The Cybersecurity Guide to Governance, Risk, and Compliance:
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Newark
John Wiley & Sons, Incorporated
2024
|
| Ausgabe: | 1st ed |
| Schlagworte: | |
| Online-Zugang: | DE-2070s |
| Beschreibung: | Description based on publisher supplied metadata and other sources |
| Beschreibung: | 1 Online-Ressource (669 Seiten) |
| ISBN: | 9781394250219 |
Internformat
MARC
| LEADER | 00000nam a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV049873828 | ||
| 003 | DE-604 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 240919s2024 xx o|||| 00||| eng d | ||
| 020 | |a 9781394250219 |9 978-1-394-25021-9 | ||
| 035 | |a (ZDB-30-PQE)EBC31201269 | ||
| 035 | |a (ZDB-30-PAD)EBC31201269 | ||
| 035 | |a (ZDB-89-EBL)EBL31201269 | ||
| 035 | |a (OCoLC)1423504419 | ||
| 035 | |a (DE-599)BVBBV049873828 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-2070s | ||
| 082 | 0 | |a 658.478 | |
| 100 | 1 | |a Edwards, Jason |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a The Cybersecurity Guide to Governance, Risk, and Compliance |
| 250 | |a 1st ed | ||
| 264 | 1 | |a Newark |b John Wiley & Sons, Incorporated |c 2024 | |
| 264 | 4 | |c ©2024 | |
| 300 | |a 1 Online-Ressource (669 Seiten) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Description based on publisher supplied metadata and other sources | ||
| 505 | 8 | |a Cover -- Title Page -- Copyright Page -- Dedication by Griffin Weaver -- Dedication by Jason Edwards -- Contents -- Purpose of the Book -- Target Audience -- Structure of the Book -- Foreword by Wil Bennett -- Foreword by Gary McAlum -- Acknowledgments -- Chapter 1 Governance, Risk Management, and Compliance -- Understanding GRC -- The Business Case for GRC -- Governance: Laying the foundation -- Risk Management: Managing Uncertainties -- Compliance: Adhering to regulations and Standards -- The Intersection of governance, Risk, and Compliance -- GRC Frameworks and Standards -- GRC Tools and Technologies -- Building a GRC Culture -- The Role of GRC in Strategic Planning -- Chapter Conclusion -- Case Study: GRC Implementation at SpectraCorp -- Chapter 2 The Landscape of Cybersecurity -- Comprehensive Overview of cybersecurity Maturity -- Cybersecurity In the Financial Industry -- Cybersecurity in the Healthcare Industry -- Cybersecurity in the Government Sector -- Cybersecurity in Small to Large Enterprises -- Chapter Conclusion -- Case Study: TechGiant Inc.'s Holistic Approach to Information Security -- Chapter 3 Cybersecurity Leadership: Insights and Best Practices -- The Essential Traits of a Cybersecurity Leader -- Building and Leading Effective Cybersecurity Teams -- Adapting to Emerging Trends in Cybersecurity Leadership -- Strategic Decision-making in Cybersecurity Leadership -- Developing the Next Generation of Cybersecurity Leaders -- Personal Development for Cybersecurity Leaders -- Incident Management and Crisis Leadership -- Leading Cybersecurity Culture and Awareness -- The Ethical Dimension of Cybersecurity Leadership -- Balancing Business Objectives and Cybersecurity -- Learning from Military Leadership -- Future Trends and Preparing for What's Next -- Chapter Conclusion | |
| 505 | 8 | |a Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc. -- Chapter 4 Cybersecurity Program and Project Management -- Program and Project Management in Cybersecurity -- Types of Cybersecurity Projects -- Project Management Fundamentals Applied to Cybersecurity -- Agile Project Management for Cybersecurity -- Managing Cybersecurity Programs -- Communication and Collaboration in Cybersecurity Projects -- A Guide for Project Managers in Cybersecurity -- Chapter Conclusion -- Case Study: Proactive Program Management at Acme Tech -- Chapter 5 Cybersecurity for Business Executives -- Why Business Executives Need to be Involved in Cybersecurity -- Roles and Responsibilities of Business Executives in Cybersecurity -- Effective Collaboration Between Business Executives and Cybersecurity Teams -- Key Cybersecurity Concepts for Business Executives -- Incorporating Cybersecurity into Business Decision-making -- Developing a Cybersecurity Risk Appetite -- Training and Awareness for Business Executives -- Legal and Regulatory Considerations for Business Executives -- The Future of business Executive Engagement in Cybersecurity -- Chapter Conclusion -- Case Study: Engaging Cybersecurity at Spectrum Enterprises -- Chapter 6 Cybersecurity and the Board of Directors -- The Critical Role of the Board in Cybersecurity -- Perspectives from the Board of Directors -- Perspectives from Cybersecurity Executives -- The Board's Responsibilities in Cybersecurity -- Effective Communication Between the Board and Cybersecurity Executives -- Specific Recommendations for Reporting to the Board -- Insights from the FFIEC and other Standards on Board Involvement -- Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture -- Legal and Regulatory Considerations for the Board -- The Future of Board Involvement in Cybersecurity -- Chapter Conclusion | |
