ABSTRACT
Cybersecurity and cyber resiliency are the number one concerns for companies today. Organizations must protect their assets and defend against cyber threats and attacks in order to stay in business. A break-in or breach can destroy a company's assets and/or reputation in a matter of minutes.
Cyber Strategy: Risk-Driven Security and Resiliency will provide concepts, processes, roadmaps, project development tools, and reporting templates to be used by any type of company for evaluating, managing, reporting, analyzing, and assessing cybersecurity and cyber resiliency in order to develop their enterprise-wide strategies. This book delivers a methodology for companies to bring together their disassociated strategic planning efforts into one corporate-wide strategy that will efficiently utilize resources, target high-risk threats, evaluate resultant risk mitigation efforts, while engaging buy-in across the corporate culture, senior management, business silos, and diverse business interests. Presented in this chapter are:
An information security architecture
A regulatory architecture
A risk taxonomy
Top cyber threats and corresponding controls
Plan performance assessment methodologies
The NIST Cybersecurity Framework
An example of a Cybersecurity and Resiliency Program
The cybersecurity and cyber resiliency life cycle
Examples of cybersecurity and cyber resiliency mission/vision statements with their corresponding principles, objectives, and initiatives
A methodology for projecting new future initiatives in order to better allocate resources and mitigate strategic objective gaps.
CISOs, CIOs, as well as managers at any level can use this book to create comprehensive strategies that can be published by the Board of the company and approved by their supervisory entities. The 6 steps for strategy development are:
STEP 1: Preplanning: Preparation for Strategy Development
STEP 2: Strategy Project Management
STEP 3: Cyber Threats, Vulnerabilities, and Intelligence Analysis
STEP 4: Cyber Risks and Controls
STEP 5: Current and Target State Assessments
STEP 6: Strategic Plan Performance Measurement and End of the Year (EoY) Tasks