This book offers a comprehensive process and roadmap for companies to create unified Cybersecurity and Cyber Resiliency strategies. It outlines a methodology for integrating disjointed efforts into a cohesive corporate plan with senior management support, ensuring efficient resource use, targeting high-risk threats, and assessing risk evaluation methodologies and mitigations. The text covers all necessary steps from initial planning, including mission, vision, and strategic objectives, to project management directives, cyber threat analysis, and risk assessment. It also details reporting and measurement techniques to gauge plan success and overall strategic performance. A methodology for selecting new initiatives for the upcoming year is included, identifying relevant inputs. Key tools discussed encompass Key Risk Indicators (KRI), Key Performance Indicators (KPI), the NIST Cyber Security Framework (CSF), maturity interval mapping, comparisons of current and target state goals, and a quantitative NIST-based risk assessment. Additionally, it features RACI diagrams for governance tasks, project management tools like swimlanes, timelines, and Gantt charts. The final chapter provides downloadable resources such as checklists, tables, and assessment tools to aid in developing a company’s cybersecurity and resiliency strategic plan.
Mark Sweeney Ordine dei libri (cronologico)