| 505 | 8 | |a Case Study: Cybersecurity Board Governance at TechPioneer Inc. -- Chapter 7 Risk Management -- Risk Management in the Business -- Understanding the Risk Management Life Cycle -- FFIEC Handbooks and Risk Management Guidance -- Governance and Risk Management Framework -- Risk Approvals and the Role of Committees -- Risk Identification and Analysis -- Third-Party Risk Management -- Regulatory Expectations For third-party Risk Management -- Compliance and Legal Risk Management -- Monitoring and Reporting -- Chapter Conclusion -- Case Study: Navigating Risk Management at Phoenix Innovations -- Chapter 8 The NIST Risk Management Framework -- The NIST Risk Management Framework -- Understanding RMF's Authorization Process -- NIST RMF in Practice: Step-by-Step Analysis -- Applicability to Regulatory Expectations -- Integrating NIST RMF into an Organization -- Using NIST RMF for Risk Assessment and Management -- NIST RMF and Technology Implementation -- Challenges and Solutions in Implementing NIST RMF -- NIST RMF and Third-Party Risk Management -- Chapter Conclusion -- Case Study: OmniTech Corporation and NIST RMF Implementation -- Sample RMF Authorization Document Package -- Chapter 9 Cybersecurity Metrics -- Understanding Cybersecurity Metrics -- The Importance of Metrics in cybersecurity -- The Role of Metrics in Decision-making and Resource Allocation -- Differentiating Between KPIs and KRIs -- The Role of Metrics in Compliance -- Challenges and Considerations -- Key Performance Indicators (KPIs) -- Key Risk Indicators (KRIs) -- Integrating KPIs and KRIs into Cybersecurity Strategy -- Chapter Conclusion -- Case Study: Transforming TechNova's Defense Landscape -- Chapter 10 Risk Assessments -- The Importance of Risk Assessments -- The FFIEC's Perspective on Risk Assessments -- NIST's Approach to Risk Assessments -- Risk Assessment Frameworks | |
| 505 | 8 | |a Conducting a Cybersecurity Risk Assessment -- Managing Third-Party Risks -- Challenges and Best Practices in Risk Assessments -- Chapter Conclusion -- Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions -- Risk Assessment Template Example -- Chapter 11 NIST Cybersecurity Framework -- Background on the NIST CSF -- Core Functions and Categories -- Implementation Tiers -- Tier 1: Partial -- Tier 2: Risk-Informed -- Tier 3: Repeatable -- Tier 4: Adaptive -- Profiles -- Purpose and Use of Profiles -- Creating a Profile -- Customizing Profiles -- Profile Examples -- Profile Maintenance and Updates -- Implementation -- Understanding Organizational Requirements -- Assessing the Current State -- Defining the Desired State -- Gap Analysis and Prioritization -- Developing and Executing the Action Plan -- Continuous Improvement -- Chapter Conclusion -- Case Study: Cybersecurity Journey of TechPulse Inc. -- Chapter 12 Cybersecurity Frameworks -- ISO/IEC 27001: Information Security Management -- COBIT (Control Objectives for Information and Related Technologies) -- CMMC (Cybersecurity Maturity Model Certification) -- CIS (Center for Internet Security) Controls -- PCI DSS (Payment Card Industry Data Security Standard) -- ICFR (internal Control over Financial Reporting) -- Cloud Security Alliance Controls -- ISO 27017: Code of Practice for Information Security Controls -- ISO 27701: Privacy Information Management -- Comparing and Integrating Different Cybersecurity Frameworks -- Future Trends in Cybersecurity Frameworks -- Chapter Conclusion -- Case Study: Securing Globex Corporation -- Top Strengths of Each Framework -- Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework -- Overview of NIST SP 800-53 -- Structure and Organization of NIST SP 800-53 -- Understanding Controls and Control Families | |
| 505 | 8 | |a Chapter Conclusion -- Case Study: SecureTech Solutions -- NIST 800-53 Control Families and Descriptions -- AC: Access Control -- PE: Physical and Environmental Protection -- AT: Awareness and Training -- PL: Planning -- AU: Audit and Accountability -- PM: Program Management -- CA: Assessment, Authorization, and Monitoring -- PS: Personnel Security -- CM: Configuration Management -- PT: PII Processing and Transparency -- CP: Contingency Planning -- RA: Risk Assessment -- IA: Identification and Authentication -- SA: System and Services Acquisition -- IR: Incident Response -- SC: System and Communications Protection -- MA: Maintenance -- SI: System and Information Integrity -- MP: Media Protection -- SR: Supply Chain Risk Management -- Chapter 14 The FFIEC: An Introduction -- FFIEC History and Background -- Role and Responsibilities -- Understanding the FFIEC Examination Handbooks -- The FFIEC Cybersecurity Assessment Tool (CAT) -- The FFIEC Audit Handbook -- The FFIEC Business Continuity Handbook -- The FFIEC Development and Acquisition Handbook -- The FFIEC Information Security Handbook -- The FFIEC Management Handbook -- The Architecture, Infrastructure, and Operations Handbook -- The Outsourcing Technology Services Handbook -- The Retail Payment Systems Handbook -- The Supervision of Technology Service Providers Handbook -- The Wholesale Payment Systems Handbook -- Chapter Conclusion -- Chapter 15 U.S. Federal Cybersecurity Regulations -- Gramm-Leach-Bliley Act (GLBA) -- The Health Insurance Portability and Accountability Act (HIPAA) -- Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B) -- Payment Card Industry Data Security Standard (PCI DSS) -- Sarbanes-Oxley Act (SOX) -- The Cloud Act -- Internal Revenue Service Publication 1075 -- Criminal Justice Information Services (CJIS) Security Policy | |
| 505 | 8 | |a Defense Federal Acquisition Regulation Supplement (DFARS) | |
| 650 | 4 | |a Business enterprises-Computer networks-Security measures | |
| 650 | 4 | |a Computer security | |
| 650 | 4 | |a Computer crimes-Prevention | |
| 700 | 1 | |a Weaver, Griffin |e Sonstige |4 oth | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |a Edwards, Jason |t The Cybersecurity Guide to Governance, Risk, and Compliance |d Newark : John Wiley & Sons, Incorporated,c2024 |z 9781394250196 |
| 912 | |a ZDB-30-PQE | ||
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-035213286 | |
| 966 | e | |u https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=31201269 |l DE-2070s |p ZDB-30-PQE |q HWR_PDA_PQE |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1817704728059969536 |
|---|---|
| adam_text | |
| any_adam_object | |
| author | Edwards, Jason |
| author_facet | Edwards, Jason |
| author_role | aut |
| author_sort | Edwards, Jason |
| author_variant | j e je |
| building | Verbundindex |
| bvnumber | BV049873828 |
| collection | ZDB-30-PQE |
