{"product_id":"the-cyber-risk-handbook-9781119308805","title":"The Cyber Risk Handbook","description":"\u003cb\u003eBook Synopsis\u003c\/b\u003e\u003cbr\u003e\u003cb\u003eActionable guidance and expert perspective for real-world cybersecurity\u003c\/b\u003e \u003cp\u003e\u003ci\u003eThe Cyber Risk Handbook\u003c\/i\u003e is the practitioner''s guide to implementing, measuring and improving the counter-cyber capabilities of the modern enterprise. The first resource of its kind, this book provides authoritative guidance for real-world situations, and cross-functional solutions for enterprise-wide improvement. Beginning with an overview of counter-cyber evolution, the discussion quickly turns practical with design and implementation guidance for the range of capabilities expected of a robust cyber risk management system that is integrated with the enterprise risk management (ERM) system. Expert contributors from around the globe weigh in on specialized topics with tools and techniques to help any type or size of organization create a robust system tailored to its needs. Chapter summaries of required capabilities are aggregated to provide a new cyber risk maturity model used to benchmark capabil\u003cbr\u003e\u003cbr\u003e\u003cb\u003eTable of Contents\u003c\/b\u003e\u003cbr\u003e\u003c\/p\u003e\u003cp\u003eForeword by Ron Hale xxiii\u003c\/p\u003e \u003cp\u003eAbout the Editor xxxi\u003c\/p\u003e \u003cp\u003eList of Contributors xxxiii\u003c\/p\u003e \u003cp\u003eAcknowledgments xxxv\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 1 Introduction 1\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Officer, Australia\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe CEO under Pressure 1\u003c\/p\u003e \u003cp\u003eToward an Effectively Cyber Risk–Managed Organization 3\u003c\/p\u003e \u003cp\u003eHandbook Structured for the Enterprise 4\u003c\/p\u003e \u003cp\u003eHandbook Structure, Rationale, and Benefits 7\u003c\/p\u003e \u003cp\u003eWhich Chapters Are Written for Me? 8\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 2 Board Cyber Risk Oversight 11\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eTim J. Leech, Risk Oversight Solutions Inc., Canada Lauren C. Hanlon, Risk Oversight Solutions Inc., Canada\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eWhat Are Boards Expected to Do Now? 11\u003c\/p\u003e \u003cp\u003eWhat Barriers to Action Will Well-Intending Boards Face? 13\u003c\/p\u003e \u003cp\u003eWhat Practical Steps Should Boards Take Now to Respond? 16\u003c\/p\u003e \u003cp\u003eCybersecurity—The Way Forward 20\u003c\/p\u003e \u003cp\u003eAbout Risk Oversight Solutions Inc. 21\u003c\/p\u003e \u003cp\u003eAbout Tim J. Leech, FCPA, CIA, CRMA, CFE 21\u003c\/p\u003e \u003cp\u003eAbout Lauren C. Hanlon, CPA, CIA, CRMA, CFE 21\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 3 \u003c\/b\u003e\u003cb\u003ePrinciples Behind Cyber Risk Management 23\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eRIMS,\u003c\/i\u003e \u003ci\u003ethe \u003c\/i\u003erisk management society™ \u003ci\u003eCarol Fox, Vice President, Strategic Initiatives at RIMS, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCyber Risk Management Principles Guide Actions 23\u003c\/p\u003e \u003cp\u003eMeeting Stakeholder Needs 25\u003c\/p\u003e \u003cp\u003eCovering the Enterprise End to End 26\u003c\/p\u003e \u003cp\u003eApplying a Single, Integrated Framework 27\u003c\/p\u003e \u003cp\u003eEnabling a Holistic Approach 28\u003c\/p\u003e \u003cp\u003eSeparating Governance from Management 31\u003c\/p\u003e \u003cp\u003eConclusion 31\u003c\/p\u003e \u003cp\u003eAbout RIMS 32\u003c\/p\u003e \u003cp\u003eAbout Carol Fox 32\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 4 Cybersecurity Policies and Procedures 35\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eThe Institute for Risk Management (IRM) Elliot Bryan, IRM and Willis Towers Watson, UK \u003cbr\u003e\u003c\/i\u003e\u003ci\u003eAlexander Larsen, IRM, and