The Cybersecurity Guide to Governance, Risk, and Compliance
| Otros Autores: | , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Hoboken, NJ :
Wiley
[2024]
|
| Edición: | First edition |
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009811317206719 |
Tabla de Contenidos:
- Cover
- Title Page
- Copyright Page
- Dedication by Griffin Weaver
- Dedication by Jason Edwards
- Contents
- Purpose of the Book
- Target Audience
- Structure of the Book
- Foreword by Wil Bennett
- Foreword by Gary McAlum
- Chapter 1 Governance, Risk Management, and Compliance
- Understanding GRC
- The Business Case for GRC
- Governance: Laying the foundation
- Risk Management: Managing Uncertainties
- Compliance: Adhering to regulations and Standards
- The Intersection of governance, Risk, and Compliance
- GRC Frameworks and Standards
- GRC Tools and Technologies
- Building a GRC Culture
- The Role of GRC in Strategic Planning
- Chapter Conclusion
- Case Study: GRC Implementation at SpectraCorp
- Chapter 2 The Landscape of Cybersecurity
- Comprehensive Overview of cybersecurity Maturity
- Cybersecurity In the Financial Industry
- Cybersecurity in the Healthcare Industry
- Cybersecurity in the Government Sector
- Cybersecurity in Small to Large Enterprises
- Chapter Conclusion
- Case Study: TechGiant Inc.'s Holistic Approach to Information Security
- Chapter 3 Cybersecurity Leadership: Insights and Best Practices
- The Essential Traits of a Cybersecurity Leader
- Building and Leading Effective Cybersecurity Teams
- Adapting to Emerging Trends in Cybersecurity Leadership
- Strategic Decision-making in Cybersecurity Leadership
- Developing the Next Generation of Cybersecurity Leaders
- Personal Development for Cybersecurity Leaders
- Incident Management and Crisis Leadership
- Leading Cybersecurity Culture and Awareness
- The Ethical Dimension of Cybersecurity Leadership
- Balancing Business Objectives and Cybersecurity
- Learning from Military Leadership
- Future Trends and Preparing for What's Next
- Chapter Conclusion
- Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc.
- Chapter 4 Cybersecurity Program and Project Management
- Program and Project Management in Cybersecurity
- Types of Cybersecurity Projects
- Project Management Fundamentals Applied to Cybersecurity
- Agile Project Management for Cybersecurity
- Managing Cybersecurity Programs
- Communication and Collaboration in Cybersecurity Projects
- A Guide for Project Managers in Cybersecurity
- Chapter Conclusion
- Case Study: Proactive Program Management at Acme Tech
- Chapter 5 Cybersecurity for Business Executives
- Why Business Executives Need to be Involved in Cybersecurity
- Roles and Responsibilities of Business Executives in Cybersecurity
- Effective Collaboration Between Business Executives and Cybersecurity Teams
- Key Cybersecurity Concepts for Business Executives
- Incorporating Cybersecurity into Business Decision-making
- Developing a Cybersecurity Risk Appetite
- Training and Awareness for Business Executives
- Legal and Regulatory Considerations for Business Executives
- The Future of business Executive Engagement in Cybersecurity
- Chapter Conclusion
- Case Study: Engaging Cybersecurity at Spectrum Enterprises
- Chapter 6 Cybersecurity and the Board of Directors
- The Critical Role of the Board in Cybersecurity
- Perspectives from the Board of Directors
- Perspectives from Cybersecurity Executives
- The Board's Responsibilities in Cybersecurity
- Effective Communication Between the Board and Cybersecurity Executives
- Specific Recommendations for Reporting to the Board
- Insights from the FFIEC and other Standards on Board Involvement
- Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture
- Legal and Regulatory Considerations for the Board
- The Future of Board Involvement in Cybersecurity
- Chapter Conclusion
- Case Study: Cybersecurity Board Governance at TechPioneer Inc.
