{"product_id":"cyber-guardians-9781394226221","title":"Cyber Guardians","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cp\u003e\u003cb\u003eA comprehensive overview for directors aiming to meet their cybersecurity responsibilities\u003c\/b\u003e \u003c\/p\u003e\u003cp\u003eIn \u003ci\u003eCyber Guardians: Empowering Board Members for Effective Cybersecurity\u003c\/i\u003e, veteran cybersecurity advisor Bart McDonough delivers a comprehensive and hands-on roadmap to effective cybersecurity oversight for directors and board members at organizations of all sizes. The author includes real-world case studies, examples, frameworks, and blueprints that address relevant cybersecurity risks, including the industrialized ransomware attacks so commonly found in today's headlines. \u003c\/p\u003e\u003cp\u003eIn the book, you'll explore the modern cybersecurity landscape, legal and regulatory requirements, risk management and assessment techniques, and the specific role played by board members in developing and promoting a culture of cybersecurity. You'll also find: \u003c\/p\u003e\u003cul\u003e \u003cli\u003eExamples of cases in which board members failed to adhere to regulatory and legal requirements to notify the victims of data breaches abo\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003cp\u003ePreface: What to Expect from This Book xv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 1 Introduction 1\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eSummary of a Board’s Incident Response 5\u003c\/p\u003e \u003cp\u003eChecklist for a Board’s Incident Response 8\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 2 Cybersecurity Basics 11\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eCIA Framework 13\u003c\/p\u003e \u003cp\u003eKey Cybersecurity Concepts and Terminology for Board Members 19\u003c\/p\u003e \u003cp\u003eThreats and Risks 19\u003c\/p\u003e \u003cp\u003eVulnerabilities and Exploits 20\u003c\/p\u003e \u003cp\u003eMalware 21\u003c\/p\u003e \u003cp\u003eSocial Engineering 22\u003c\/p\u003e \u003cp\u003eEncryption and Data Protection 23\u003c\/p\u003e \u003cp\u003eAuthentication and Access Control 24\u003c\/p\u003e \u003cp\u003eCommon Cyber Threats and Risks Faced by Companies 26\u003c\/p\u003e \u003cp\u003ePhishing 26\u003c\/p\u003e \u003cp\u003eMalware 27\u003c\/p\u003e \u003cp\u003eRansomware 28\u003c\/p\u003e \u003cp\u003eBusiness Email Compromise 29\u003c\/p\u003e \u003cp\u003eInsider Threats 30\u003c\/p\u003e \u003cp\u003eThird-Party Risk 31\u003c\/p\u003e \u003cp\u003eMistakes\/Errors 32\u003c\/p\u003e \u003cp\u003eEmerging Threats 33\u003c\/p\u003e \u003cp\u003eAdvanced Persistent Threats 34\u003c\/p\u003e \u003cp\u003eSupply Chain Attacks 35\u003c\/p\u003e \u003cp\u003eData Destruction 36\u003c\/p\u003e \u003cp\u003eZero-Day Exploits 37\u003c\/p\u003e \u003cp\u003eInternet of Things Attacks 38\u003c\/p\u003e \u003cp\u003eCloud Security 39\u003c\/p\u003e \u003cp\u003eMobile Device Security 40\u003c\/p\u003e \u003cp\u003eKey Technologies and Defense Strategies 42\u003c\/p\u003e \u003cp\u003eFirewall Technology 42\u003c\/p\u003e \u003cp\u003eIntrusion Detection\/Prevention Systems 43\u003c\/p\u003e \u003cp\u003eEncryption 44\u003c\/p\u003e \u003cp\u003eMultifactor Authentication 45\u003c\/p\u003e \u003cp\u003eVirtual Private Network 46\u003c\/p\u003e \u003cp\u003eAntivirus and Anti-malware Software 47\u003c\/p\u003e \u003cp\u003eEndpoint Detection and Response 48\u003c\/p\u003e \u003cp\u003ePatch Management 49\u003c\/p\u003e \u003cp\u003eCloud Technology 49\u003c\/p\u003e \u003cp\u003eIdentity and Access Management 50\u003c\/p\u003e \u003cp\u003eMobile Device Management 51\u003c\/p\u003e \u003cp\u003eData Backup and Recovery 52\u003c\/p\u003e \u003cp\u003eZero-Trust Architecture 54\u003c\/p\u003e \u003cp\u003eMicro-segmentation 55\u003c\/p\u003e \u003cp\u003eSecure Access Service Edge 56\u003c\/p\u003e \u003cp\u003eContainerization 56\u003c\/p\u003e \u003cp\u003eArtificial Intelligence and Machine Learning 57\u003c\/p\u003e \u003cp\u003eBlockchain 59\u003c\/p\u003e \u003cp\u003eQuantum Computing 61\u003c\/p\u003e \u003cp\u003eThreat Intelligence 64\u003c\/p\u003e \u003cp\u003eWhat Is Threat Intelligence? 65\u003c\/p\u003e \u003cp\u003eHow Can Threat Intelligence Help Organizations? 65\u003c\/p\u003e \u003cp\u003eWhat Should Board Members Know About Threat Intelligence? 66\u003c\/p\u003e \u003cp\u003eThreat Actors 67\u003c\/p\u003e \u003cp\u003eExternal Threat Actors 68\u003c\/p\u003e \u003cp\u003eState-Sponsored Attackers 68\u003c\/p\u003e \u003cp\u003eHacktivists 70\u003c\/p\u003e \u003cp\u003eCybercriminals 70\u003c\/p\u003e \u003cp\u003eCompetitors 72\u003c\/p\u003e \u003cp\u003eTerrorists 72\u003c\/p\u003e \u003cp\u003eInternal Actors 73\u003c\/p\u003e \u003cp\u003eEmployees 73\u003c\/p\u003e \u003cp\u003eContractors 75\u003c\/p\u003e \u003cp\u003eThird-Party Vendors 76\u003c\/p\u003e \u003cp\u003eMotivations of Threat Actors 77\u003c\/p\u003e \u003cp\u003eFinancial Gain 77\u003c\/p\u003e \u003cp\u003ePolitical and Strategic Objectives 78\u003c\/p\u003e \u003cp\u003eIdeological Beliefs 79\u003c\/p\u003e \u003cp\u003ePersonal Motivations 80\u003c\/p\u003e \u003cp\u003eTactics, Techniques, and Procedures 81\u003c\/p\u003e \u003cp\u003eExamples of TTPs Used by Different Threat Actors 81\u003c\/p\u003e \u003cp\u003eMITRE ATT\u0026amp;CK Framework 83\u003c\/p\u003e \u003cp\u003eChapter 2 Summary 85\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 3 Legal and Regulatory Landscape 87\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eOverview of Relevant Cybersecurity Regulations and Laws 90\u003c\/p\u003e \u003cp\u003eFederal Regulations in the United States 90\u003c\/p\u003e \u003cp\u003eThe Federal Trade Commission Act 90\u003c\/p\u003e \u003cp\u003eThe Gramm-Leach-Bliley Act 92\u003c\/p\u003e \u003cp\u003eThe Health Insurance Portability and Accountability Act 94\u003c\/p\u003e \u003cp\u003eState Regulations in the United States 97\u003c\/p\u003e \u003cp\u003eData Breach Notification Laws 97\u003c\/p\u003e \u003cp\u003eCalifornia Consumer Privacy Act 99\u003c\/p\u003e \u003cp\u003eEuropean Union Regulations 101\u003c\/p\u003e \u003cp\u003eGeneral Data Protection Regulation 101\u003c\/p\u003e \u003cp\u003eNetwork and Information Security Directive 102\u003c\/p\u003e \u003cp\u003eePrivacy Directive 104\u003c\/p\u003e \u003cp\u003eIndustry Standards 105\u003c\/p\u003e \u003cp\u003ePayment Card Industry Data Security Standard 105\u003c\/p\u003e \u003cp\u003eNational Institute of Standards and Technology 107\u003c\/p\u003e \u003cp\u003eSecurities Exchange Commission 108\u003c\/p\u003e \u003cp\u003e2011 Cybersecurity Disclosure Guidance 108\u003c\/p\u003e \u003cp\u003e2018 Cybersecurity Disclosure Guidance 108\u003c\/p\u003e \u003cp\u003e2023 Proposal for New Cybersecurity Requirements 109\u003c\/p\u003e \u003cp\u003eDiscussion of Compliance Requirements and Industry Standards 112\u003c\/p\u003e \u003cp\u003eCompliance Requirements 112\u003c\/p\u003e \u003cp\u003eSarbanes-Oxley Act 112\u003c\/p\u003e \u003cp\u003eNew York State Department of Financial Services Cybersecurity Regulation 