President of Baldwin Global Risk Services Ltd., UK\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eSocial Media Risk Policy 35\u003c\/p\u003e \u003cp\u003eRansomware Risk Policies and Procedures 41\u003c\/p\u003e \u003cp\u003eCloud Computing and Third-Party Vendors 45\u003c\/p\u003e \u003cp\u003eBig Data Analytics 50\u003c\/p\u003e \u003cp\u003eThe Internet of Things 53\u003c\/p\u003e \u003cp\u003eMobile or Bring Your Own Devices (BYOD) 55\u003c\/p\u003e \u003cp\u003eConclusion 60\u003c\/p\u003e \u003cp\u003eAbout IRM 64\u003c\/p\u003e \u003cp\u003eAbout Elliot Bryan, BA (Hons), ACII 65\u003c\/p\u003e \u003cp\u003eAbout Alexander Larsen, FIRM, President of Baldwin Global Risk Services 65\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 5 Cyber Strategic Performance Management 67\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eMcKinsey \u0026amp; Company\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eJames M. Kaplan, Partner, McKinsey \u0026amp; Company, New York, USA Jim Boehm, Consultant, McKinsey \u0026amp; Company, Washington, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003ePitfalls in Measuring Cybersecurity Performance 68\u003c\/p\u003e \u003cp\u003eCybersecurity Strategy Required to Measure Cybersecurity Performance 69\u003c\/p\u003e \u003cp\u003eCreating an Effective Cybersecurity Performance Management System 72\u003c\/p\u003e \u003cp\u003eConclusion 77\u003c\/p\u003e \u003cp\u003eAbout McKinsey Company 78\u003c\/p\u003e \u003cp\u003eAbout James Kaplan 78\u003c\/p\u003e \u003cp\u003eAbout Jim Boehm 79\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 6 Standards and Frameworks for Cybersecurity 81\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eStefan A. Deutscher, Principal, Boston Consulting Group (BCG), Berlin Germany\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eWilliam Yin, Senior Partner and Managing Director, Boston Consulting Group (BCG), Hong Kong\u003cbr\u003e\u003c\/i\u003e\u003cbr\u003ePutting Cybersecurity Standards and Frameworks in Context 81\u003cbr\u003e\u003cbr\u003eCommonly Used Frameworks and Standards (a Selection) 84\u003c\/p\u003e \u003cp\u003eConstraints on Standards and Frameworks 93\u003c\/p\u003e \u003cp\u003eGood Practice Consistently Applied 93\u003c\/p\u003e \u003cp\u003eConclusion 94\u003c\/p\u003e \u003cp\u003eAbout Boston Consulting Group (BCG) 95\u003c\/p\u003e \u003cp\u003eAbout William Yin 96\u003c\/p\u003e \u003cp\u003eAbout Dr. Stefan A. Deutscher 96\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 7 Identifying, Analyzing, and Evaluating Cyber Risks 97\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eInformation Security Forum (ISF)\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eSteve Durbin, Managing Director, Information Security Forum Ltd.\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Landscape of Risk 97\u003c\/p\u003e \u003cp\u003eThe People Factor 98\u003c\/p\u003e \u003cp\u003eA Structured Approach to Assessing and Managing Risk 100\u003c\/p\u003e \u003cp\u003eSecurity Culture 101\u003c\/p\u003e \u003cp\u003eRegulatory Compliance 102\u003c\/p\u003e \u003cp\u003eMaturing Security 103\u003c\/p\u003e \u003cp\u003ePrioritizing Protection 104\u003c\/p\u003e \u003cp\u003eConclusion 104\u003c\/p\u003e \u003cp\u003eAbout the Information Security Forum (ISF) 106\u003c\/p\u003e \u003cp\u003eAbout Steve Durbin 106\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 8 Treating Cyber Risks 109\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eJohn Hermans, Cyber Lead Partner Europe, Middle East, and Africa at KPMG, The Netherlands\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eTon Diemont, Senior Manager at KPMG, The Netherlands\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eIntroduction 109\u003c\/p\u003e \u003cp\u003eTreating Cybersecurity Risk with the Proper Nuance in Line with an Organization’s Risk Profile 110\u003c\/p\u003e \u003cp\u003eDetermining the Cyber Risk Profile 