| contents | Cover -- Title Page -- Copyright Page -- Dedication by Griffin Weaver -- Dedication by Jason Edwards -- Contents -- Purpose of the Book -- Target Audience -- Structure of the Book -- Foreword by Wil Bennett -- Foreword by Gary McAlum -- Acknowledgments -- Chapter 1 Governance, Risk Management, and Compliance -- Understanding GRC -- The Business Case for GRC -- Governance: Laying the foundation -- Risk Management: Managing Uncertainties -- Compliance: Adhering to regulations and Standards -- The Intersection of governance, Risk, and Compliance -- GRC Frameworks and Standards -- GRC Tools and Technologies -- Building a GRC Culture -- The Role of GRC in Strategic Planning -- Chapter Conclusion -- Case Study: GRC Implementation at SpectraCorp -- Chapter 2 The Landscape of Cybersecurity -- Comprehensive Overview of cybersecurity Maturity -- Cybersecurity In the Financial Industry -- Cybersecurity in the Healthcare Industry -- Cybersecurity in the Government Sector -- Cybersecurity in Small to Large Enterprises -- Chapter Conclusion -- Case Study: TechGiant Inc.'s Holistic Approach to Information Security -- Chapter 3 Cybersecurity Leadership: Insights and Best Practices -- The Essential Traits of a Cybersecurity Leader -- Building and Leading Effective Cybersecurity Teams -- Adapting to Emerging Trends in Cybersecurity Leadership -- Strategic Decision-making in Cybersecurity Leadership -- Developing the Next Generation of Cybersecurity Leaders -- Personal Development for Cybersecurity Leaders -- Incident Management and Crisis Leadership -- Leading Cybersecurity Culture and Awareness -- The Ethical Dimension of Cybersecurity Leadership -- Balancing Business Objectives and Cybersecurity -- Learning from Military Leadership -- Future Trends and Preparing for What's Next -- Chapter Conclusion Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc. -- Chapter 4 Cybersecurity Program and Project Management -- Program and Project Management in Cybersecurity -- Types of Cybersecurity Projects -- Project Management Fundamentals Applied to Cybersecurity -- Agile Project Management for Cybersecurity -- Managing Cybersecurity Programs -- Communication and Collaboration in Cybersecurity Projects -- A Guide for Project Managers in Cybersecurity -- Chapter Conclusion -- Case Study: Proactive Program Management at Acme Tech -- Chapter 5 Cybersecurity for Business Executives -- Why Business Executives Need to be Involved in Cybersecurity -- Roles and Responsibilities of Business Executives in Cybersecurity -- Effective Collaboration Between Business Executives and Cybersecurity Teams -- Key Cybersecurity Concepts for Business Executives -- Incorporating Cybersecurity into Business Decision-making -- Developing a Cybersecurity Risk Appetite -- Training and Awareness for Business Executives -- Legal and Regulatory Considerations for Business Executives -- The Future of business Executive Engagement in Cybersecurity -- Chapter Conclusion -- Case Study: Engaging Cybersecurity at Spectrum Enterprises -- Chapter 6 Cybersecurity and the Board of Directors -- The Critical Role of the Board in Cybersecurity -- Perspectives from the Board of Directors -- Perspectives from Cybersecurity Executives -- The Board's Responsibilities in Cybersecurity -- Effective Communication Between the Board and Cybersecurity Executives -- Specific Recommendations for Reporting to the Board -- Insights from the FFIEC and other Standards on Board Involvement -- Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture -- Legal and Regulatory Considerations for the Board -- The Future of Board Involvement in Cybersecurity -- Chapter Conclusion Case Study: Cybersecurity Board Governance at TechPioneer Inc. -- Chapter 7 Risk Management -- Risk Management in the Business -- Understanding the Risk Management Life Cycle -- FFIEC Handbooks and Risk Management Guidance -- Governance and Risk Management Framework -- Risk Approvals and the Role of Committees -- Risk Identification and Analysis -- Third-Party Risk Management -- Regulatory Expectations For third-party Risk Management -- Compliance and Legal Risk Management -- Monitoring and Reporting -- Chapter Conclusion -- Case Study: Navigating Risk Management at Phoenix Innovations -- Chapter 8 The NIST Risk Management Framework -- The NIST Risk Management Framework -- Understanding RMF's Authorization Process -- NIST RMF in Practice: Step-by-Step Analysis -- Applicability to Regulatory Expectations -- Integrating NIST RMF into an Organization -- Using NIST RMF for Risk Assessment and Management -- NIST RMF and Technology Implementation -- Challenges and Solutions in Implementing NIST RMF -- NIST RMF and Third-Party Risk Management -- Chapter Conclusion -- Case Study: OmniTech Corporation and NIST RMF Implementation -- Sample RMF Authorization Document Package -- Chapter 9 Cybersecurity Metrics -- Understanding Cybersecurity Metrics -- The Importance of Metrics in cybersecurity -- The Role of Metrics in Decision-making and Resource Allocation -- Differentiating Between KPIs and KRIs -- The Role of Metrics in Compliance -- Challenges and Considerations -- Key Performance Indicators (KPIs) -- Key Risk Indicators (KRIs) -- Integrating KPIs and KRIs into Cybersecurity Strategy -- Chapter Conclusion -- Case Study: Transforming TechNova's Defense Landscape -- Chapter 10 Risk Assessments -- The Importance of Risk Assessments -- The FFIEC's Perspective on Risk Assessments -- NIST's Approach to Risk Assessments -- Risk Assessment Frameworks Conducting a Cybersecurity Risk Assessment -- Managing Third-Party Risks -- Challenges and Best Practices in Risk Assessments -- Chapter Conclusion -- Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions -- Risk Assessment Template Example -- Chapter 11 NIST Cybersecurity Framework -- Background on the NIST CSF -- Core