Confronting Cyber Risk

"Confronting Cyber Risk: An Embedded Endurance Strategy for Cybersecurity is a practical leadership handbook defining a new strategy for improving cybersecurity and mitigating cyber risk. Written by two leading experts with extensive professional experience in cybersecurity, the book provides CEOs and cyber newcomers alike with novel, concrete guidance on how to implement a cutting-edge strategy to mitigate an organization's overall risk to malicious cyberattacks. Using short, real-world case studies, the book highlights the need to address attack prevention and the resilience of each digital asset while also accounting for an incident's potential impact on overall operations. In a world of hackers, artificial intelligence, and persistent ransomware attacks, the Embedded Endurance strategy embraces the reality of interdependent digital assets and provides an approach that addresses cyber risk at both the micro- (people, networks, systems and data) and macro-(organizational) levels. Most books about cybersecurity focus entirely on technology; the Embedded Endurance strategy recognizes the need for sophisticated thinking with preventative and resilience measures engaged systematically a cross your organization"--

Using real world examples from SolarWinds to the Colonial Pipeline attack, Confronting Cyber Risk provides CEOs and cyber newcomers alike with a cutting-edge strategy to mitigate an organization's operational, reputational, and litigational risk to malicious cyberattacks in an evolving cyber risk landscape.

The new US National Cyber Strategy points to Russia, China, North Korea and Iran as the main international actors responsible for launching malicious cyber and information warfare campaigns against Western interests and democratic processes. Washington made clear its intention of scaling the response to the magnitude of the threat, while actively pursuing the goal of an open, secure and global Internet. The first Report of the ISPI Center on Cybersecurity focuses on the behaviour of these “usual suspects”, investigates the security risks implicit in the mounting international confrontation in cyberspace, and highlights the current irreconcilable political cleavage between these four countries and the West in their respective approaches “in and around” cyberspace.

A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

This book is an extremely relevant must read for anyone concerned with the current cyber threat against United States' national and economic security. Over the past few years, the U.S. has increasingly been the victim of sophisticated and significant cyber attacks by state-sponsored and malicious individual actors. These threats have progressively targeted the U.S. military and political systems, financial institutions, healthcare systems, electric grid, dams, and retail sectors. The total extent of damage and loss we may never know... until it's too late. In 2019, revenues from malicious cyber actors exceeded the combined revenues of Facebook, Amazon, Apple, Netflix, and Google. In a single year more than 3 billion U.S. accounts were hacked. These malicious actors are aggressively investing in talent, technology and tactics. They are coordinated, trained, highly sophisticated, and most importantly...undeterred.Despite formidable U.S. government and private industry cyber capabilities, the nation lacks the necessary strategy for integrated cybersecurity. Its current policy leaves its privately-owned critical infrastructure struggling to defend itself against a rapidly growing cyber storm which threatens to undermine and envelope U.S. cyber defenses. The result is a nation highly vulnerable to cyber threats which could expose the U.S. to a potentially catastrophic impact on national security and the economy.Through detailed analysis and real-world military strategy, healthcare, and financial sector experience, the author presents a pragmatic remedy to securing the nation against cyber threats. Using coercion and other instruments of statecraft, this book explores the art of strategy to devise a public-private means to effectively influence cyber threats, along with the vernacular and constructs necessary to carry it out. . This book goes beyond academic policy; it is a battle-cry to action offering practical solutions for every nation's leadership when Confronting the Cyber Storm."In this book, Banks has concisely laid out a compelling, well-documented case for a coercive strategy as part of an overall national cybersecurity strategy. His case studies make clear the need. His recommendations reveal a deep understanding of the threat as well as of the tools available to government and private industry to meet it."Eric J. McNulty, MA, Associate Director and Program Co-director Harvard University's National Preparedness Leadership Initiative, a joint program of the Harvard Chan School and the Harvard Kennedy School of Government."Banks delivers an incredibly relevant book for our time. Full of rich detail on the state of all things cyber, he calls out the deficiencies in current Western cyber strategies and pitches a comprehensive coercion strategy to protect our future. The wise will heed his call to action, turn the tables on malicious cyber actors, and give them something meaningful to worry about." Dr. Christian Watt, Colonel, USAF, Associate Dean U.S. Air Force War College "This book offers a much-needed structure to policy discussions surrounding cyber conflict. Col (ret) Banks' important perspectives offer a cogent pathway to think about and operationalize cyber strategy. While many "strategies" for cyberspace exist, they are more often than not policy pronouncements rather than "strategy" in the classical sense of the term. The frameworks he provides offer a pathway for ends, ways and means the United States should go on the offensive as a nation to confront aggressive adversaries in the cyber domain and more broadly integrating cyberspace into our toolkit for national statecraft and grand strategy."Dr. Pano Yannakogeorgos. Clinical Associate ProfessorNew York University, Faculty Lead - MS Global Security, Conflict & Cybercrime

This work examines qualitative research regarding cyber threats that have continually beleaguered Canada and the United States by malevolent actors mostly over the last five years.

The technology controlling United States nuclear weapons predates the Internet. Updating the technology for the digital era is necessary, but it comes with the risk that anything digital can be hacked. Moreover, using new systems for both nuclear and non-nuclear operations will lead to levels of nuclear risk hardly imagined before. This book is the first to confront these risks comprehensively. With Cyber Threats and Nuclear Weapons, Herbert Lin provides a clear-eyed breakdown of the cyber risks to the U.S. nuclear enterprise. Featuring a series of scenarios that clarify the intersection of cyber and nuclear risk, this book guides readers through a little-understood element of the risk profile that government decision-makers should be anticipating. What might have happened if the Cuban Missile Crisis took place in the age of Twitter, with unvetted information swirling around? What if an adversary announced that malware had compromised nuclear systems, clouding the confidence of nuclear decision-makers? Cyber Threats and Nuclear Weapons, the first book to consider cyber risks across the entire nuclear enterprise, concludes with crucial advice on how government can manage the tensions between new nuclear capabilities and increasing cyber risk. This is an invaluable handbook for those ready to confront the unique challenges of cyber nuclear risk.

Security professionals are trained skeptics. They poke and prod at other people’s digital creations, expecting them to fail in unexpected ways. Shouldn’t that same skeptical power be turned inward? Shouldn’t practitioners ask: “How do I know that my enterprise security capabilities work? Are they scaling, accelerating, or slowing as the business exposes more value to more people and through more channels at higher velocities?” This is the start of the modern measurement mindset—the mindset that seeks to confront security with data. The Metrics Manifesto: Confronting Security with Data delivers an examination of security metrics with R, the popular open-source programming language and software development environment for statistical computing. This insightful and up-to-date guide offers readers a practical focus on applied measurement that can prove or disprove the efficacy of information security measures taken by a firm. The book’s detailed chapters combine topics like security, predictive analytics, and R programming to present an authoritative and innovative approach to security metrics. The author and security professional examines historical and modern methods of measurement with a particular emphasis on Bayesian Data Analysis to shed light on measuring security operations. Readers will learn how processing data with R can help measure security improvements and changes as well as help technology security teams identify and fix gaps in security. The book also includes downloadable code for people who are new to the R programming language. Perfect for security engineers, risk engineers, IT security managers, CISOs, and data scientists comfortable with a bit of code, The Metrics Manifesto offers readers an invaluable collection of information to help professionals prove the efficacy of security measures within their company.