Cyber Mayday and the Day After

Cyber Mayday and the Day After
Автор книги: id книги: 2200163     Оценка: 0.0     Голосов: 0     Отзывы, комментарии: 0 2533 руб.     (27,63$) Читать книгу Купить и скачать книгу Электронная книга Жанр: Зарубежная деловая литература Правообладатель и/или издательство: John Wiley & Sons Limited Дата добавления в каталог КнигаЛит: ISBN: 9781119835318 Скачать фрагмент в формате   fb2   fb2.zip Возрастное ограничение: 0+ Оглавление Отрывок из книги

Реклама. ООО «ЛитРес», ИНН: 7719571260.

Описание книги

Successfully lead your company through the worst crises with this first-hand look at emergency leadership Cyber security failures made for splashy headlines in recent years, giving us some of the most spectacular stories of the year. From the Solar Winds hack to the Colonial Pipeline ransomware event, these incidents highlighted the centrality of competent crisis leadership. Cyber Mayday and the Day After offers readers a roadmap to leading organizations through dramatic emergencies by mining the wisdom of C-level executives from around the globe. It’s loaded with interviews with managers and leaders who've been through the crucible and survived to tell the tale. From former FBI agents to Chief Information Security Officers, these leaders led their companies and agencies through the worst of times and share their hands-on wisdom. In this book, you’ll find out: What leaders wish they'd known before an emergency and how they've created a crisis game plan for future situations How executive-level media responses can maintain – or shatter – consumer and public trust in your firm How to use communication, coordination, teamwork, and partnerships with vendors and law enforcement to implement your crisis response Cyber Mayday and the Day After is a must-read experience that offers managers, executives, and other current or aspiring leaders a first-hand look at how to lead others through rapidly evolving crises.

Оглавление

Daniel Lohrmann. Cyber Mayday and the Day After

Table of Contents

List of Illustrations

Guide

Pages

PRAISE FOR CYBER MAYDAY AND THE DAY AFTER

CYBER MAYDAY AND THE DAY AFTER. A LEADER'S GUIDE TO PREPARING, MANAGING, AND RECOVERING FROM INEVITABLE BUSINESS DISRUPTIONS

Introduction: Setting the Global Stage for Cyber Resilience

A NEW SENSE OF CYBER URGENCY

A PEEK BEHIND THE CURTAINS, AND THE MAKING OF CYBER MAYDAY AND THE DAY AFTER

THE THREE-PART BREAKDOWN

NOTES

CHAPTER 1 If I Had a Time Machine

STARTING WITH THE UNKNOWNS – OR NOT?

AN ISOLATED PERSPECTIVE HAS MANY LIMITS

LEARNING FROM OUR PAST TO LEAD OUR FUTURE

FREQUENT RANSOMWARE ATTACKS PROMPT RESPONSE CAPABILITY ENHANCEMENTS IN NEW YORK STATE

LIKE A BAD PENNY

EDUCATION SECTOR TARGETED BY CYBERCRIMINALS

THE BATTLE CONTINUES

FIVE TAKEAWAYS

The World Will Never Be Immune to Cyberattacks

Cybersecurity Is a Business Risk Issue

The Double-Edged Sword of Zero Trust

Pick the Right Person to Lead the Effort

Act and Adjust with Resilience as the Cyber Situation Evolves

NOTES

CHAPTER 2 Fail to Plan or Plan to Fail: Cyber Disruption Response Plans and Cyber Insurance

