Cyber Strategy: Risk-Driven Security and Resiliency, 1st Edition (Paperback) book cover

Cyber Strategy

Risk-Driven Security and Resiliency, 1st Edition

By Carol Siegel, Mark Sweeney

Auerbach Publications

216 pages | 116 B/W Illus.

Purchasing Options:$ = USD
Paperback: 9780367339456
pub: 2020-04-13
SAVE ~$9.99
Available for pre-order. Item will ship after 13th April 2020
Hardback: 9780367458171
pub: 2020-04-13
SAVE ~$25.80
Available for pre-order. Item will ship after 13th April 2020

FREE Standard Shipping!


Cyber Strategy: Risk-Driven Security and Resiliency provides a process and roadmap for any company to develop its unified Cybersecurity and Cyber Resiliency Strategy. It demonstrates a methodology for companies to combine their disassociated efforts into one corporate plan with buy-in from senior management that will efficiently utilize resources, target high-risk threats, and evaluate risk assessment methodologies and subsequently the efficacy of resultant risk mitigations. The book discusses all the steps required from conception of the plan from pre-planning (mission/vision, principles, strategic objectives, and new initiatives derivation), project management directives, cyber threat and vulnerability analysis, and cyber risk and controls assessment to measurement techniques for plan success and overall strategic plan performance. In addition, a methodology is presented to aide in new initiative selection for the following year by identifying all the inputs.

Tools utilized include:

  • Key Risk Indicators (KRI) and Key Performance Indicators (KPI)
  • National Institute of Standards and Technology (NIST) Cyber Security Framework (CSF) Target State Maturity interval mapping per initiative
  • Comparisons of current and target state business goals and critical success factors
  • A quantitative NIST-based risk assessment of initiative technology components
  • Responsible, Accountable, Consulted, Informed (RACI) diagrams for a Cyber Steering Committee and Governance Boards
  • Swim lanes, timelines, data flow diagrams (inputs, resources, outputs), progress report templates, and Gantt charts for project management
  • A comprehensive final Table of Contents for the Strategy deliverable
  • Cyber Insurance requirements

The last chapter provides downloadable checklists, tables, data flow diagrams, figures, and assessment tools to help develop your company’s cybersecurity and cyber resiliency strategic plan.

Table of Contents

Why Cybersecurity and Cyber Resiliency Strategies are Mandatory for Organizations Toda. The 6 Steps in Developing and Maintaining a Cybersecurity and Cyber Resiliency Strategy. STEP 2: Strategy Project Management. Cyber Threats, Vulnerabilities and Intelligence Analysis. Cyber Risks and Controls. Assessments, Current and Target States. Measuring Strategic Plan Performance and End of Year (EOY) Tasks. Checklists and Templates to Help Create an Enterprise-wide Cybersecurity and Cyber Resiliency Strategy.

About the Authors

Carol A. Siegel is a Cybersecurity strategy and IT Risk Management professional with over 30+ years’ experience. Carol earned her BS in Systems Analysis Engineering from Boston University in 1971, and her MBA in Computer Applications from New York University in 1984. She has CISSP, CISA and CISM certifications from ISC2 and ISACA respectively. Carol has co-authored one of the first books on Internet security, a book for Microsoft on Windows NT Security as well as numerous articles for Auerbach Publications on information security and risk management. Carol has worked for many Fortune 50 financial services companies in the Banking, Insurance, Big Four, and Pharma sectors and has held several Chief Information Security Officer (CISO) positions. Most recently, Carol worked for the Federal Reserve Bank of New York.

Mark Sweeney is a Cybersecurity and Cyber Resiliency professional with over 5 years of experience in strategizing and implementing risk-based cybersecurity and cyber resiliency programs. Mark earned his BS in Security & Risk Analysis – Information & Cyber Security from Penn State University in 2014. Mark has worked in Big Four consulting companies and the Financial Services Industry as a Cybersecurity and Cyber Resiliency expert and is currently a cyber underwriter.

Subject Categories

BISAC Subject Codes/Headings:
COMPUTERS / Information Technology
COMPUTERS / Security / General
COMPUTERS / Internet / Security
REFERENCE / Yearbooks & Annuals