The Cyber Elephant In The Boardroom

We've all read the cybersecurity horror stories: a prominent company exposes the private information of their customers only to scramble after the fact to apologize and safeguard the data. Cybersecurity is often an afterthought, a much lower priority than profit--until a data breach threatens the bottom line anyway. In The Cyber-Elephant in the Boardroom, data security expert and CEO Mathieu Gorge, along with a host of guests, shows why protecting a company's data should be top of mind for C-suites and corporate boards. With the innovative 5 Pillars of Security Framework, any C-level executive can understand their organization's cyber risk and the steps they need to take to protect their information. There's a cyber-elephant in the boardroom and it needs to be addressed!

Healthcare IT is under tremendous pressure in today’s environment: Budgets are shrinking; staff are in short supply; cloud, mobile, and data are driving expansion and innovation. Consumer expectations are high while agility and speed to market for many HIT organizations is low. The exponential growth of data sources and the need to empower healthcare with data-driven intelligence is pushing capabilities. The words "digital transformation" are infused in just about every discussion and serve to amplify organizational expectations of IT. In this environment, IT departments have to retool, rethink, and revise their way of operating. Few have the option of starting from scratch; the vast majority of organizations have built IT functions over decades. Now, it’s time to remodel and renovate for the future. This book walks the reader through the process of determining what type of IT function they have today and what they’ll need tomorrow. It discusses how to assess and analyze IT capabilities and then develop and implement a plan to renovate in place. By retooling now, the IT function can successfully meet the growing demands of the organization in the future. When approached in a planful manner, this process of renovating can energize the entire organization and help foster innovation and transformation along the way.

Over the years we’ve seen the digital security profession transformed into an overhyped and fuzzy domain that is often referred to as cybersecurity. Over the years we've seen the digital security profession transformed into an overhyped and fuzzy domain that is often referred to as cybersecurity. Since many authors have written a great deal on this subject in books, journals, and social media blogs, our aim here is to enrich this field with our opinions, -viewpoints, and expertise. Thanks to a combined total of forty-five years of experience - experience from our academic back grounds as well as from our work as security and tech leaders we are able to focus on things that should work in theory but fail in practice due to all kinds of intangible, "silent" factors. Our intention is not to be exhaustive, nor to criticize others, but to shed fresh light on crucial cyber-related allies, enemies, and issue that are rarely taken into account and talked about, but we believe you should know to help you combat the silent enemy of digital security.

A ground shaking exposé on the failure of popular cyber risk management methods How to Measure Anything in Cybersecurity Risk exposes the shortcomings of current "risk management" practices, and offers a series of improvement techniques that help you fill the holes and ramp up security. In his bestselling book How to Measure Anything, author Douglas W. Hubbard opened the business world's eyes to the critical need for better measurement. This book expands upon that premise and draws from The Failure of Risk Management to sound the alarm in the cybersecurity realm. Some of the field's premier risk management approaches actually create more risk than they mitigate, and questionable methods have been duplicated across industries and embedded in the products accepted as gospel. This book sheds light on these blatant risks, and provides alternate techniques that can help improve your current situation. You'll also learn which approaches are too risky to save, and are actually more damaging than a total lack of any security. Dangerous risk management methods abound; there is no industry more critically in need of solutions than cybersecurity. This book provides solutions where they exist, and advises when to change tracks entirely. Discover the shortcomings of cybersecurity's "best practices" Learn which risk management approaches actually create risk Improve your current practices with practical alterations Learn which methods are beyond saving, and worse than doing nothing Insightful and enlightening, this book will inspire a closer examination of your company's own risk management practices in the context of cybersecurity. The end goal is airtight data protection, so finding cracks in the vault is a positive thing—as long as you get there before the bad guys do. How to Measure Anything in Cybersecurity Risk is your guide to more robust protection through better quantitative processes, approaches, and techniques.

Cybersecurity threats are on the rise. As a leader, you need to be prepared to keep your organization safe. Companies are investing an unprecedented amount of money to keep their data and assets safe, yet cyberattacks are on the rise--and the problem is worsening. No amount of technology, resources, or policies will reverse this trend. Only sound governance, originating with the board, can turn the tide. Protection against cyberattacks can't be treated as a problem solely belonging to an IT or cybersecurity department. It needs to cast a wide and impenetrable net that covers everything an organization does--from its business operations, models, and strategies to its products and intellectual property. And boards are in the best position to oversee the needed changes to strategy and hold their companies accountable. Not surprisingly, many boards aren't prepared to assume this responsibility. In A Leader's Guide to Cybersecurity, Thomas Parenty and Jack Domet, who have spent over three decades in the field, present a timely, clear-eyed, and actionable framework that will empower senior executives and board members to become stewards of their companies' cybersecurity activities. This includes: Understanding cyber risks and how best to control them Planning and preparing for a crisis--and leading in its aftermath Making cybersecurity a companywide initiative and responsibility Drawing attention to the nontechnical dynamics that influence the effectiveness of cybersecurity measures Aligning the board, executive leadership, and cybersecurity teams on priorities Filled with tools, best practices, and strategies, A Leader's Guide to Cybersecurity will help boards navigate this seemingly daunting but extremely necessary transition.

