Organizations of all sizes struggle to secure their data in a constantly evolving digital landscape. Expanding digital footprints and the rapid expansion of cloud strategies arising from the COVID-19 pandemic increase an organization’s attack surface. When combined with limited resources caused by the cybersecurity skills gap, securing small and mid-sized business IT infrastructures becomes more complicated. With limited staffing and budgetary restrictions, small businesses need to create cost-effective, security-driven programs that protect data while also meeting increasingly stringent compliance requirements.
This book bridges the gap between complex technical language and business objectives to create a security-first review of the security and compliance landscapes. Starting from the premise that “with security comes compliance,” this book starts by defining “security-first” and then walking readers through the process of creating a holistic security and compliance program.
Looking at security and privacy through the lens of zero trust, this overview of regulations and industry standards provides both background about and implications drawn from modern security practices. Rather than focusing solely on individual cybersecurity frameworks, this book offers insights into best practices based on the commonalities between regulations and industry standards, highlighting some of the primary differences to show the nuances.
Woven throughout are practical examples of solutions that enable small and mid-sized businesses to create “cybersustainable” security-focused policies, processes, and controls that protect today’s future for tomorrow’s digital ecosystem.
Chapter 2 Reviewing the Compliance Landscape
Chapter 3 Compliance Risk
Chapter 4 Looking at Risk through a Security Lens
Chapter 5 How to Set Controls
Chapter 6 Continuous Monitoring
Chapter 7 Vendor Risk Management: Securing the Supply Chain
Chapter 8 Calculating the Total Cost of Compliance
Chapter 9 Information Security Audit: The What, How, and Why
Chapter 10 Cyber Liability Insurance
Chapter 11 Cybersustai nability: Ethical Data Handling for Corporate Responsibility
Chapter 12 Magic 8 Ball Says "Yes"
Biography
Karen Walsh passed the Connecticut Bar in 2004. She then worked as a Bank Secrecy Act internal auditor and contract compliance manager for fourteen years before discovering her passion for cybersecurity and privacy compliance. She spent eleven years teaching first-year college writing and applies many of the same pedagogical approaches to writing about information security. The ISACA Journal published her coauthored pieces on cybersustainability in 2019. Her book 100 Geek Heroines was published by ABC-CLIO, part of Bloomsbury, in October 2019, and she has also authored chapters in At Home in the Whedonverse (MacFarland, 2017) and Transmediating the Whedonverse (Springer, 2019).
