دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Building a Cyber Risk Management Program
دانلود کتاب ایجاد یک برنامه مدیریت ریسک سایبری
مشخصات کتاب
Building a Cyber Risk Management Program
ویرایش: نویسندگان: Brian Allen, Brandon Bapst, and Terry Allan Hicks سری: ISBN (شابک) : 9781098147792, 9781098147730 ناشر: O'Reilly Media, Inc. سال نشر: 2023 تعداد صفحات: زبان: English فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 3 Mb
قیمت کتاب (تومان) : 72,000
در صورت تبدیل فایل کتاب Building a Cyber Risk Management Program به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب ایجاد یک برنامه مدیریت ریسک سایبری نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی در مورد کتاب ایجاد یک برنامه مدیریت ریسک سایبری
مدیریت ریسک سایبری یکی از فوری ترین مسائلی است که امروزه شرکت ها با آن مواجه هستند. این کتاب چارچوب دقیقی را برای طراحی، توسعه و اجرای یک برنامه مدیریت ریسک سایبری ارائه میکند که نیازهای خاص شرکت شما را برطرف میکند. ایده آل برای مدیران شرکت، مدیران ارشد، متخصصان ریسک امنیتی و حسابرسان در سطوح مختلف، این راهنما هم بینش استراتژیک و هم راهنمایی تاکتیکی مورد نظر شما را ارائه می دهد. شما یاد خواهید گرفت که چگونه یک برنامه مدیریت ریسک سایبری پایدار، قابل دفاع، و مزایای مرتبط با اجرای صحیح را تعریف و ایجاد کنید. کارشناسان مدیریت ریسک سایبری برایان آلن و براندون باپست که با نویسنده تری آلن هیکس کار می کنند نیز توصیه هایی ارائه می دهند که فراتر از مدیریت ریسک است. شما راه هایی را برای رسیدگی به تعهدات نظارتی شرکت خود که توسط استانداردهای بین المللی، قانون مورد، مقررات و راهنمایی های سطح هیئت مدیره تعریف شده است، کشف خواهید کرد. این کتاب به شما کمک میکند: درک تغییرات تحولآفرینی که دیجیتالیسازی ایجاد میکند و ریسکهای سایبری جدیدی که همراه آن است را بیاموزید محرکهای قانونی و نظارتی کلیدی را بیاموزید که مدیریت ریسک سایبری را به یک اولویت مهم برای شرکتها تبدیل میکند. درک کاملی از چهار جزء تشکیل دهنده یک برنامه رسمی مدیریت ریسک سایبری یک برنامه مدیریت ریسک سایبری را در شرکت خود پیاده کنید یا راهنمایی کنید
توضیحاتی درمورد کتاب به خارجی
Cyber risk management is one of the most urgent issues facing enterprises today. This book presents a detailed framework for designing, developing, and implementing a cyber risk management program that addresses your company\'s specific needs. Ideal for corporate directors, senior executives, security risk practitioners, and auditors at many levels, this guide offers both the strategic insight and tactical guidance you\'re looking for. You\'ll learn how to define and establish a sustainable, defendable, cyber risk management program, and the benefits associated with proper implementation. Cyber risk management experts Brian Allen and Brandon Bapst, working with writer Terry Allan Hicks, also provide advice that goes beyond risk management. You\'ll discover ways to address your company\'s oversight obligations as defined by international standards, case law, regulation, and board-level guidance. This book helps you: Understand the transformational changes digitalization is introducing, and new cyber risks that come with it Learn the key legal and regulatory drivers that make cyber risk management a mission-critical priority for enterprises Gain a complete understanding of four components that make up a formal cyber risk management program Implement or provide guidance for a cyber risk management program within your enterprise
فهرست مطالب
Preface
Brian’s Story
Brandon’s Story
Bringing It Together
Who Should Read This Book
Final Thoughts
Conventions Used in This Book
O’Reilly Online Learning
How to Contact Us
Acknowledgments
1. Cybersecurity in the Age of Digital Transformation
The Fourth Industrial Revolution
Cybersecurity Is Fundamentally a Risk Practice
Cyber Risk Management Oversight and Accountability
Digital Transformation and Maturing the Cyber Risk Management Program
Cybersecurity Isn’t Just a “Security” Concern
Cyber Risk Management Program: An Urgent Enterprise Concern
This Book’s Roadmap
The Bottom Line
2. The Cyber Risk Management Program
The SEC Speaks—and the World Listens
Incident Disclosure (“Current Disclosures”)
Risk Management, Strategy, and Governance Disclosures (“Periodic Disclosures”)
The Cyber Risk Management Program Framework
Cyber Risk Management Program: Key Drivers
Satisfying Obligations and Liability
When Risk Management Fails Completely: The Boeing 737 MAX Disasters
Risk Management Program Applied to the Boeing Disasters
“Essential and Mission Critical”: The Boeing Case
Benefits of a Security Risk Program
Benefit 1: Strategic Recognition of the Security Risk Function
Benefit 2: Ensuring the Cyber Risk Function Has an Effective Budget
Benefit 3: Protections for Risk Decision Makers
CRMP: Systematic but Not Zero-Risk
Board Accountability and Legal Liability
The Boeing Ruling and Cyber Risk Oversight Accountability
CISOs in the Line of Fire for Liability
The Bottom Line
3. Agile Governance
The Uber Hack Cover-Up
What Does Good Governance Look Like?