Functions and Categories -- Implementation Tiers -- Tier 1: Partial -- Tier 2: Risk-Informed -- Tier 3: Repeatable -- Tier 4: Adaptive -- Profiles -- Purpose and Use of Profiles -- Creating a Profile -- Customizing Profiles -- Profile Examples -- Profile Maintenance and Updates -- Implementation -- Understanding Organizational Requirements -- Assessing the Current State -- Defining the Desired State -- Gap Analysis and Prioritization -- Developing and Executing the Action Plan -- Continuous Improvement -- Chapter Conclusion -- Case Study: Cybersecurity Journey of TechPulse Inc. -- Chapter 12 Cybersecurity Frameworks -- ISO/IEC 27001: Information Security Management -- COBIT (Control Objectives for Information and Related Technologies) -- CMMC (Cybersecurity Maturity Model Certification) -- CIS (Center for Internet Security) Controls -- PCI DSS (Payment Card Industry Data Security Standard) -- ICFR (internal Control over Financial Reporting) -- Cloud Security Alliance Controls -- ISO 27017: Code of Practice for Information Security Controls -- ISO 27701: Privacy Information Management -- Comparing and Integrating Different Cybersecurity Frameworks -- Future Trends in Cybersecurity Frameworks -- Chapter Conclusion -- Case Study: Securing Globex Corporation -- Top Strengths of Each Framework -- Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework -- Overview of NIST SP 800-53 -- Structure and Organization of NIST SP 800-53 -- Understanding Controls and Control Families Chapter Conclusion -- Case Study: SecureTech Solutions -- NIST 800-53 Control Families and Descriptions -- AC: Access Control -- PE: Physical and Environmental Protection -- AT: Awareness and Training -- PL: Planning -- AU: Audit and Accountability -- PM: Program Management -- CA: Assessment, Authorization, and Monitoring -- PS: Personnel Security -- CM: Configuration Management -- PT: PII Processing and Transparency -- CP: Contingency Planning -- RA: Risk Assessment -- IA: Identification and Authentication -- SA: System and Services Acquisition -- IR: Incident Response -- SC: System and Communications Protection -- MA: Maintenance -- SI: System and Information Integrity -- MP: Media Protection -- SR: Supply Chain Risk Management -- Chapter 14 The FFIEC: An Introduction -- FFIEC History and Background -- Role and Responsibilities -- Understanding the FFIEC Examination Handbooks -- The FFIEC Cybersecurity Assessment Tool (CAT) -- The FFIEC Audit Handbook -- The FFIEC Business Continuity Handbook -- The FFIEC Development and Acquisition Handbook -- The FFIEC Information Security Handbook -- The FFIEC Management Handbook -- The Architecture, Infrastructure, and Operations Handbook -- The Outsourcing Technology Services Handbook -- The Retail Payment Systems Handbook -- The Supervision of Technology Service Providers Handbook -- The Wholesale Payment Systems Handbook -- Chapter Conclusion -- Chapter 15 U.S. Federal Cybersecurity Regulations -- Gramm-Leach-Bliley Act (GLBA) -- The Health Insurance Portability and Accountability Act (HIPAA) -- Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B) -- Payment Card Industry Data Security Standard (PCI DSS) -- Sarbanes-Oxley Act (SOX) -- The Cloud Act -- Internal Revenue Service Publication 1075 -- Criminal Justice Information Services (CJIS) Security Policy Defense Federal Acquisition Regulation Supplement (DFARS) |
| ctrlnum | (ZDB-30-PQE)EBC31201269 (ZDB-30-PAD)EBC31201269 (ZDB-89-EBL)EBL31201269 (OCoLC)1423504419 (DE-599)BVBBV049873828 |
| dewey-full | 658.478 |
| dewey-hundreds | 600 - Technology (Applied sciences) |
| dewey-ones | 658 - General management |
| dewey-raw | 658.478 |
| dewey-search | 658.478 |
| dewey-sort | 3658.478 |
| dewey-tens | 650 - Management and auxiliary services |
| discipline | Wirtschaftswissenschaften |
| edition | 1st ed |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000zc 4500</leader><controlfield tag="001">BV049873828</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">240919s2024 xx o|||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781394250219</subfield><subfield code="9">978-1-394-25021-9</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC31201269</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PAD)EBC31201269</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-89-EBL)EBL31201269</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1423504419</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV049873828</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-2070s</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">658.478</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Edwards, Jason</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">The Cybersecurity Guide to Governance, Risk, and Compliance</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">1st ed</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Newark</subfield><subfield code="b">John Wiley & Sons, Incorporated</subfield><subfield code="c">2024</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2024</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (669 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cover -- Title Page -- Copyright Page -- Dedication by Griffin Weaver -- Dedication by Jason Edwards -- Contents -- Purpose of the Book -- Target Audience -- Structure of the Book -- Foreword by Wil Bennett -- Foreword by Gary McAlum -- Acknowledgments -- Chapter 1 Governance, Risk Management, and Compliance -- Understanding GRC -- The Business Case for GRC -- Governance: Laying the foundation -- Risk Management: Managing Uncertainties -- Compliance: Adhering to regulations and Standards -- The Intersection of governance, Risk, and Compliance -- GRC Frameworks and Standards -- GRC Tools and Technologies -- Building a GRC Culture -- The Role of GRC in Strategic Planning -- Chapter