Book Image

Executive’s Cybersecurity Program Handbook

By : Jason Brown
Book Image

Executive’s Cybersecurity Program Handbook

By: Jason Brown

Overview of this book

Ransomware, phishing, and data breaches are major concerns affecting all organizations as a new cyber threat seems to emerge every day, making it paramount to protect the security of your organization and be prepared for potential cyberattacks. This book will ensure that you can build a reliable cybersecurity framework to keep your organization safe from cyberattacks. This Executive’s Cybersecurity Program Handbook explains the importance of executive buy-in, mission, and vision statement of the main pillars of security program (governance, defence, people and innovation). You’ll explore the different types of cybersecurity frameworks, how they differ from one another, and how to pick the right framework to minimize cyber risk. As you advance, you’ll perform an assessment against the NIST Cybersecurity Framework, which will help you evaluate threats to your organization by identifying both internal and external vulnerabilities. Toward the end, you’ll learn the importance of standard cybersecurity policies, along with concepts of governance, risk, and compliance, and become well-equipped to build an effective incident response team. By the end of this book, you’ll have gained a thorough understanding of how to build your security program from scratch as well as the importance of implementing administrative and technical security controls.
Table of Contents (18 chapters)
1
Part 1 – Getting Your Program Off the Ground
5
Part 2 – Administrative Cybersecurity Controls
11
Part 3 – Technical Controls

Part 1 – Getting Your Program Off the Ground

All too often I see organizations throwing hundreds, if not thousands of dollars, at cybersecurity problems. But is this really the right course of action, especially when you are only just starting to develop your program?

To start your endeavor in developing a cybersecurity program, you must understand where you are starting from. Often, this will require an assessment to be performed, one that helps you understand the current security posture. To perform an assessment, you must first choose the types of controls and cybersecurity standard you want to assess the organization against.

There are plenty of cybersecurity standards to choose from, but how do you choose? First, it requires you to understand the organization, its requirements, and where it conducts business. If it conducts business in Europe or other regions outside the U.S., it may be best to use an international standard such as ISO 27001/27002. In the U.S., many...