"With the nuance of a reporter and the pace of a thriller writer, Andy Greenberg gives us a glimpse of the cyberwars of the future while at the same time placing his story in the long arc of Russian and Ukrainian history." —Anne Applebaum, bestselling author of Twilight of Democracy The true story of the most devastating act of cyberwarfare in history and the desperate hunt to identify and track the elite Russian agents behind it: "[A] chilling account of a Kremlin-led cyberattack, a new front in global conflict" (Financial Times). In 2014, the world witnessed the start of a mysterious series of cyberattacks. Targeting American utility companies, NATO, and electric grids in Eastern Europe, the strikes grew ever more brazen. They culminated in the summer of 2017, when the malware known as NotPetya was unleashed, penetrating, disrupting, and paralyzing some of the world's largest businesses—from drug manufacturers to software developers to shipping companies. At the attack's epicenter in Ukraine, ATMs froze. The railway and postal systems shut down. Hospitals went dark. NotPetya spread around the world, inflicting an unprecedented ten billion dollars in damage—the largest, most destructive cyberattack the world had ever seen. The hackers behind these attacks are quickly gaining a reputation as the most dangerous team of cyberwarriors in history: a group known as Sandworm. Working in the service of Russia's military intelligence agency, they represent a persistent, highly skilled force, one whose talents are matched by their willingness to launch broad, unrestrained attacks on the most critical infrastructure of their adversaries. They target government and private sector, military and civilians alike. A chilling, globe-spanning detective story, Sandworm considers the danger this force poses to our national security and stability. As the Kremlin's role in foreign government manipulation comes into greater focus, Sandworm exposes the realities not just of Russia's global digital offensive, but of an era where warfare ceases to be waged on the battlefield. It reveals how the lines between digital and physical conflict, between wartime and peacetime, have begun to blur—with world-shaking implications.

Stopping Losses from Accidental and Malicious Actions Around the world, users cost organizations billions of dollars due to simple errors and malicious actions. They believe that there is some deficiency in the users. In response, organizations believe that they have to improve their awareness efforts and making more secure users. This is like saying that coalmines should get healthier canaries. The reality is that it takes a multilayered approach that acknowledges that users will inevitably make mistakes or have malicious intent, and the failure is in not planning for that. It takes a holistic approach to assessing risk combined with technical defenses and countermeasures layered with a security culture and continuous improvement. Only with this kind of defense in depth can organizations hope to prevent the worst of the cybersecurity breaches and other user-initiated losses. Using lessons from tested and proven disciplines like military kill-chain analysis, counterterrorism analysis, industrial safety programs, and more, Ira Winkler and Dr. Tracy Celaya's You CAN Stop Stupid provides a methodology to analyze potential losses and determine appropriate countermeasures to implement. Minimize business losses associated with user failings Proactively plan to prevent and mitigate data breaches Optimize your security spending Cost justify your security and loss reduction efforts Improve your organization’s culture Business technology and security professionals will benefit from the information provided by these two well-known and influential cybersecurity speakers and experts.

#1 New York Times Bestseller now in paperback with new material The inspiration for The Comey Rule, the Showtime limited series starring Jeff Daniels premiering September 2020 In his book, former FBI director James Comey shares his never-before-told experiences from some of the highest-stakes situations of his career in the past two decades of American government, exploring what good, ethical leadership looks like, and how it drives sound decisions. His journey provides an unprecedented entry into the corridors of power, and a remarkable lesson in what makes an effective leader. Mr. Comey served as director of the FBI from 2013 to 2017, appointed to the post by President Barack Obama. He previously served as U.S. attorney for the Southern District of New York, and the U.S. deputy attorney general in the administration of President George W. Bush. From prosecuting the Mafia and Martha Stewart to helping change the Bush administration's policies on torture and electronic surveillance, overseeing the Hillary Clinton e-mail investigation as well as ties between the Trump campaign and Russia, Comey has been involved in some of the most consequential cases and policies of recent history.