Conclusion -- Case Study: GRC Implementation at SpectraCorp -- Chapter 2 The Landscape of Cybersecurity -- Comprehensive Overview of cybersecurity Maturity -- Cybersecurity In the Financial Industry -- Cybersecurity in the Healthcare Industry -- Cybersecurity in the Government Sector -- Cybersecurity in Small to Large Enterprises -- Chapter Conclusion -- Case Study: TechGiant Inc.'s Holistic Approach to Information Security -- Chapter 3 Cybersecurity Leadership: Insights and Best Practices -- The Essential Traits of a Cybersecurity Leader -- Building and Leading Effective Cybersecurity Teams -- Adapting to Emerging Trends in Cybersecurity Leadership -- Strategic Decision-making in Cybersecurity Leadership -- Developing the Next Generation of Cybersecurity Leaders -- Personal Development for Cybersecurity Leaders -- Incident Management and Crisis Leadership -- Leading Cybersecurity Culture and Awareness -- The Ethical Dimension of Cybersecurity Leadership -- Balancing Business Objectives and Cybersecurity -- Learning from Military Leadership -- Future Trends and Preparing for What's Next -- Chapter Conclusion</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc. -- Chapter 4 Cybersecurity Program and Project Management -- Program and Project Management in Cybersecurity -- Types of Cybersecurity Projects -- Project Management Fundamentals Applied to Cybersecurity -- Agile Project Management for Cybersecurity -- Managing Cybersecurity Programs -- Communication and Collaboration in Cybersecurity Projects -- A Guide for Project Managers in Cybersecurity -- Chapter Conclusion -- Case Study: Proactive Program Management at Acme Tech -- Chapter 5 Cybersecurity for Business Executives -- Why Business Executives Need to be Involved in Cybersecurity -- Roles and Responsibilities of Business Executives in Cybersecurity -- Effective Collaboration Between Business Executives and Cybersecurity Teams -- Key Cybersecurity Concepts for Business Executives -- Incorporating Cybersecurity into Business Decision-making -- Developing a Cybersecurity Risk Appetite -- Training and Awareness for Business Executives -- Legal and Regulatory Considerations for Business Executives -- The Future of business Executive Engagement in Cybersecurity -- Chapter Conclusion -- Case Study: Engaging Cybersecurity at Spectrum Enterprises -- Chapter 6 Cybersecurity and the Board of Directors -- The Critical Role of the Board in Cybersecurity -- Perspectives from the Board of Directors -- Perspectives from Cybersecurity Executives -- The Board's Responsibilities in Cybersecurity -- Effective Communication Between the Board and Cybersecurity Executives -- Specific Recommendations for Reporting to the Board -- Insights from the FFIEC and other Standards on Board Involvement -- Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture -- Legal and Regulatory Considerations for the Board -- The Future of Board Involvement in Cybersecurity -- Chapter Conclusion</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Case Study: Cybersecurity Board Governance at TechPioneer Inc. -- Chapter 7 Risk Management -- Risk Management in the Business -- Understanding the Risk Management Life Cycle -- FFIEC Handbooks and Risk Management Guidance -- Governance and Risk Management Framework -- Risk Approvals and the Role of Committees -- Risk Identification and Analysis -- Third-Party Risk Management -- Regulatory Expectations For third-party Risk Management -- Compliance and Legal Risk Management -- Monitoring and Reporting -- Chapter Conclusion -- Case Study: Navigating Risk Management at Phoenix Innovations -- Chapter 8 The NIST Risk Management Framework -- The NIST Risk Management Framework -- Understanding RMF's Authorization Process -- NIST RMF in Practice: Step-by-Step Analysis -- Applicability to Regulatory Expectations -- Integrating NIST RMF into an Organization -- Using NIST RMF for Risk Assessment and Management -- NIST RMF and Technology Implementation -- Challenges and Solutions in Implementing NIST RMF -- NIST RMF and Third-Party Risk Management -- Chapter Conclusion -- Case Study: OmniTech Corporation and NIST RMF Implementation -- Sample RMF Authorization Document Package -- Chapter 9 Cybersecurity Metrics -- Understanding Cybersecurity Metrics -- The Importance of Metrics in cybersecurity -- The Role of Metrics in Decision-making and Resource Allocation -- Differentiating Between KPIs and KRIs -- The Role of Metrics in Compliance -- Challenges and Considerations -- Key Performance Indicators (KPIs) -- Key Risk Indicators (KRIs) -- Integrating KPIs and KRIs into Cybersecurity Strategy -- Chapter Conclusion -- Case Study: Transforming TechNova's Defense Landscape -- Chapter 10 Risk Assessments -- The Importance of Risk Assessments -- The FFIEC's Perspective on Risk Assessments -- NIST's Approach to Risk Assessments -- Risk Assessment Frameworks</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Conducting a Cybersecurity Risk Assessment -- Managing Third-Party Risks -- Challenges and Best Practices in Risk Assessments -- Chapter Conclusion -- Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions -- Risk Assessment Template Example -- Chapter 11 NIST Cybersecurity Framework -- Background on the NIST CSF -- Core Functions and Categories -- Implementation Tiers -- Tier 1: Partial -- Tier 2: Risk-Informed -- Tier 3: Repeatable -- Tier 4: Adaptive -- Profiles -- Purpose and Use of Profiles -- Creating a Profile -- Customizing Profiles -- Profile Examples -- Profile Maintenance and Updates -- Implementation -- Understanding Organizational Requirements -- Assessing the Current State -- Defining the Desired State -- Gap Analysis and Prioritization -- Developing and Executing the Action Plan -- Continuous Improvement -- Chapter Conclusion -- Case Study: Cybersecurity Journey of TechPulse