Assessing and Insuring Cybersecurity Risk

Cover
Half Title
Title Page
Copyright Page
Dedication
Table of Contents
Acknowledgments
Authors
Chapter 1: Cybersecurity Risk
	Introduction
	What Cyber Measurement Is All About
	The Concept of Bayesian Measurement
		The Classification Chain
		Uncertainty
		Measurement of Uncertainty
		Risk
		Measurement of Risk
	The Statistical Methods of Measurement
		The Rule of Five
	The Various Quantitative Methods for Gauging Cyber Risk
		The Risk Matrix
		The Monte Carlo Method
			The Creation of Random Cyber-Related Events
		The Lognormal Distribution
		The Summation of the Cyber Risks
		How to Visualize Cyber Losses
		The Return on Mitigation
	The Decomposition of the One for One Substitution Cyber Risk Model
		A Decomposition Strategy
		A Newer Decomposition Strategy
		How to Avoid Over-Decomposing the Variables
		A Critical Variable Related to Cyber Risk: Reputational Damage
	How to Reduce the Level of Cyber Risk with Bayesian Techniques
		The Important Statistical Concepts of the Bayesian Theory
		Making Use of Prior Cyber Events in the Bayesian Methodology
		Statistically Proving the Bayesian Theorem
		The Applications of the Bayesian Methodology
	How to Reduce the Level of Cyber Risk with More Sophisticated Bayesian Techniques
	The Beta Distribution
		Making Use of the Log Odds Ratio
		How to Use the Log Odds Ratio (LOR) Methodology
		The Lens Methodology
		A Cross Comparison of the LOR and Lens Methodologies
		How to Ascertain the Value of Information and Data
		How a Known Factor Can Have an Impact on a Predicted Event
	A Brief Overview of Cybersecurity Metrics
	Notes
Chapter 2: Cybersecurity Audits, Frameworks, and Controls
	An Overview of the Cybersecurity Controls
	A Technical Review of the Cybersecurity Audit
	Why the Cyber Audit Is Conducted
	The Principles of Control in the Cyber Audit
		The Validation of the Audit Frameworks
		A Macro View of How the Cyber Audit Process Works
		The Importance of Cyber Audit Management
		A Holistic View of How the Cyber Audit Process Works
	A Review of the Cyber Audit Frameworks
		Breaking Down the Importance of Information Technology (IT) Security Governance
		A Deep Dive into the Cybersecurity Frameworks
		The ISO 27001
		The COBIT 5
		The National Institute of Standards and Technology
		The Framework for Improving Critical Infrastructure Cybersecurity
		The Information Security Forum Standard of Good Practice for Information Security
		The Payment Card Industry Data Security Standards
	The Cyber Risk Controls
		The Goal-Based Security Controls
		The Preventive Controls
		The Detective Controls
		The Operational Controls
	Notes
Chapter 3: Cybersecurity Insurance Policies
	Cybersecurity Risk Insurance Policies
	The State of the Cybersecurity Insurance Market
	An Analysis of the Major Insurance Carriers That Offer Cyber Insurance
	The Major Components of a Cyber Insurance Policy
	How Should an SMB Decide on What Kind of Cyber Policy to Get
	Notes
Chapter 4: The Compliance Laws of the GDPR, CCPA, and CMMC
	GDPR
	Implications for Business and Cybersecurity
	More about GDPR
	DPO, DCs, and DPs
	Conclusions on GDPR
	California Consumer Privacy Act (CCPA)
	Cybersecurity Maturity Model Certification (CMMC)
	Who Cares?
	Levels
	Summary
	Notes
Chapter 5: Conclusions
	Chapter 1
	Chapter 3
		An Example of Cyber Resiliency
		How the Definition of Cyber Resiliency Was Met
		What Is the Difference between Cyber Resiliency and Cybersecurity?
		The NIST Special Publication 800-160 Volume 2
		What Cybersecurity Insurance Is and Its History
		The Advantages and Disadvantages of Cybersecurity Insurance
		The Advantages
		The Disadvantages
		The Factors That Insurance Companies Consider When Providing Coverage
	Chapter 4
		PII Versus Personal Data
		The Rights That Are Afforded to Individuals
		The CCPA
		The GDPR
		The Usage of Data
		The CCPA
		The GDPR
		The Components of the Maturity Level 1
		The Access Control (AC)
		The Identification and Authentication (IA)
		The Media Protection (MP)
		The Physical Protection (PE)
		The System and Communications Protection (SC)
		The System and Information Integrity (SI)
		The Background of the PCI-DSS
		The Compliance Levels of the PCI-DSS
		The Requirements of the PCI-DSS
	Notes
Index