1st Edition
Cyber Risk Management in Practice A Guide to Real-World Solutions
Foreword by José Antonio Fernández Carbajal
Acknowledgments
Author biography
Introduction
Section I. Mastering the essentials of cyber risk management
1. Fundamentals of cyber risk management
2. Cyber risk management frameworks
3. Governance and cybersecurity culture
4. Cyber risk management methodology and risk register
5. Laying the groundwork
Section II. Executing cyber risk management in five steps
6. Starting the process: Contexts and information gathering
7. Risk assessment: From identification to characterization
8. Risk treatment strategies
9. Making things happen: Communication and implementation
10. Risk monitoring and metrics
Section III. Elevating beyond basics: Achieving cyber resilience
11. Third- party risk management
12. Building cyber resilience
13. Advancing toward risk quantification
14. New technologies: Methods, tools, and challenges
Section IV. Conclusion
15. Bringing it all together
Illustration credits
Index
Biography
Carlos Morales, MBA, A. CCISO, CISM, GRCP, GRCA, CRISC, IRMP, CDPSE, IDPP, IPMP, IAAP, ICEP, is a cybersecurity professional with over 18 years of experience in risk management, privacy, and information security across diverse global landscapes. An advocate for cybersecurity as a business enabler, Carlos is recognized for developing pragmatic, risk-based models that align security initiatives with organizational objectives.
His international expertise is marked by his active participation in initiatives that bridge the gap between the private sector, public institutions, and academia. Carlos has worked with organizations of all sizes around the globe, from multinational conglomerates to startups, bringing a broad, practical perspective across industries. This experience allows him to tailor cybersecurity strategies that are effective and scalable, regardless of organizational size or sector.
He served as an advisor on cybersecurity matters to the Executive Office of the President of Mexico for the National Cybersecurity Plan and was a member of the first Cybersecurity Innovation Council led by the Organization of American States (OAS), where he fostered collaboration among participating countries. At the Instituto Tecnológico y de Estudios Superiores de Monterrey (ITESM), Carlos played an active role in shaping the design of the Cybersecurity HUB and the master’s degree in cybersecurity. He continues to share his expertise as a professor in the ITESM Master’s program in cybersecurity, guiding the next generation of professionals.
Carlos is also an active participant in international forums, where he shares practical insights and connects with diverse audiences, bridging technical and non-technical perspectives with clarity and impact.
"Cyber Risk Management in Practice: A Guide to Real-World Solutions by Carlos Morales serves as a beacon for professionals involved not only in IT or cybersecurity but also across executive and operational roles within organizations. This book is an invaluable resource that I highly recommend for its practical insights and clear guidance."
José Antonio Fernández Carbajal
Executive Chairman and CEO of FEMSA