Inc. -- Chapter 12 Cybersecurity Frameworks -- ISO/IEC 27001: Information Security Management -- COBIT (Control Objectives for Information and Related Technologies) -- CMMC (Cybersecurity Maturity Model Certification) -- CIS (Center for Internet Security) Controls -- PCI DSS (Payment Card Industry Data Security Standard) -- ICFR (internal Control over Financial Reporting) -- Cloud Security Alliance Controls -- ISO 27017: Code of Practice for Information Security Controls -- ISO 27701: Privacy Information Management -- Comparing and Integrating Different Cybersecurity Frameworks -- Future Trends in Cybersecurity Frameworks -- Chapter Conclusion -- Case Study: Securing Globex Corporation -- Top Strengths of Each Framework -- Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework -- Overview of NIST SP 800-53 -- Structure and Organization of NIST SP 800-53 -- Understanding Controls and Control Families</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Chapter Conclusion -- Case Study: SecureTech Solutions -- NIST 800-53 Control Families and Descriptions -- AC: Access Control -- PE: Physical and Environmental Protection -- AT: Awareness and Training -- PL: Planning -- AU: Audit and Accountability -- PM: Program Management -- CA: Assessment, Authorization, and Monitoring -- PS: Personnel Security -- CM: Configuration Management -- PT: PII Processing and Transparency -- CP: Contingency Planning -- RA: Risk Assessment -- IA: Identification and Authentication -- SA: System and Services Acquisition -- IR: Incident Response -- SC: System and Communications Protection -- MA: Maintenance -- SI: System and Information Integrity -- MP: Media Protection -- SR: Supply Chain Risk Management -- Chapter 14 The FFIEC: An Introduction -- FFIEC History and Background -- Role and Responsibilities -- Understanding the FFIEC Examination Handbooks -- The FFIEC Cybersecurity Assessment Tool (CAT) -- The FFIEC Audit Handbook -- The FFIEC Business Continuity Handbook -- The FFIEC Development and Acquisition Handbook -- The FFIEC Information Security Handbook -- The FFIEC Management Handbook -- The Architecture, Infrastructure, and Operations Handbook -- The Outsourcing Technology Services Handbook -- The Retail Payment Systems Handbook -- The Supervision of Technology Service Providers Handbook -- The Wholesale Payment Systems Handbook -- Chapter Conclusion -- Chapter 15 U.S. Federal Cybersecurity Regulations -- Gramm-Leach-Bliley Act (GLBA) -- The Health Insurance Portability and Accountability Act (HIPAA) -- Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B) -- Payment Card Industry Data Security Standard (PCI DSS) -- Sarbanes-Oxley Act (SOX) -- The Cloud Act -- Internal Revenue Service Publication 1075 -- Criminal Justice Information Services (CJIS) Security Policy</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Defense Federal Acquisition Regulation Supplement (DFARS)</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Business enterprises-Computer networks-Security measures</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer security</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Computer crimes-Prevention</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Weaver, Griffin</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="a">Edwards, Jason</subfield><subfield code="t">The Cybersecurity Guide to Governance, Risk, and Compliance</subfield><subfield code="d">Newark : John Wiley & Sons, Incorporated,c2024</subfield><subfield code="z">9781394250196</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-035213286</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=31201269</subfield><subfield code="l">DE-2070s</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">HWR_PDA_PQE</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV049873828 |
| illustrated | Not Illustrated |
| indexdate | 2024-12-06T15:18:33Z |
| institution | BVB |
| isbn | 9781394250219 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-035213286 |
| oclc_num | 1423504419 |
| open_access_boolean | |
| owner | DE-2070s |
| owner_facet | DE-2070s |
| physical | 1 Online-Ressource (669 Seiten) |
| psigel | ZDB-30-PQE ZDB-30-PQE HWR_PDA_PQE |
| publishDate | 2024 |
| publishDateSearch | 2024 |
| publishDateSort | 2024 |
| publisher | John Wiley & Sons, Incorporated |
| record_format | marc |
| spelling | Edwards, Jason Verfasser aut The Cybersecurity Guide to Governance, Risk, and Compliance 1st ed Newark John Wiley & Sons, Incorporated 2024 ©2024 1 Online-Ressource (669 Seiten) txt rdacontent c rdamedia cr rdacarrier Description based on publisher supplied metadata and other sources Cover -- Title Page -- Copyright Page -- Dedication by Griffin Weaver -- Dedication by Jason Edwards -- Contents -- Purpose of the Book -- Target Audience -- Structure of the Book -- Foreword by Wil Bennett -- Foreword by Gary McAlum -- Acknowledgments -- Chapter 1 Governance, Risk Management, and Compliance -- Understanding GRC -- The Business Case for GRC -- Governance: Laying the foundation -- Risk Management: Managing Uncertainties -- Compliance: Adhering to regulations and Standards -- The Intersection of governance, Risk, and Compliance -- GRC Frameworks and Standards -- GRC Tools and Technologies -- Building a GRC Culture -- The Role of GRC in Strategic Planning -- Chapter Conclusion -- Case Study: GRC Implementation at SpectraCorp -- Chapter 2 The Landscape of Cybersecurity -- Comprehensive Overview of cybersecurity Maturity -- Cybersecurity In the Financial Industry -- Cybersecurity in the Healthcare Industry -- Cybersecurity in the Government Sector -- Cybersecurity in Small to Large Enterprises -- Chapter Conclusion -- Case Study: TechGiant Inc.'s Holistic Approach to Information Security -- Chapter 3 Cybersecurity Leadership: Insights and Best Practices -- The Essential Traits of