THE MAKING OF THE MICHIGAN CYBER INITIATIVE

CONFRONTING CYBER EMERGENCIES: THE MICHIGAN CYBER DISRUPTION RESPONSE PLAN

U.S. FEDERAL GOVERNMENT GUIDANCE ON SECURITY INCIDENT HANDLING

POSITIVE SECURITY AND RISK MANAGEMENT FOR INTERNATIONAL ORGANIZATIONS

CHANGES IN THE PLANNING APPROACH POST-INCIDENT

THE WISCONSIN GOVERNMENT APPROACH TO CYBERSECURITY INCIDENT RESPONSE

A PRIVATE SECTOR PERSPECTIVE ON COMPUTER SECURITY INCIDENT RESPONSE

INCIDENT RESPONSE AND CYBER INSURANCE

NOTES

CHAPTER 3 Practice Makes Perfect: Exercises, Cyber Ranges, and BCPs

THE IMPORTANCE OF CYBER EXERCISES

HISTORY OF CYBER STORM EXERCISES

MICHIGAN PARTICIPATION IN CYBER STORM I

CYBER SCENARIOS, EXERCISE PLANS, AND PLAYBOOKS

HELP AVAILABLE, FROM A CYBER RANGE NEAR YOU

INTERNAL BUSINESS CONTINUITY PLANNING (BCP) PLAYERS

DESIGNING YOUR BCP IN ACCORDANCE WITH YOUR COMPANY'S MISSION

WHERE NEXT WITH YOUR BCP?

HOW OFTEN SHOULD WE BE RUNNING OUR BCPs?

AUTOMATED RESPONSES TO INCIDENTS

NOTES

CHAPTER 4 What a Leader Needs to Do at the Top

BUILDING RELATIONSHIPS WITH YOUR BUSINESS LEADERS

SPEAK THEIR LANGUAGE

LAYING THE GROUNDWORK

SECURITY VARIANCE

THE FUNDAMENTALS AND TOP MITIGATION STRATEGIES

SECURITY NEEDS TO HAVE A BUSINESS PURPOSE

FIGHTING THE INNATE NATURE OF A CISO

HOW SHOULD A SENIOR EXECUTIVE APPROACH CYBER ISSUES?

WHAT CAN THE BOARD CHANGE?

STORY-BASED LEADERSHIP

SETTING A SUPPORTIVE CULTURE LEADS TO CREATIVE SOLUTIONS

NOTES

CHAPTER 5 Where Were You When the Sirens Went Off?

THE STORY OF TOLL

Our Number-One Focus Is to Contain and Protect Others

Have a Crisis Management Plan

Stay in Control of the Crisis

FINE-TUNE YOUR BCP

CYBER CRISIS IN PANDEMIC TIMES

MICROSCOPIC LESSONS – DAY ONE OF THE INCIDENT

The Mindset to Have During a Crisis

Selling the Idea

THE RECOVERY

IMPROVEMENT WITH HINDSIGHT

THIRD-PARTY RISKS AND CYBER INSURANCE

EFFECTIVE LEADERSHIP IN TIMES OF CRISIS

A SUPPORTIVE MANAGEMENT HELPS BRING RESULTS

NOTES

CHAPTER 6 Where Do We Go When the Power Goes Off?: Security Operations Centers Require People, Processes, and Technology Components

ASSESSING THE SITUATION

ESTABLISHING ORDER

CYBER TEAMWORK DURING A BLACKOUT

STEPPING BACK TO STEP FORWARD

PEOPLE, PROCESS, AND TECHNOLOGY IN CYBER EMERGENCIES

CISO MINDSET REGARDING SECURITY INCIDENTS

DEFINING SECURITY OPERATIONS?

MEASURING RESULTS: KEY PERFORMANCE INDICATORS

INFORMATION SHARING

STRENGTHENING PLAYBOOKS

MULTI-STATE SECURITY OPERATIONS5

NOTES

CHAPTER 7 Teamwork in the Midst of the Fire

A BIG STEP BACK – AND ANALYZING WHAT WENT RIGHT AND WRONG WITH THE JCTF PROCESSES

A PRIVATE SECTOR INCIDENT WITH A (SOMEWHAT) HAPPY ENDING

GREAT LEADERS FOSTER TEAMWORK – BUT HOW?

SEVEN TIPS TO IMPROVE TEAMWORK

NOTES

CHAPTER 8 What Went Right?

