A Practical Approach to Developing a Cybersecurity Programme
David Fairman
Introduction: The Next Frontier of Risk Management: Cyber Risk
A Proposed Business-Oriented Approach to Cyber
A Practical Approach to Developing a Cybersecurity Programme
Regulations, Compliance and Cyber Risk Management
The Role of Cyber Risk in the Organisation
The Evolution of the Cyber Risk Role within the Three Lines of Defence
Quantifying Cyber Risk
Leadership and Culture: The Foundations of Cyber-Risk Management
Understanding the Cyber Risk Landscape: An Integrated Framework
The Transformation of Information Security: New Threats and Vulnerabilities
Cybersecurity Metrics: The Good, the Bad and the Ugly
Third-Party Risk Management
Cybersecurity’s Neighbourhood Watch: The Strength of Information Sharing
Cyber Risks in Business Continuity Management and Supply Chain Resilience for Financial Institutions
Cybersecurity Threats to the Critical Infrastructure
The True Meaning of Cyber Incident Response
Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
INTRODUCTION
This chapter outlines an approach to developing a cybersecurity programme that has been proven to be successfully implemented in multiple organisations. This approach has been studied by the author and consequently applied in addition to their experience gained as a practitioner.
The chapter will discuss some basic fundamental concepts related to information security, cybersecurity and risk management that should form the basis of any good cybersecurity programme. Specifically, we will define cybersecurity, then discuss critical assets (the “crown jewels”) and the three tenets of security – confidentiality, integrity and availability – then go on to discuss risk-and-control frameworks and governance. We will then continue to present the basic framework for a cybersecurity programme exploring several concepts and approaches as to how to practically implement the programme in addition to discussing the core domains found in such a programme.
Throughout the chapter, we will recap the key points and steps an organisation should take. Practical implementation can be the biggest challenge when developing such a programme, and the techniques used to implement and
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net