ABSTRACT

This book examines the cybersecurity phenomenon, looking at the folklore, the hype, and the behaviour of its practitioners. A central theme is that the management of cybersecurity needs to be owned by the people running the organisation, rather than by the cybersecurity team, who frequently don’t have management as a core skill. In order to effect that change, managers need to have the background and detail to challenge what they are being told, enabling them to engage in a way that will result in more appropriate outcomes for the business. This book provides that background and detail. It debunks a number of cyber-myths, and calls out basic errors in the accepted thinking on cyber. The content is strongly rooted in available research and presented in an accessible manner, with a number of business-related case studies. Each chapter in the book takes a theme such as end-user behaviours and compares the available evidence with what the industry would like to have its customers believe. The conclusion is that there is definitely a problem, and we certainly need cyber defences. Just not the ones the industry is currently selling.

chapter 1|38 pages

The Current and Future State of Cyber

chapter 2|27 pages

Security Culture Will Fix Things

chapter 3|22 pages

If Only Users Would “Get It”

chapter 5|13 pages

Security Is Best Done with Numbers

chapter 6|47 pages

Security Is Treated as a Business Issue

chapter 7|25 pages

The Enforcement of Compliance

chapter 8|45 pages

Aggregated Case Studies

chapter 9|25 pages

Summary and Future Work

Registered in England & Wales No. 3099067
5 Howick Place | London | SW1P 1WG© 2024 Informa UK Limited