111\u003c\/p\u003e \u003cp\u003eTreating Cyber Risk 112\u003c\/p\u003e \u003cp\u003eAlignment of Cyber Risk Treatment 114\u003c\/p\u003e \u003cp\u003ePracticing Cyber Risk Treatment 115\u003c\/p\u003e \u003cp\u003eConclusion 119\u003c\/p\u003e \u003cp\u003eAbout KPMG 120\u003c\/p\u003e \u003cp\u003eAbout John Hermans 121\u003c\/p\u003e \u003cp\u003eAbout Ton Diemont 121\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 9 Treating Cyber Risks Using Process Capabilities 123\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eISACA\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eTodd Fitzgerald, CISO and ISACA, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCybersecurity Processes Are the Glue That Binds 123\u003c\/p\u003e \u003cp\u003eNo Intrinsic Motivation to Document 124\u003c\/p\u003e \u003cp\u003eLeveraging ISACA COBIT 5 Processes 125\u003c\/p\u003e \u003cp\u003eCOBIT 5 Domains Support Complete Cybersecurity Life Cycle 137\u003c\/p\u003e \u003cp\u003eConclusion 139\u003c\/p\u003e \u003cp\u003eAbout ISACA 140\u003c\/p\u003e \u003cp\u003eAbout Todd Fitzgerald 141\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 10 Treating Cyber Risks—Using Insurance and Finance 143\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAon Global Cyber Solutions\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eKevin Kalinich, Esq., Aon Risk Solutions Global Cyber Insurance \u003c\/i\u003e\u003ci\u003ePractice Leader, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eTailoring a Quantifi ed Cost-Benefi t Model 143\u003c\/p\u003e \u003cp\u003ePlanning for Cyber Risk Insurance 149\u003c\/p\u003e \u003cp\u003eThe Risk Manager’s Perspective on Planning for Cyber Insurance 150\u003c\/p\u003e \u003cp\u003eCyber Insurance Market Constraints 152\u003c\/p\u003e \u003cp\u003eConclusion 154\u003c\/p\u003e \u003cp\u003eAbout Aon 157\u003c\/p\u003e \u003cp\u003eAbout Kevin Kalinich, Esq. 158\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 11 Monitoring and Review Using Key Risk Indicators (KRIs) 159\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAnn Rodriguez, Managing Partner, Wability, Inc., USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eDefinitions 160\u003c\/p\u003e \u003cp\u003eKRI Design for Cyber Risk Management 160\u003c\/p\u003e \u003cp\u003eConclusion 169\u003c\/p\u003e \u003cp\u003eAbout Wability 169\u003c\/p\u003e \u003cp\u003eAbout Ann Rodriguez 170\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 12 Cybersecurity Incident and Crisis Management 171\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eCLUSIF Club de la Sécurité de l’Information Français Gérôme Billois, CLUSIF Administrator and Board Member Cybersecurity at Wavestone Consultancy, France\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCybersecurity Incident Management 171\u003c\/p\u003e \u003cp\u003eCybersecurity Crisis Management 174\u003c\/p\u003e \u003cp\u003eConclusion 182\u003c\/p\u003e \u003cp\u003eAbout CLUSIF 183\u003c\/p\u003e \u003cp\u003eAbout Gérôme Billois, CISA, CISSP and ISO27001 Certifi ed 183\u003c\/p\u003e \u003cp\u003eAbout Wavestone 183\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 13 Business Continuity Management and Cybersecurity 185\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eMarsh\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eSek Seong Lim, Marsh Risk Consulting Business Continuity Leader \u003c\/i\u003e\u003ci\u003efor Asia, Singapore\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eGood International Practices for Cyber Risk Management and Business Continuity 186\u003c\/p\u003e \u003cp\u003eEmbedding Cybersecurity Requirements in BCMS 188\u003c\/p\u003e \u003cp\u003eDeveloping and Implementing BCM Responses for Cyber Incidents 189\u003c\/p\u003e \u003cp\u003eConclusion 190\u003c\/p\u003e \u003cp\u003eAppendix: Glossary of Key Terms 191\u003c\/p\u003e \u003cp\u003eAbout Marsh 191\u003c\/p\u003e \u003cp\u003eAbout Marsh Risk Consulting 192\u003c\/p\u003e \u003cp\u003eAbout Sek Seong Lim, CBCP, PMC 192\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 14 External Context and Supply Chain 193\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eSupply Chain Risk Leadership Council (SCRLC) \u003cbr\u003e\u003c\/i\u003e\u003ci\u003eNick Wildgoose, Board Member and ex-Chairperson of SCRLC, and Zurich Insurance Group, UK \u003cbr\u003e\u003cbr\u003e\u003c\/i\u003eExternal Context 194\u003c\/p\u003e \u003cp\u003eBuilding Cybersecurity Management Capabilities from an External Perspective 200\u003c\/p\u003e \u003cp\u003eMeasuring Cybersecurity Management Capabilities from an External Perspective 204\u003c\/p\u003e \u003cp\u003eConclusion 204\u003c\/p\u003e \u003cp\u003eAbout the SCRLC 205\u003c\/p\u003e \u003cp\u003eAbout Nick Wildgoose, BA (Hons), FCA, FCIPS 205\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 15 Internal Organization Context 207\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Offi cer, Australia\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eBassam Alwarith, Head of the National Digitization Program, Ministry of Economy and Planning, Saudi Arabia\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Internal Organization Context for Cybersecurity 207\u003c\/p\u003e \u003cp\u003eTailoring Cybersecurity to Enterprise Exposures 209\u003c\/p\u003e \u003cp\u003eConclusion 240\u003c\/p\u003e \u003cp\u003eAbout Domenic Antonucci 241\u003c\/p\u003e \u003cp\u003eAbout Bassam Alwarith 241\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 16 Culture and Human Factors 243\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAvinash Totade, ISACA Past President UAE Chapter and Management Consultant, UAE\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eSandeep Godbole, ISACA Past President Pune Chapter, India\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eOrganizations as Social Systems 243\u003c\/p\u003e \u003cp\u003eHuman Factors and Cybersecurity 246\u003c\/p\u003e \u003cp\u003eTraining 248\u003c\/p\u003e \u003cp\u003eFrameworks and Standards 249\u003c\/p\u003e \u003cp\u003eTechnology Trends and Human Factors 250\u003c\/p\u003e \u003cp\u003eConclusion 252\u003c\/p\u003e \u003cp\u003eAbout ISACA 253\u003c\/p\u003e \u003cp\u003eAbout Avinash Totade 253\u003c\/p\u003e \u003cp\u003eAbout Sandeep Godbole 254\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 17 Legal and Compliance 255\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAmerican Bar Association Cybersecurity Legal Task Force\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eHarvey Rishikof, Chair, Advisory Committee to the Standing Committee on Law and National Security, USA\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eConor Sullivan, Law Clerk for the Standing Committee on National \u003c\/i\u003e\u003ci\u003eSecurity, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eEuropean Union and International Regulatory Schemes 255\u003c\/p\u003e \u003cp\u003eU.S. Regulations 258\u003c\/p\u003e \u003cp\u003eCounsel’s Advice and “Boom” Planning 261\u003c\/p\u003e \u003cp\u003eConclusion 266\u003c\/p\u003e \u003cp\u003eAbout the Cybersecurity Legal Task Force 269\u003c\/p\u003e \u003cp\u003eAbout Harvey Rishikof 269\u003c\/p\u003e \u003cp\u003eAbout Conor Sullivan 270\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 18 Assurance and Cyber Risk Management 271\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eStig J. Sunde, Senior Internal Auditor (ICT), Emirates Nuclear Energy Corporation (ENEC), UAE\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eCyber Risk Is Ever Present 271\u003c\/p\u003e \u003cp\u003eWhat the Internal Auditor Expects from an Organization Managing Its Cyber Risks Effectively 272\u003c\/p\u003e \u003cp\u003eHow to Deal with Two Differing Assurance Maturity Scenarios 277\u003c\/p\u003e \u003cp\u003eCombined Assurance Reporting by ERM Head 278\u003c\/p\u003e \u003cp\u003eConclusion 278\u003c\/p\u003e \u003cp\u003eAbout Stig Sunde, CISA, CIA, CGAP, CRISC, IRM