Details

Autor(en) / Beteiligte

• Edwards, Jason,
• Weaver, Griffin,

Titel

The Cybersecurity Guide to Governance, Risk, and Compliance

Auflage

First edition

Ort / Verlag

Hoboken, NJ : Wiley,

Erscheinungsjahr

[2024]

Link zum Volltext

• Wiley Online Library - AutoHoldings Books

Beschreibungen/Notizen

• Includes bibliographical references and index.
• Cover -- Title Page -- Copyright Page -- Dedication by Griffin Weaver -- Dedication by Jason Edwards -- Contents -- Purpose of the Book -- Target Audience -- Structure of the Book -- Foreword by Wil Bennett -- Foreword by Gary McAlum -- Chapter 1 Governance, Risk Management, and Compliance -- Understanding GRC -- The Business Case for GRC -- Governance: Laying the foundation -- Risk Management: Managing Uncertainties -- Compliance: Adhering to regulations and Standards -- The Intersection of governance, Risk, and Compliance -- GRC Frameworks and Standards -- GRC Tools and Technologies -- Building a GRC Culture -- The Role of GRC in Strategic Planning -- Chapter Conclusion -- Case Study: GRC Implementation at SpectraCorp -- Chapter 2 The Landscape of Cybersecurity -- Comprehensive Overview of cybersecurity Maturity -- Cybersecurity In the Financial Industry -- Cybersecurity in the Healthcare Industry -- Cybersecurity in the Government Sector -- Cybersecurity in Small to Large Enterprises -- Chapter Conclusion -- Case Study: TechGiant Inc.'s Holistic Approach to Information Security -- Chapter 3 Cybersecurity Leadership: Insights and Best Practices -- The Essential Traits of a Cybersecurity Leader -- Building and Leading Effective Cybersecurity Teams -- Adapting to Emerging Trends in Cybersecurity Leadership -- Strategic Decision-making in Cybersecurity Leadership -- Developing the Next Generation of Cybersecurity Leaders -- Personal Development for Cybersecurity Leaders -- Incident Management and Crisis Leadership -- Leading Cybersecurity Culture and Awareness -- The Ethical Dimension of Cybersecurity Leadership -- Balancing Business Objectives and Cybersecurity -- Learning from Military Leadership -- Future Trends and Preparing for What's Next -- Chapter Conclusion -- Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc.
• Chapter 4 Cybersecurity Program and Project Management -- Program and Project Management in Cybersecurity -- Types of Cybersecurity Projects -- Project Management Fundamentals Applied to Cybersecurity -- Agile Project Management for Cybersecurity -- Managing Cybersecurity Programs -- Communication and Collaboration in Cybersecurity Projects -- A Guide for Project Managers in Cybersecurity -- Chapter Conclusion -- Case Study: Proactive Program Management at Acme Tech -- Chapter 5 Cybersecurity for Business Executives -- Why Business Executives Need to be Involved in Cybersecurity -- Roles and Responsibilities of Business Executives in Cybersecurity -- Effective Collaboration Between Business Executives and Cybersecurity Teams -- Key Cybersecurity Concepts for Business Executives -- Incorporating Cybersecurity into Business Decision-making -- Developing a Cybersecurity Risk Appetite -- Training and Awareness for Business Executives -- Legal and Regulatory Considerations for Business Executives -- The Future of business Executive Engagement in Cybersecurity -- Chapter Conclusion -- Case Study: Engaging Cybersecurity at Spectrum Enterprises -- Chapter 6 Cybersecurity and the Board of Directors -- The Critical Role of the Board in Cybersecurity -- Perspectives from the Board of Directors -- Perspectives from Cybersecurity Executives -- The Board's Responsibilities in Cybersecurity -- Effective Communication Between the Board and Cybersecurity Executives -- Specific Recommendations for Reporting to the Board -- Insights from the FFIEC and other Standards on Board Involvement -- Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture -- Legal and Regulatory Considerations for the Board -- The Future of Board Involvement in Cybersecurity -- Chapter Conclusion -- Case Study: Cybersecurity Board Governance at TechPioneer Inc.
• Chapter 7 Risk Management -- Risk Management in the Business -- Understanding the Risk Management Life Cycle -- FFIEC Handbooks and Risk Management Guidance -- Governance and Risk Management Framework -- Risk Approvals and the Role of Committees -- Risk Identification and Analysis -- Third-Party Risk Management -- Regulatory Expectations For third-party Risk Management -- Compliance and Legal Risk Management -- Monitoring and Reporting -- Chapter Conclusion -- Case Study: Navigating Risk Management at Phoenix Innovations -- Chapter 8 The NIST Risk Management Framework -- The NIST Risk Management Framework -- Understanding RMF's Authorization Process -- NIST RMF in Practice: Step-by-Step Analysis -- Applicability to Regulatory Expectations -- Integrating NIST RMF into an Organization -- Using NIST RMF for