SWIFTNESS MATTERS

PROACTIVE LEADERSHIP AND TRANSPARENCY AS KEY FACTORS

AVIATION INDUSTRY LESSONS FROM A CRISIS COMMUNICATIONS RESEARCHER

COMMUNICATING CYBER CRISIS WITH CONSOLE

MEET THE WORLD'S FIRST CISO

THE BASIC KEYS OF DISASTER RESPONSE

THE PROBLEM WITH MISINFORMATION

THE STOCKWELL TUBE INCIDENT

NOTES

CHAPTER 9 The Road to Recovery

CYBER MINDSETS FROM A WAR ZONE

HINDRANCES TO AVOID

ASYMMETRIC HYBRID WARFARE (AHW)

THE ROAD TO NO RECOVERY

THE FIRST STEP IN COMMUNICATION

THE FOUR STEPS OF A CRISIS-READY FORMULA

KEY ACTIONS FOR RECOVERY

NOTES

CHAPTER 10 What Went Wrong – How Did We Miss It?

MISTAKES AND SOLUTIONS IN WISCONSIN

HOSPITAL RANSOMWARE – AND LEARNING FROM MISTAKES

HOW OVERCONFIDENCE CAN IMPACT ORGANIZATIONAL SECURITY AND CAUSE DATA BREACHES

REFLECTING ON INCIDENTS WITH A MENTOR

NOTES

CHAPTER 11 Turning Cyber Incident Lemons into Organizational Lemonade

ARE WE LEARNING FROM THESE TRUE STORIES?

CALLS FOR MORE RESILIENCE AND DOING MUCH BETTER

MORE LESSONS LEARNED

BACK TO THE BEGINNING: A CIRCULAR APPROACH TO INCIDENT RESPONSE DURING CYBER EMERGENCIES

A HELPFUL HOSPITAL EXAMPLE

MAKING LEMONADE

FIVE LESSONS FROM THE HOSPITAL ATTACK

FIVE LESSONS FROM DIVERSE INFORMATION SHARING AND ANALYSIS CENTERS (ISACs)

BRINGING IT ALL TOGETHER

THE ECOSYSTEM VIEW

LEADING BY EXAMPLE

NOTES

Free Cyber Incident Resources

CYBER INCIDENT RESPONSE PLANNING AND PLANS

STANDARDS, FRAMEWORKS, AND POLICIES

EXERCISE TEMPLATES

CYBER STRATEGY DOCUMENTS

INCIDENT RESPONSE PLAYBOOKS

CERT RESOURCES

CYBER INSURANCE GUIDANCE

LESSONS LEARNED DOCUMENTS

TRAINING OPPORTUNITIES, INCLUDING CYBER RANGES

LAWS AND REPORTING ON DATA BREACHES AND PROTECTING DATA

CRISIS COMMUNICATIONS

Acknowledgments

About the Authors

Index

WILEY END USER LICENSE AGREEMENT

Отрывок из книги

“This is the first practical book on cybersecurity I could not put down – it wouldn't let me. It is filled with easily relatable true stories and facts. It's exceptionally well-written and engaging, and nearly every page contains a gem of practical advice. This work is simply indispensable for all public managers to read, absorb, and act. Lohrmann's and Tan's frontline cyber experience brings years of collective wisdom together into one wonderful fact-filled book that one will treasure and will want to always have by their side.”

Dr. Alan R. Shark, Executive Director of CompTIA's Public Technology Institute (PTI)

.....

One exception was a large agency with significant citizen privacy responsibilities. Chief privacy officers were even more rare than CISOs at the time, so privacy issues were typically part of the CISO's portfolio of responsibilities. When Mark met with the leadership of this particular agency, he encouraged them to fill the CISO/security leader role as soon as possible since they were accepting a significant amount of risk by failing to have a single point of contact to guide the security and privacy efforts of the agency.

Mark recounts what happened next:

.....

Добавление нового отзыва

Комментарий Поле, отмеченное звёздочкой  — обязательно к заполнению

Отзывы и комментарии читателей

Нет рецензий. Будьте первым, кто напишет рецензию на книгу Cyber Mayday and the Day After
Подняться наверх