- Chapter 7 Risk Management
- Risk Management in the Business
- Understanding the Risk Management Life Cycle
- FFIEC Handbooks and Risk Management Guidance
- Governance and Risk Management Framework
- Risk Approvals and the Role of Committees
- Risk Identification and Analysis
- Third-Party Risk Management
- Regulatory Expectations For third-party Risk Management
- Compliance and Legal Risk Management
- Monitoring and Reporting
- Chapter Conclusion
- Case Study: Navigating Risk Management at Phoenix Innovations
- Chapter 8 The NIST Risk Management Framework
- The NIST Risk Management Framework
- Understanding RMF's Authorization Process
- NIST RMF in Practice: Step-by-Step Analysis
- Applicability to Regulatory Expectations
- Integrating NIST RMF into an Organization
- Using NIST RMF for Risk Assessment and Management
- NIST RMF and Technology Implementation
- Challenges and Solutions in Implementing NIST RMF
- NIST RMF and Third-Party Risk Management
- Chapter Conclusion
- Case Study: OmniTech Corporation and NIST RMF Implementation
- Sample RMF Authorization Document Package
- Chapter 9 Cybersecurity Metrics
- Understanding Cybersecurity Metrics
- The Importance of Metrics in cybersecurity
- The Role of Metrics in Decision-making and Resource Allocation
- Differentiating Between KPIs and KRIs
- The Role of Metrics in Compliance
- Challenges and Considerations
- Key Performance Indicators (KPIs)
- Key Risk Indicators (KRIs)
- Integrating KPIs and KRIs into Cybersecurity Strategy
- Chapter Conclusion
- Case Study: Transforming TechNova's Defense Landscape
- Chapter 10 Risk Assessments
- The Importance of Risk Assessments
- The FFIEC's Perspective on Risk Assessments
- NIST's Approach to Risk Assessments
- Risk Assessment Frameworks
- Conducting a Cybersecurity Risk Assessment
- Managing Third-Party Risks.
- Challenges and Best Practices in Risk Assessments
- Chapter Conclusion
- Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions
- Risk Assessment Template Example
- Chapter 11 NIST Cybersecurity Framework
- Background on the NIST CSF
- Core Functions and Categories
- Implementation Tiers
- Tier 1: Partial
- Tier 2: Risk-Informed
- Tier 3: Repeatable
- Tier 4: Adaptive
- Profiles
- Purpose and Use of Profiles
- Creating a Profile
- Customizing Profiles
- Profile Examples
- Profile Maintenance and Updates
- Implementation
- Understanding Organizational Requirements
- Assessing the Current State
- Defining the Desired State
- Gap Analysis and Prioritization
- Developing and Executing the Action Plan
- Continuous Improvement
- Chapter Conclusion
- Case Study: Cybersecurity Journey of TechPulse Inc.
- Chapter 12 Cybersecurity Frameworks
- ISO/IEC 27001: Information Security Management
- COBIT (Control Objectives for Information and Related Technologies)
- CMMC (Cybersecurity Maturity Model Certification)
- CIS (Center for Internet Security) Controls
- PCI DSS (Payment Card Industry Data Security Standard)
- ICFR (internal Control over Financial Reporting)
- Cloud Security Alliance Controls
- ISO 27017: Code of Practice for Information Security Controls
- ISO 27701: Privacy Information Management
- Comparing and Integrating Different Cybersecurity Frameworks
- Future Trends in Cybersecurity Frameworks
- Chapter Conclusion
- Case Study: Securing Globex Corporation
- Top Strengths of Each Framework
- Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework
- Overview of NIST SP 800-53
- Structure and Organization of NIST SP 800-53
- Understanding Controls and Control Families
- Chapter Conclusion
- Case Study: SecureTech Solutions.
- NIST 800-53 Control Families and Descriptions
- AC: Access Control
- PE: Physical and Environmental Protection
- AT: Awareness and Training
- PL: Planning
- AU: Audit and Accountability
- PM: Program Management
- CA: Assessment, Authorization, and Monitoring
- PS: Personnel Security
- CM: Configuration Management
- PT: PII Processing and Transparency
- CP: Contingency Planning
- RA: Risk Assessment
- IA: Identification and Authentication
- SA: System and Services Acquisition
- IR: Incident Response
- SC: System and Communications Protection
- MA: Maintenance
- SI: System and Information Integrity
- MP: Media Protection
- SR: Supply Chain Risk Management
- Chapter 14 The FFIEC: An Introduction
- FFIEC History and Background
- Role and Responsibilities
- Understanding the FFIEC Examination Handbooks
- The FFIEC Cybersecurity Assessment Tool (CAT)
- The FFIEC Audit Handbook
- The FFIEC Business Continuity Handbook
- The FFIEC Development and Acquisition Handbook
- The FFIEC Information Security Handbook
- The FFIEC Management Handbook
- The Architecture, Infrastructure, and Operations Handbook
- The Outsourcing Technology Services Handbook
- The Retail Payment Systems Handbook
- The Supervision of Technology Service Providers Handbook
- The Wholesale Payment Systems Handbook
- Chapter Conclusion
- Chapter 15 U.S. Federal Cybersecurity Regulations
- Gramm-Leach-Bliley Act (GLBA)
- The Health Insurance Portability and Accountability Act (HIPAA)
- Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B)
- Payment Card Industry Data Security Standard (PCI DSS)
- Sarbanes-Oxley Act (SOX)
- The Cloud Act
- Internal Revenue Service Publication 1075
- Criminal Justice Information Services (CJIS) Security Policy
- Defense Federal Acquisition Regulation Supplement (DFARS).
- Department of Defense Cloud Computing Security Requirements Guide.