a Cybersecurity Leader -- Building and Leading Effective Cybersecurity Teams -- Adapting to Emerging Trends in Cybersecurity Leadership -- Strategic Decision-making in Cybersecurity Leadership -- Developing the Next Generation of Cybersecurity Leaders -- Personal Development for Cybersecurity Leaders -- Incident Management and Crisis Leadership -- Leading Cybersecurity Culture and Awareness -- The Ethical Dimension of Cybersecurity Leadership -- Balancing Business Objectives and Cybersecurity -- Learning from Military Leadership -- Future Trends and Preparing for What's Next -- Chapter Conclusion Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc. -- Chapter 4 Cybersecurity Program and Project Management -- Program and Project Management in Cybersecurity -- Types of Cybersecurity Projects -- Project Management Fundamentals Applied to Cybersecurity -- Agile Project Management for Cybersecurity -- Managing Cybersecurity Programs -- Communication and Collaboration in Cybersecurity Projects -- A Guide for Project Managers in Cybersecurity -- Chapter Conclusion -- Case Study: Proactive Program Management at Acme Tech -- Chapter 5 Cybersecurity for Business Executives -- Why Business Executives Need to be Involved in Cybersecurity -- Roles and Responsibilities of Business Executives in Cybersecurity -- Effective Collaboration Between Business Executives and Cybersecurity Teams -- Key Cybersecurity Concepts for Business Executives -- Incorporating Cybersecurity into Business Decision-making -- Developing a Cybersecurity Risk Appetite -- Training and Awareness for Business Executives -- Legal and Regulatory Considerations for Business Executives -- The Future of business Executive Engagement in Cybersecurity -- Chapter Conclusion -- Case Study: Engaging Cybersecurity at Spectrum Enterprises -- Chapter 6 Cybersecurity and the Board of Directors -- The Critical Role of the Board in Cybersecurity -- Perspectives from the Board of Directors -- Perspectives from Cybersecurity Executives -- The Board's Responsibilities in Cybersecurity -- Effective Communication Between the Board and Cybersecurity Executives -- Specific Recommendations for Reporting to the Board -- Insights from the FFIEC and other Standards on Board Involvement -- Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture -- Legal and Regulatory Considerations for the Board -- The Future of Board Involvement in Cybersecurity -- Chapter Conclusion Case Study: Cybersecurity Board Governance at TechPioneer Inc. -- Chapter 7 Risk Management -- Risk Management in the Business -- Understanding the Risk Management Life Cycle -- FFIEC Handbooks and Risk Management Guidance -- Governance and Risk Management Framework -- Risk Approvals and the Role of Committees -- Risk Identification and Analysis -- Third-Party Risk Management -- Regulatory Expectations For third-party Risk Management -- Compliance and Legal Risk Management -- Monitoring and Reporting -- Chapter Conclusion -- Case Study: Navigating Risk Management at Phoenix Innovations -- Chapter 8 The NIST Risk Management Framework -- The NIST Risk Management Framework -- Understanding RMF's Authorization Process -- NIST RMF in Practice: Step-by-Step Analysis -- Applicability to Regulatory Expectations -- Integrating NIST RMF into an Organization -- Using NIST RMF for Risk Assessment and Management -- NIST RMF and Technology Implementation -- Challenges and Solutions in Implementing NIST RMF -- NIST RMF and Third-Party Risk Management -- Chapter Conclusion -- Case Study: OmniTech Corporation and NIST RMF Implementation -- Sample RMF Authorization Document Package -- Chapter 9 Cybersecurity Metrics -- Understanding Cybersecurity Metrics -- The Importance of Metrics in cybersecurity -- The Role of Metrics in Decision-making and Resource Allocation -- Differentiating Between KPIs and KRIs -- The Role of Metrics in Compliance -- Challenges and Considerations -- Key Performance Indicators (KPIs) -- Key Risk Indicators (KRIs) -- Integrating KPIs and KRIs into Cybersecurity Strategy -- Chapter Conclusion -- Case Study: Transforming TechNova's Defense Landscape -- Chapter 10 Risk Assessments -- The Importance of Risk Assessments -- The FFIEC's Perspective on Risk Assessments -- NIST's Approach to Risk Assessments -- Risk Assessment Frameworks Conducting a Cybersecurity Risk Assessment -- Managing Third-Party Risks -- Challenges and Best Practices in Risk Assessments -- Chapter Conclusion -- Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions -- Risk Assessment Template Example -- Chapter 11 NIST Cybersecurity Framework -- Background on the NIST CSF -- Core Functions and Categories -- Implementation Tiers -- Tier 1: Partial -- Tier 2: Risk-Informed -- Tier 3: Repeatable -- Tier 4: Adaptive -- Profiles -- Purpose and Use of Profiles -- Creating a Profile -- Customizing Profiles -- Profile Examples -- Profile Maintenance and Updates -- Implementation -- Understanding Organizational Requirements -- Assessing the Current State -- Defining the Desired State -- Gap Analysis and Prioritization -- Developing and Executing the Action Plan -- Continuous Improvement -- Chapter Conclusion -- Case Study: Cybersecurity Journey of TechPulse Inc. -- Chapter 12 Cybersecurity Frameworks -- ISO/IEC 27001: Information Security Management -- COBIT (Control Objectives for Information and Related Technologies) -- CMMC (Cybersecurity Maturity Model Certification) -- CIS (Center for Internet Security) Controls -- PCI DSS (Payment Card Industry Data Security Standard) -- ICFR (internal Control over Financial Reporting) -- Cloud Security Alliance Controls -- ISO 27017: Code of Practice for Information Security Controls -- ISO 27701: Privacy Information Management -- Comparing and Integrating Different Cybersecurity Frameworks -- Future Trends in Cybersecurity Frameworks -- Chapter