114\u003c\/p\u003e \u003cp\u003eIndustry Standards 117\u003c\/p\u003e \u003cp\u003eCenter for Internet Security Controls 117\u003c\/p\u003e \u003cp\u003eInternational Organization for Standardization 27001 118\u003c\/p\u003e \u003cp\u003eIndividual Director Liability 120\u003c\/p\u003e \u003cp\u003eChapter 3 Summary 124\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 4 Board Oversight of Cybersecurity 127\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Board’s Role in Overseeing Cybersecurity Strategy 129\u003c\/p\u003e \u003cp\u003eLegal Responsibilities 130\u003c\/p\u003e \u003cp\u003eDeveloping an Effective Cybersecurity Governance Framework 131\u003c\/p\u003e \u003cp\u003eBest Practices for Board Engagement and Reporting 133\u003c\/p\u003e \u003cp\u003eRegular Reporting 133\u003c\/p\u003e \u003cp\u003eUse of Metrics 134\u003c\/p\u003e \u003cp\u003eExecutive Briefings 136\u003c\/p\u003e \u003cp\u003eCybersecurity Drills 137\u003c\/p\u003e \u003cp\u003eIndependent Assessments 138\u003c\/p\u003e \u003cp\u003eOvercoming Objections to Effective Cybersecurity Oversight 139\u003c\/p\u003e \u003cp\u003ePromoting a Cybersecurity Culture 141\u003c\/p\u003e \u003cp\u003eChapter 4 Summary 143\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 5 Board Oversight of Cybersecurity: Ensuring Effective Governance 145\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Role of the Board in Overseeing Cybersecurity 147\u003c\/p\u003e \u003cp\u003eDeveloping an Effective Cybersecurity Governance Framework 150\u003c\/p\u003e \u003cp\u003eConduct a Cybersecurity Risk Assessment 150\u003c\/p\u003e \u003cp\u003eImplement a Threat Intelligence Program 150\u003c\/p\u003e \u003cp\u003eDevelop a Risk Management Framework 150\u003c\/p\u003e \u003cp\u003ePrioritize High-Impact Risks 151\u003c\/p\u003e \u003cp\u003eRegularly Review and Update Risk Management Strategies 151\u003c\/p\u003e \u003cp\u003eStrategies for Identifying, Assessing, and Prioritizing Cyber Risks 152\u003c\/p\u003e \u003cp\u003eConducting Cybersecurity Risk Assessments 154\u003c\/p\u003e \u003cp\u003eHow to Develop and Promote a Culture of Cybersecurity 156\u003c\/p\u003e \u003cp\u003eChapter 5 Summary 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 6 Incident Response and Business Continuity Planning 161\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImplementing Cybersecurity Policies and Procedures 164\u003c\/p\u003e \u003cp\u003eIncident Response and Business Continuity Planning 165\u003c\/p\u003e \u003cp\u003eIncident Response Plan 166\u003c\/p\u003e \u003cp\u003eBusiness Continuity Planning 166\u003c\/p\u003e \u003cp\u003eIncident Response Planning 167\u003c\/p\u003e \u003cp\u003eDefining the Types of Assessments 170\u003c\/p\u003e \u003cp\u003ePenetration Testing 170\u003c\/p\u003e \u003cp\u003eVulnerability Scanning 171\u003c\/p\u003e \u003cp\u003eSecurity Risk Assessments 173\u003c\/p\u003e \u003cp\u003eThreat Modeling 174\u003c\/p\u003e \u003cp\u003eSocial Engineering Assessments 175\u003c\/p\u003e \u003cp\u003eCompliance Assessments 176\u003c\/p\u003e \u003cp\u003eRed Team\/Blue Team Exercise 177\u003c\/p\u003e \u003cp\u003eChapter 6 Summary 178\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 7 Vendor Management and Third-Party Risk 181\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Importance of Third-Party Risk Management for Board Members 183\u003c\/p\u003e \u003cp\u003eBest Practices for Managing Third-Party Cyber Risk 184\u003c\/p\u003e \u003cp\u003eLegal and Regulatory Considerations in Third-Party Risk Management 185\u003c\/p\u003e \u003cp\u003eSample Questions to ask Third-Party Vendors 187\u003c\/p\u003e \u003cp\u003eChapter 7 Summary 189\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 8 Cybersecurity Training and Awareness 191\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eImportance of Cybersecurity Awareness for All Employees 193\u003c\/p\u003e \u003cp\u003eStrategies for Providing Effective Training and Awareness Programs 195\u003c\/p\u003e \u003cp\u003eMore Detail on Effective Training Strategies 198\u003c\/p\u003e \u003cp\u003eChapter 8 Summary 200\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 9 Cyber Insurance 201\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eUnderstanding Cyber Insurance 202\u003c\/p\u003e \u003cp\u003eWhat Is Cyber Insurance? 202\u003c\/p\u003e \u003cp\u003eWhy Is Cyber Insurance Important? 203\u003c\/p\u003e \u003cp\u003eEvolution of Cyber Insurance 204\u003c\/p\u003e \u003cp\u003eThe Role of the Board in Cyber Insurance 204\u003c\/p\u003e \u003cp\u003eKey Components of Cyber Insurance 205\u003c\/p\u003e \u003cp\u003eTypes of Coverage 205\u003c\/p\u003e \u003cp\u003ePolicy Limits and Deductibles 206\u003c\/p\u003e \u003cp\u003eExclusions 207\u003c\/p\u003e \u003cp\u003eRetroactive Dates 207\u003c\/p\u003e \u003cp\u003ePolicy Periods 208\u003c\/p\u003e \u003cp\u003eCyber Risk Assessments 208\u003c\/p\u003e \u003cp\u003eEvaluating and Purchasing Cyber Insurance 209\u003c\/p\u003e \u003cp\u003eAssessing the Organization’s Risk Profile 209\u003c\/p\u003e \u003cp\u003eDetermining the Appropriate Level of Coverage 210\u003c\/p\u003e \u003cp\u003eSelecting an Insurer 211\u003c\/p\u003e \u003cp\u003eNegotiating Terms and Conditions 211\u003c\/p\u003e \u003cp\u003eImplementing the Policy 212\u003c\/p\u003e \u003cp\u003eManaging and Reviewing the Cyber Insurance Policy 213\u003c\/p\u003e \u003cp\u003eFiling a Claim 213\u003c\/p\u003e \u003cp\u003eManaging a Claim Dispute 214\u003c\/p\u003e \u003cp\u003eReviewing and Renewing the Policy 214\u003c\/p\u003e \u003cp\u003eChapter 9 Summary 215\u003c\/p\u003e \u003cp\u003e\u003cb\u003eChapter 10 Conclusion: Moving Forward with Cybersecurity Governance 219\u003c\/b\u003e\u003c\/p\u003e \u003cp\u003eThe Board’s Role in Cybersecurity Governance 222\u003c\/p\u003e \u003cp\u003eKey Takeaways and Action Items for Board Members 225\u003c\/p\u003e \u003cp\u003eChapter 10 Summary 226\u003c\/p\u003e \u003cp\u003eAppendix A Checklist of Key Considerations for Board Members 229\u003c\/p\u003e \u003cp\u003eAppendix B Sample Questions 231\u003c\/p\u003e \u003cp\u003eAppendix C Sample Board Meeting Agenda 233\u003c\/p\u003e \u003cp\u003eAppendix D List of Key Vendors 235\u003c\/p\u003e \u003cp\u003eAppendix E Cybersecurity Resources 237\u003c\/p\u003e \u003cp\u003eAppendix F Cybersecurity Books 239\u003c\/p\u003e \u003cp\u003eAppendix G Cybersecurity Podcasts 241\u003c\/p\u003e \u003cp\u003eAppendix H Cybersecurity Websites and Blogs 243\u003c\/p\u003e \u003cp\u003eAppendix I Tabletop Exercise: Cybersecurity Incident Response 245\u003c\/p\u003e \u003cp\u003eAppendix J Articles 249\u003c\/p\u003e \u003cp\u003eAbout the Author 253\u003c\/p\u003e \u003cp\u003eAcknowledgments 255\u003c\/p\u003e \u003cp\u003eIndex 257\u003c\/p\u003e\n\u003c\/li\u003e\n\u003c\/ul\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":49407608783191,"sku":"9781394226221","price":27.89,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781394226221.jpg?v=1730499930","url":"https:\/\/bookcurl.com\/products\/cyber-guardians-9781394226221","provider":"Book Curl","version":"1.0","type":"link"}