Risk Assessment and Management -- NIST RMF and Technology Implementation -- Challenges and Solutions in Implementing NIST RMF -- NIST RMF and Third-Party Risk Management -- Chapter Conclusion -- Case Study: OmniTech Corporation and NIST RMF Implementation -- Sample RMF Authorization Document Package -- Chapter 9 Cybersecurity Metrics -- Understanding Cybersecurity Metrics -- The Importance of Metrics in cybersecurity -- The Role of Metrics in Decision-making and Resource Allocation -- Differentiating Between KPIs and KRIs -- The Role of Metrics in Compliance -- Challenges and Considerations -- Key Performance Indicators (KPIs) -- Key Risk Indicators (KRIs) -- Integrating KPIs and KRIs into Cybersecurity Strategy -- Chapter Conclusion -- Case Study: Transforming TechNova's Defense Landscape -- Chapter 10 Risk Assessments -- The Importance of Risk Assessments -- The FFIEC's Perspective on Risk Assessments -- NIST's Approach to Risk Assessments -- Risk Assessment Frameworks -- Conducting a Cybersecurity Risk Assessment -- Managing Third-Party Risks.
• Challenges and Best Practices in Risk Assessments -- Chapter Conclusion -- Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions -- Risk Assessment Template Example -- Chapter 11 NIST Cybersecurity Framework -- Background on the NIST CSF -- Core Functions and Categories -- Implementation Tiers -- Tier 1: Partial -- Tier 2: Risk-Informed -- Tier 3: Repeatable -- Tier 4: Adaptive -- Profiles -- Purpose and Use of Profiles -- Creating a Profile -- Customizing Profiles -- Profile Examples -- Profile Maintenance and Updates -- Implementation -- Understanding Organizational Requirements -- Assessing the Current State -- Defining the Desired State -- Gap Analysis and Prioritization -- Developing and Executing the Action Plan -- Continuous Improvement -- Chapter Conclusion -- Case Study: Cybersecurity Journey of TechPulse Inc. -- Chapter 12 Cybersecurity Frameworks -- ISO/IEC 27001: Information Security Management -- COBIT (Control Objectives for Information and Related Technologies) -- CMMC (Cybersecurity Maturity Model Certification) -- CIS (Center for Internet Security) Controls -- PCI DSS (Payment Card Industry Data Security Standard) -- ICFR (internal Control over Financial Reporting) -- Cloud Security Alliance Controls -- ISO 27017: Code of Practice for Information Security Controls -- ISO 27701: Privacy Information Management -- Comparing and Integrating Different Cybersecurity Frameworks -- Future Trends in Cybersecurity Frameworks -- Chapter Conclusion -- Case Study: Securing Globex Corporation -- Top Strengths of Each Framework -- Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework -- Overview of NIST SP 800-53 -- Structure and Organization of NIST SP 800-53 -- Understanding Controls and Control Families -- Chapter Conclusion -- Case Study: SecureTech Solutions.
• NIST 800-53 Control Families and Descriptions -- AC: Access Control -- PE: Physical and Environmental Protection -- AT: Awareness and Training -- PL: Planning -- AU: Audit and Accountability -- PM: Program Management -- CA: Assessment, Authorization, and Monitoring -- PS: Personnel Security -- CM: Configuration Management -- PT: PII Processing and Transparency -- CP: Contingency Planning -- RA: Risk Assessment -- IA: Identification and Authentication -- SA: System and Services Acquisition -- IR: Incident Response -- SC: System and Communications Protection -- MA: Maintenance -- SI: System and Information Integrity -- MP: Media Protection -- SR: Supply Chain Risk Management -- Chapter 14 The FFIEC: An Introduction -- FFIEC History and Background -- Role and Responsibilities -- Understanding the FFIEC Examination Handbooks -- The FFIEC Cybersecurity Assessment Tool (CAT) -- The FFIEC Audit Handbook -- The FFIEC Business Continuity Handbook -- The FFIEC Development and Acquisition Handbook -- The FFIEC Information Security Handbook -- The FFIEC Management Handbook -- The Architecture, Infrastructure, and Operations Handbook -- The Outsourcing Technology Services Handbook -- The Retail Payment Systems Handbook -- The Supervision of Technology Service Providers Handbook -- The Wholesale Payment Systems Handbook -- Chapter Conclusion -- Chapter 15 U.S. Federal Cybersecurity Regulations -- Gramm-Leach-Bliley Act (GLBA) -- The Health Insurance Portability and Accountability Act (HIPAA) -- Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B) -- Payment Card Industry Data Security Standard (PCI DSS) -- Sarbanes-Oxley Act (SOX) -- The Cloud Act -- Internal Revenue Service Publication 1075 -- Criminal Justice Information Services (CJIS) Security Policy -- Defense Federal Acquisition Regulation Supplement (DFARS).
• Department of Defense Cloud Computing Security Requirements Guide.
• Description based on publisher supplied metadata and other sources.
• Description based on print version record.