s first month
Questions to ask yourself as a CEO when considering your cyber risk coverage
Summary
Free Chapter
2
Chapter 2: A Modern Cyber-Responsible CFO
Chapter 2: A Modern Cyber-Responsible CFO
Why the CFO should care about cybersecurity
The CFO’s understanding of cybersecurity
The aspects of cybersecurity the CFO should consider
Defining the CFO’s role in building cyber resilience
Communicating with the CFO about cyber risks
Questions to ask your CFO
Summary
3
Chapter 3: The Role of the CRO in Cyber Resilience
Chapter 3: The Role of the CRO in Cyber Resilience
Understanding the role of the CRO and its key focus areas
Analyzing the CRO’s key priorities
Identifying the CRO’s challenges
Developing the right mindset as a CRO
Understanding the collaboration potential between the CRO and CISO
Questions to ask your CRO
Summary
4
Chapter 4: Your CIO—Your Cyber Enabler
Chapter 4: Your CIO—Your Cyber Enabler
Understanding the CIO’s role and the impacts their decisions have on cybersecurity
Differences and commonalities between the CIO and CISO roles
Getting ahead of cybercriminals
How the CIO supports your security
Questions to ask your CIO
Summary
5
Chapter 5: Working with Your CISO
Chapter 5: Working with Your CISO
Understanding the role of the CISO
Your CISO’s understanding of your business
Priorities for a new CISO
Addressing cybersecurity challenges
Questions to ask your CISO
A Bonus Segment for Our CISOs—Decoding Your CxOs’ Expectations
A Bonus Segment for Our CISOs—Purchasing Cyber Insurance
A Bonus Segment for Our CISOs—Reporting to the Board of Directors
Summary
6
Chapter 6: The Role of the CHRO in Reducing Cyber Risk
Chapter 6: The Role of the CHRO in Reducing Cyber Risk
Why the CHRO should care about cybersecurity
The transitioning role of the CHRO
How the CHRO supports cyber resilience
The challenges CHROs face with cybersecurity
Questions to ask your CHRO
A bonus segment for our CISOs—recruiting and building your cybersecurity team
Summary
7
Chapter 7: The COO and Their Critical Role in Cyber Resilience
Chapter 7: The COO and Their Critical Role in Cyber Resilience
Understanding the role of the COO
Why the COO should care about cybersecurity
Where the line is between the COO and the CISO in terms of responsibility for business continuity
Operational technology and cybersecurity—a necessity in today’s world
Business continuity plan management—the dos and don’ts
Questions to ask your COO
Summary
8
Chapter 8: The CTO and Security by Design
Chapter 8: The CTO and Security by Design
The role of the CTO
Why the CTO should care about cybersecurity
How the CTO becomes a security ally
Secure coding and secure software development
Conflicts of interest and collaboration between the CTO and the CISO
Questions to ask your CTO
Summary
9
Chapter 9: The CMO and CPO—Convergence Between Privacy and Security
Chapter 9: The CMO and CPO—Convergence Between Privacy and Security
What the CMO and CPO roles have in common
The role of marketing and privacy in cybersecurity
The intersection of privacy and security
The role of marketing and communication following a cyber incident
Questions to ask your CMO and CPO
Summary
10
Chapter 10: The World of the Board
Chapter 10: The World of the Board
Understanding the world of the board
The board’s structure
The board’s interests in cybersecurity
The CISO’s seat at the table
Speaking the board’s language
What not to do in the boardroom
Reporting to the board (an add-on for CISOs and a reference for CEOs)
Boards and mergers and acquisitions
Asking the board the right questions and setting up your CISO for success
Summary
11
Chapter 11: The Recipe for Building a Strong Security Culture—Bringing It All Together
Chapter 11: The Recipe for Building a Strong Security Culture—Bringing It All Together
Building a robust security culture
Bringing it all together
CISO add-on—building a cybersecurity culture
The different building blocks
Varying your training
Cloud-sharing responsibility
A hands-on cyber-awareness program
What kind of community are you building?
Questions to ask yourself about building a culture
Summary
12
Index
Index
Why subscribe?
13
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Share your thoughts

What this book covers

Chapter 1, The CEO Cyber Manual, starts by laying out the fundamentals of building a cyber-resilient business in a digitized world. The Chief Executive Officer has a critical role in cybersecurity and cyber resilience, as they are ultimately responsible for the overall security of the company and its data.

Chapter 2, A Modern Cyber-Responsible CFO, lines up the fundamentals for a CFO’s success in supporting cyber resilience. The Chief Financial Officer has a critical role in cybersecurity and cyber resilience. One of their key functions is to ensure the organization has accurate data to make decisions. The CFO is also responsible for ensuring there is a process in place to quantify the losses associated with a cyberattack, in collaboration with the Chief Information Security Officer. This includes quantifying the financial loss but also the cost of downtime, loss of customer data, and loss of employee productivity.