Aligning with the Enterprise Governance Strategy
Seven Principles of Agile Governance
Principle 1: Establish Policies and Processes
Principle 2: Establish Governance and Roles and Responsibilities Across the “Three Lines Model”
Principle 3: Align Governance Practices with Existing Risk Frameworks
Principle 4: Board of Directors and Senior Executives Define Scope
Principle 5: Board of Directors and Senior Executives Provide Oversight
Principle 6: Audit Governance Processes
Principle 7: Align Resources to the Defined Roles and Responsibilities
The Bottom Line
4. Risk-Informed System
Why Risk Information Matters—at the Highest Levels
Risk and Risk Information Defined
Five Principles of a Risk-Informed System
Principle 1: Define a Risk Assessment Framework and Methodology
Principle 2: Establish a Methodology for Risk Thresholds
Principle 3: Establish Understanding of Risk-Informed Needs
Principle 4: Agree on a Risk Assessment Interval
Principle 5: Enable Reporting Processes
The Bottom Line
5. Risk-Based Strategy and Execution
ChatGPT Shakes the Business World
AI Risks: Two Tech Giants Choose Two Paths
Wall Street: Move Fast—or Be Replaced
The Digital Game Changers Just Keep Coming
Defining Risk-Based Strategy and Execution
Six Principles of Risk-Based Strategy and Execution
Principle 1: Define Acceptable Risk Thresholds
Principle 2: Align Strategy and Budget with Approved Risk Thresholds
Principle 3: Execute to Meet Approved Risk Thresholds
Principle 4: Monitor on an Ongoing Basis
Principle 5: Audit Against Risk Thresholds
Principle 6: Include Third Parties in Risk Treatment Plan
The Bottom Line
6. Risk Escalation and Disclosure
The SEC and Risk Disclosure
Regulatory Bodies Worldwide Require Risk Disclosure
Risk Escalation
Cyber Risk Classification
Escalation and Disclosure: Not Just Security Incidents
Disclosure: A Mandatory Concern for Enterprises
The Equifax Scandal
SEC Materiality Considerations
Cyber Risk Management Program and ERM Alignment
Five Principles of Risk Escalation and Disclosure
Principle 1: Establish Escalation Processes
Principle 2: Establish Disclosure Processes—All Enterprises
Principle 3: Establish Disclosure Processes—Public Companies
Material incident reporting
Risk management and strategy
Governance
Principle 4: Test Escalation and Disclosure Processes
Principle 5: Audit Escalation and Disclosure Processes
The Bottom Line
7. Implementing the Cyber Risk Management Program
The Cyber Risk Management Journey
Beginning the Cyber Risk Management Journey
Implementing the Cyber Risk Management Program
Agile Governance
Common challenges with Agile governance
Establish a starting point
Gain senior-level commitment
Obtain necessary budget and other resource limitations
Adapt to the specific enterprise’s environment
Risk-Informed System
Common challenges with a risk-informed system
Dealing with too much data—or the wrong kind of data
Communicating information in terms specific stakeholders will understand and accept
Getting the right information to the right people at the right time
Additional considerations
Maturity modeling
Metric reporting
Risk assessments (qualitative and quantitative)
Risk-Based Strategy and Execution
Common challenges with risk-based strategy and execution
Inadequate budget and other resources
Compliance-driven strategy
Risk Escalation and Disclosure
Common challenges with risk escalation and disclosure
A view of escalation that’s largely limited to reacting to an incident
The failure to identify and focus on enterprise-specific obligations
Generic, isolated, or excessively broad materiality considerations
Selling the Program
The Bottom Line
8. The CRMP Applied to Operational Risk and Resilience
Enterprise Functions That Interact with and Contribute to Operational Resilience
A Malware Attack Shuts Down Maersk’s Systems Worldwide
Guiding Operational Resilience Using the Four Core Cyber Risk Management Program Components
Agile Governance
Risk-Informed System
Risk-Based Strategy and Execution
Risk Escalation and Disclosure
The Bottom Line
9. AI and Beyond—the Future of Risk Management in a Digitalized World
AI Defined
AI: A Whole New World of Risk
Adversarial Machine Learning: NIST Taxonomy and Terminology
Risk Management Frameworks with AI Implications
NIST AI Risk Management Framework
Model risk management (MRM) and the Federal Reserve Board’s guidance
Key AI Implementation Concepts and Frameworks
Fairness and the risk of bias
Soundness
Robustness
Explainability
Beyond AI: The Digital Frontier Never Stops Moving
The Bottom Line
A. The Cyber Risk Management Program Framework v1.0
Purpose and Context
Structure of the Cyber Risk Management Program Framework
Note: Framework Disclosure
Index
نظرات کاربران
کتاب های تصادفی
دانلود کتاب Vaadin 7 Cookbook
دانلود کتاب Agent for the Resistance: A Belgian Saboteur in World War II (Texas a & M University Military History Series)
دانلود کتاب The Physiological Basis of Rehabilitation Medicine
دانلود کتاب Resilience: two sisters and a story of mental illness
