Introduction: The Next Frontier of Risk Management: Cyber Risk
A Proposed Business-Oriented Approach to Cyber
A Practical Approach to Developing a Cybersecurity Programme
Regulations, Compliance and Cyber Risk Management
The Role of Cyber Risk in the Organisation
The Evolution of the Cyber Risk Role within the Three Lines of Defence
Quantifying Cyber Risk
Leadership and Culture: The Foundations of Cyber-Risk Management
Understanding the Cyber Risk Landscape: An Integrated Framework
The Transformation of Information Security: New Threats and Vulnerabilities
Cybersecurity Metrics: The Good, the Bad and the Ugly
Third-Party Risk Management
Cybersecurity’s Neighbourhood Watch: The Strength of Information Sharing
Cyber Risks in Business Continuity Management and Supply Chain Resilience for Financial Institutions
Cybersecurity Threats to the Critical Infrastructure
The True Meaning of Cyber Incident Response
Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
Whether you refer to the function as “information security”, “information assurance”, “cyber risk” or some other variation, most businesses of any size today have personnel who are dedicated to helping the business manage the “things that can go wrong” with information and technology. Where these personnel report within an organisation can vary widely, as can the definition of their responsibilities. Their fundamental roles, however, and thus their value proposition, are constant. Unfortunately, the roles of these personnel, particularly the lead (eg, the CISO), are often misunderstood, which often creates confusion and frustration, and limits their ability to be effective.
This chapter will clarify the fundamental roles of the cyber risk function (hereafter referred to as “cyber risk”). The objective is to enable businesses to better understand and more effectively leverage the cyber risk value proposition.
Note that, throughout this chapter, we refer to the head of the cyber risk function as the CISO. The actual title of this role will vary from organisation to organisation.
The fundamental value proposition
There is an common belief, both inside and