Cert. 280\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 19 Information Asset Management for Cyber 281\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eBooz Allen Hamilton\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eChristopher Ling, Executive Vice President, Booz Allen Hamilton, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Invisible Attacker 281\u003c\/p\u003e \u003cp\u003eA Troubling Trend 282\u003c\/p\u003e \u003cp\u003eThinking Like a General 283\u003c\/p\u003e \u003cp\u003eThe Immediate Need—Best Practices 283\u003c\/p\u003e \u003cp\u003eCybersecurity for the Future 284\u003c\/p\u003e \u003cp\u003eTime to Act 286\u003c\/p\u003e \u003cp\u003eConclusion 286\u003c\/p\u003e \u003cp\u003eAbout Booz Allen Hamilton 287\u003c\/p\u003e \u003cp\u003eAbout Christopher Ling 287\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 20 Physical Security 289\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eRadar Risk Group\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eInge Vandijck, CEO, Radar Risk Group, Belgium\u003cbr\u003e\u003c\/i\u003e\u003ci\u003ePaul Van Lerberghe, CTO, Radar Risk Group, Belgium\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eTom Commits to a Plan 290\u003c\/p\u003e \u003cp\u003eGet a Clear View on the Physical Security Risk Landscape and the Impact on Cybersecurity 291\u003c\/p\u003e \u003cp\u003eManage or Review the Cybersecurity Organization 294\u003c\/p\u003e \u003cp\u003eDesign or Review Integrated Security Measures 295\u003c\/p\u003e \u003cp\u003eReworking the Data Center Scenario 299\u003c\/p\u003e \u003cp\u003eCalculate or Review Exposure to Adversary Attacks 302\u003c\/p\u003e \u003cp\u003eOptimize Return on Security Investment 305\u003c\/p\u003e \u003cp\u003eConclusion 306\u003c\/p\u003e \u003cp\u003eAbout Radar Risk Group 307\u003c\/p\u003e \u003cp\u003eAbout Inge Vandijck 307\u003c\/p\u003e \u003cp\u003eAbout Paul Van Lerberghe 307\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 21 Cybersecurity for Operations and Communications 309\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eEY\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eChad Holmes, Principal, Cybersecurity, Ernst \u0026amp; Young LLP (EY US)\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eJames Phillippe, Principal, Cybersecurity, Ernst \u0026amp; Young LLP (EY US)\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eDo You Know What You Do Not Know? 309\u003c\/p\u003e \u003cp\u003eThreat Landscape—What Do You Know About Your Organization Risk and Who Is Targeting You? 310\u003c\/p\u003e \u003cp\u003eData and Its Integrity—Does Your Risk Analysis Produce Insight? 310\u003c\/p\u003e \u003cp\u003eDigital Revolution—What Threats Will Emerge as Organizations Continue to Digitize? 311\u003c\/p\u003e \u003cp\u003eChanges—How Will Your Organization or Operational Changes Affect Risk? 312\u003c\/p\u003e \u003cp\u003ePeople—How Do You Know Whether an Insider or Outsider Presents a Risk? 312\u003c\/p\u003e \u003cp\u003eWhat’s Hindering Your Cybersecurity Operations? 312\u003c\/p\u003e \u003cp\u003eChallenges from Within 313\u003c\/p\u003e \u003cp\u003eWhat to Do Now 313\u003c\/p\u003e \u003cp\u003eConclusion 318\u003c\/p\u003e \u003cp\u003eAbout EY 319\u003c\/p\u003e \u003cp\u003eAbout Chad Holmes 319\u003c\/p\u003e \u003cp\u003eAbout James Phillippe 319\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 22 Access Control 321\u003cbr\u003e\u003c\/b\u003e\u003ci\u003ePwC Sidriaan de Villiers, Partner—Africa Cybersecurity Practice, PwC South Africa\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eTaking a Fresh Look at Access Control 321\u003c\/p\u003e \u003cp\u003eOrganization Requirements for Access Control 322\u003c\/p\u003e \u003cp\u003eUser Access Management 323\u003c\/p\u003e \u003cp\u003eUser Responsibility 327\u003c\/p\u003e \u003cp\u003eSystem and Application Access Control 327\u003c\/p\u003e \u003cp\u003eMobile Devices 329\u003c\/p\u003e \u003cp\u003eTeleworking 331\u003c\/p\u003e \u003cp\u003eOther Considerations 332\u003c\/p\u003e \u003cp\u003eConclusion 333\u003c\/p\u003e \u003cp\u003eAbout PwC 334\u003c\/p\u003e \u003cp\u003eAbout Sidriaan de Villiers, PwC Partner South Africa 334\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 23 Cybersecurity Systems: Acquisition, Development, and Maintenance 335\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDeloitte\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eMichael Wyatt, Managing Director, Cyber Risk Services, Deloitte Advisory, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eBuild, Buy, or Update: Incorporating Cybersecurity Requirements and Establishing Sound Practices 336\u003c\/p\u003e \u003cp\u003eSpecific Considerations 342\u003c\/p\u003e \u003cp\u003eConclusion 344\u003c\/p\u003e \u003cp\u003eAbout Deloitte Advisory Cyber Risk Services 346\u003c\/p\u003e \u003cp\u003eAbout Michael Wyatt 346\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 24 People Risk Management in the Digital Age 347\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eAirmic\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eJulia Graham, Deputy CEO and Technical Director at Airmic, UK\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eRise of the Machines 347\u003c\/p\u003e \u003cp\u003eEnterprise-Wide Risk Management 348\u003c\/p\u003e \u003cp\u003eTomorrow’s Talent 350\u003c\/p\u003e \u003cp\u003eCrisis Management 354\u003c\/p\u003e \u003cp\u003eRisk Culture 355\u003c\/p\u003e \u003cp\u003eConclusion 356\u003c\/p\u003e \u003cp\u003eAbout Airmic 358\u003c\/p\u003e \u003cp\u003eAbout Julia Graham 358\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 25 Cyber Competencies and the Cybersecurity Offi cer 359\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eRon Hale, PhD, CISM, ISACA, USA\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eThe Evolving Information Security Professional 359\u003c\/p\u003e \u003cp\u003eThe Duality of the CISO 360\u003c\/p\u003e \u003cp\u003eJob Responsibilities and Tasks 363\u003c\/p\u003e \u003cp\u003eConclusion 366\u003c\/p\u003e \u003cp\u003eAbout ISACA 368\u003c\/p\u003e \u003cp\u003eAbout Ron Hale 368\u003c\/p\u003e \u003cp\u003e\u003cb\u003eCHAPTER 26 Human Resources Security 369\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Offi cer, Australia\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eNeeds of Lower-Maturity HR Functions 369\u003c\/p\u003e \u003cp\u003eNeeds of Mid-Maturity HR Functions 370\u003c\/p\u003e \u003cp\u003eNeeds of Higher-Maturity HR Functions 372\u003c\/p\u003e \u003cp\u003eConclusion 373\u003c\/p\u003e \u003cp\u003eAbout Domenic Antonucci 374\u003c\/p\u003e \u003cp\u003e\u003cb\u003eEpilogue 375\u003cbr\u003e\u003c\/b\u003e\u003ci\u003eBecoming CyberSmart \u003c\/i\u003e\u003csup\u003eTM\u003c\/sup\u003e\u003ci\u003e: a Risk Maturity Road Map for Measuring \u003c\/i\u003e\u003ci\u003eCapability Gap-Improvement\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eDomenic Antonucci, Editor and Chief Risk Offi cer (CRO), Australia\u003cbr\u003e\u003c\/i\u003e\u003ci\u003eDidier Verstichel, Chief Information Security Offi cer (CISO) and Chief Risk Offi cer (CRO), Belgium\u003c\/i\u003e\u003c\/p\u003e \u003cp\u003eBackground 375\u003c\/p\u003e \u003cp\u003eBecoming CyberSmart\u003csup\u003eTM\u003c\/sup\u003e 376\u003c\/p\u003e \u003cp\u003eAbout Domenic Antonucci 392\u003c\/p\u003e \u003cp\u003eAbout Didier Verstichel 392\u003c\/p\u003e \u003cp\u003eGlossary 393\u003c\/p\u003e \u003cp\u003eIndex 399\u003c\/p\u003e","brand":"John Wiley \u0026 Sons Inc","offers":[{"title":"Default Title","offer_id":48866392211799,"sku":"9781119308805","price":58.5,"currency_code":"GBP","in_stock":true}],"thumbnail_url":"\/\/cdn.shopify.com\/s\/files\/1\/0817\/1739\/5799\/files\/9781119308805.jpg?v=1722278432","url":"https:\/\/bookcurl.com\/products\/the-cyber-risk-handbook-9781119308805","provider":"Book Curl","version":"1.0","type":"link"}