A Proposed Business-Oriented Approach to Cyber
David Leigh
Introduction: The Next Frontier of Risk Management: Cyber Risk
A Proposed Business-Oriented Approach to Cyber
A Practical Approach to Developing a Cybersecurity Programme
Regulations, Compliance and Cyber Risk Management
The Role of Cyber Risk in the Organisation
The Evolution of the Cyber Risk Role within the Three Lines of Defence
Quantifying Cyber Risk
Leadership and Culture: The Foundations of Cyber-Risk Management
Understanding the Cyber Risk Landscape: An Integrated Framework
The Transformation of Information Security: New Threats and Vulnerabilities
Cybersecurity Metrics: The Good, the Bad and the Ugly
Third-Party Risk Management
Cybersecurity’s Neighbourhood Watch: The Strength of Information Sharing
Cyber Risks in Business Continuity Management and Supply Chain Resilience for Financial Institutions
Cybersecurity Threats to the Critical Infrastructure
The True Meaning of Cyber Incident Response
Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
Approaching cybersecurity as a technical problem and leaving it to technology people to achieve it has produced acceptable results in the past. Now, all of our business processes are underpinned by electronic data, which is exchanged at the speed of light using interconnected networks that are based on inherently insecure core technologies. In this chapter we will:
- describe why achieving a sufficient level of cybersecurity is important to every organisation;
- examine why a technological approach is no longer adequate;
- describe a business-oriented approach to cybersecurity; and
- provide steps for how to carry it out.
- Sustaining cybersecurity risk to an acceptable level requires an effective process of prioritisation, action, monitoring and measurement.
THE SITUATION TODAY
It is extremely rare outside of the emerging-markets regions to find a business process, activity, project or interaction with a client, business partner, service provider, etc (ie, law firm, accounting firm, consultant, market intermediary, third-party administrator, portfolio company, outsourced business partner, supplier, customer/their supply chain, etc) that is not underpinned
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net