Chapter 3, The Role of the CRO in Cyber Resilience, looks at the Chief Risk Officer’s perspectives, challenges, and how cyber risk is integrated into an enterprise’s risk management strategy. The CRO is responsible for making sure the company is managing all types of risks, and when it comes to cyber, they need to collaborate closely with the CISO to achieve a balanced risk posture.

Chapter 4, Your CIO—Your Cyber Enabler, explores the Chief Information Officer’s role in cyber resilience, which is to ensure an organization has a technology infrastructure while protecting its digital assets and that these assets are accessible to the appropriate stakeholders when needed. It is the CIO’s responsibility to keep up with new technologies and to develop policies and procedures for incorporating these technologies into the organization’s infrastructure, including security and privacy concerns. This can be a challenging task, as it often requires balancing security needs with business needs. This chapter presents examples of conflict of interest inherent in the CIO’s responsibilities and how to address them while continuing to innovate.

Chapter 5, Working with Your CISO, is a thorough overview of the Chief Information Security Officer’s world, challenges, lessons learned, and practical insights on cyber-risk quantification and risk transfer. The CISO is responsible for risk management within an organization. They work with senior leadership to ensure the company is protected from cyber threats and business processes can continue in the event of a cyber incident. The CISO is also responsible for usability while maintaining a balance with security. They work with departments across the company to ensure employees have access only to data they need to do their jobs, and that information is accessible in a way that makes sense for the business.

Chapter 6, The Role of the CHRO in Reducing Cyber Risk, delves into the Chief Human Resources Officer’s role in cybersecurity, which is to ensure the company has the proper HR policies and procedures in place to protect employees’ personal data and mitigate the risk of a cyberattack. The CHRO, together with the CISO, is responsible for developing and implementing a security awareness program that educates employees about how to protect themselves online, how to spot phishing emails, and what to do if they suspect they’ve been compromised. As well, the CHRO must work with the CISO to establish a cultural change and cyber awareness adoption.

Chapter 7, The COO and Their Critical Role in Cyber Resilience, examines the role of the Chief Operating Officer in cybersecurity, which is to help develop and execute an organization’s Business Continuity Plan (BCP). The BCP outlines how the company will continue to function in the event of a major disruption, such as a cyberattack. The COO is responsible for ensuring the BCP is up to date and comprehensive and all departments are aware of their roles and responsibilities in relation to it. Collaboration between the COO and the CISO is critical in achieving a successful resilient journey.

Chapter 8, The CTO and Security by Design, specifically addresses the responsibilities of the Chief Technology Officer in supporting cyber resilience. The role of the CTO in cybersecurity is to ensure software development processes are secure and compliant with industry standards. This includes overseeing the Secure Development Life Cycle (SDLC), which encompasses code review, testing, and other activities designed to ensure applications are free of vulnerabilities. In addition, the CTO works closely with other parts of the organization to ensure security is embedded into every facet of the business, which necessitates strong collaboration with the CISO.

Chapter 9, The CMO and CPO—Convergence Between Privacy and Security, explores how, in recent years, the roles of Chief Marketing Officer and Chief Privacy Officer have become increasingly important in cybersecurity. As the world becomes more connected, businesses are collecting and storing more data than ever before. And with the General Data Protection Regulation (GDPR) recently coming into effect, companies must be extra careful about how they collect, process, and store customer data. That’s where the CMO and CPO come in. The CMO is responsible for overseeing all marketing activities within a company. This includes developing marketing strategies, planning and executing marketing campaigns, and analyzing market trends. The CPO, on the other hand, is responsible for ensuring a company’s privacy policy complies with all applicable laws and regulations. This chapter provides good insights on how those two roles support cyber resilience.

Chapter 10, The World of the Board, looks at business priorities and clarifies a board of directors’ role in achieving business resilience while supporting the CISO. The role of the board in cybersecurity is to ensure an organization has adequate defenses in place to protect its digital assets and management has put in place processes and protocols to mitigate risk and respond to incidents. The board should also ensure the organization has a risk management framework in place, which includes assessing vulnerabilities and threats, determining acceptable levels of risk, and implementing mitigating controls. Finally, the board should review incident response plans to make sure they are adequate and enable the organization to quickly restore normal operations after an incident.

Chapter 11, The Recipe for Building a Strong Security Culture – Bringing It All Together, brings together everything we have learned and provides a holistic overview of how a team effort leads to a resilient business. An organization’s cyber-awareness culture is a collection of values, policies, and norms governing how its employees use personal data and information technology. A strong cyber-awareness culture helps an organization protect itself from cyber threats by educating and empowering its employees to be security conscious in their daily work routines.

Previous Section
Next Section