Conclusion -- Case Study: Securing Globex Corporation -- Top Strengths of Each Framework -- Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework -- Overview of NIST SP 800-53 -- Structure and Organization of NIST SP 800-53 -- Understanding Controls and Control Families Chapter Conclusion -- Case Study: SecureTech Solutions -- NIST 800-53 Control Families and Descriptions -- AC: Access Control -- PE: Physical and Environmental Protection -- AT: Awareness and Training -- PL: Planning -- AU: Audit and Accountability -- PM: Program Management -- CA: Assessment, Authorization, and Monitoring -- PS: Personnel Security -- CM: Configuration Management -- PT: PII Processing and Transparency -- CP: Contingency Planning -- RA: Risk Assessment -- IA: Identification and Authentication -- SA: System and Services Acquisition -- IR: Incident Response -- SC: System and Communications Protection -- MA: Maintenance -- SI: System and Information Integrity -- MP: Media Protection -- SR: Supply Chain Risk Management -- Chapter 14 The FFIEC: An Introduction -- FFIEC History and Background -- Role and Responsibilities -- Understanding the FFIEC Examination Handbooks -- The FFIEC Cybersecurity Assessment Tool (CAT) -- The FFIEC Audit Handbook -- The FFIEC Business Continuity Handbook -- The FFIEC Development and Acquisition Handbook -- The FFIEC Information Security Handbook -- The FFIEC Management Handbook -- The Architecture, Infrastructure, and Operations Handbook -- The Outsourcing Technology Services Handbook -- The Retail Payment Systems Handbook -- The Supervision of Technology Service Providers Handbook -- The Wholesale Payment Systems Handbook -- Chapter Conclusion -- Chapter 15 U.S. Federal Cybersecurity Regulations -- Gramm-Leach-Bliley Act (GLBA) -- The Health Insurance Portability and Accountability Act (HIPAA) -- Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B) -- Payment Card Industry Data Security Standard (PCI DSS) -- Sarbanes-Oxley Act (SOX) -- The Cloud Act -- Internal Revenue Service Publication 1075 -- Criminal Justice Information Services (CJIS) Security Policy Defense Federal Acquisition Regulation Supplement (DFARS) Business enterprises-Computer networks-Security measures Computer security Computer crimes-Prevention Weaver, Griffin Sonstige oth Erscheint auch als Druck-Ausgabe Edwards, Jason The Cybersecurity Guide to Governance, Risk, and Compliance Newark : John Wiley & Sons, Incorporated,c2024 9781394250196 |
| spellingShingle | Edwards, Jason The Cybersecurity Guide to Governance, Risk, and Compliance Cover -- Title Page -- Copyright Page -- Dedication by Griffin Weaver -- Dedication by Jason Edwards -- Contents -- Purpose of the Book -- Target Audience -- Structure of the Book -- Foreword by Wil Bennett -- Foreword by Gary McAlum -- Acknowledgments -- Chapter 1 Governance, Risk Management, and Compliance -- Understanding GRC -- The Business Case for GRC -- Governance: Laying the foundation -- Risk Management: Managing Uncertainties -- Compliance: Adhering to regulations and Standards -- The Intersection of governance, Risk, and Compliance -- GRC Frameworks and Standards -- GRC Tools and Technologies -- Building a GRC Culture -- The Role of GRC in Strategic Planning -- Chapter Conclusion -- Case Study: GRC Implementation at SpectraCorp -- Chapter 2 The Landscape of Cybersecurity -- Comprehensive Overview of cybersecurity Maturity -- Cybersecurity In the Financial Industry -- Cybersecurity in the Healthcare Industry -- Cybersecurity in the Government Sector -- Cybersecurity in Small to Large Enterprises -- Chapter Conclusion -- Case Study: TechGiant Inc.'s Holistic Approach to Information Security -- Chapter 3 Cybersecurity Leadership: Insights and Best Practices -- The Essential Traits of a Cybersecurity Leader -- Building and Leading Effective Cybersecurity Teams -- Adapting to Emerging Trends in Cybersecurity Leadership -- Strategic Decision-making in Cybersecurity Leadership -- Developing the Next Generation of Cybersecurity Leaders -- Personal Development for Cybersecurity Leaders -- Incident Management and Crisis Leadership -- Leading Cybersecurity Culture and Awareness -- The Ethical Dimension of Cybersecurity Leadership -- Balancing Business Objectives and Cybersecurity -- Learning from Military Leadership -- Future Trends and Preparing for What's Next -- Chapter Conclusion Case Study: The Transformation of Cybersecurity Leadership at CyberFusion Inc. -- Chapter 4 Cybersecurity Program and Project Management -- Program and Project Management in Cybersecurity -- Types of Cybersecurity Projects -- Project Management Fundamentals Applied to Cybersecurity -- Agile Project Management for Cybersecurity -- Managing Cybersecurity Programs -- Communication and Collaboration in Cybersecurity Projects -- A Guide for Project Managers in Cybersecurity -- Chapter Conclusion -- Case Study: Proactive Program Management at Acme Tech -- Chapter 5 Cybersecurity for Business Executives -- Why Business Executives Need to be Involved in Cybersecurity -- Roles and Responsibilities of Business Executives in Cybersecurity -- Effective Collaboration Between Business Executives and Cybersecurity Teams -- Key Cybersecurity Concepts for Business Executives -- Incorporating Cybersecurity into Business Decision-making -- Developing a Cybersecurity Risk Appetite -- Training and Awareness for Business Executives -- Legal and Regulatory Considerations for Business Executives -- The Future of business Executive Engagement in Cybersecurity -- Chapter Conclusion -- Case Study: Engaging Cybersecurity at Spectrum Enterprises -- Chapter 6 Cybersecurity and the Board of Directors -- The Critical Role of the Board in Cybersecurity -- Perspectives from the Board of Directors -- Perspectives from Cybersecurity Executives -- The Board's Responsibilities in Cybersecurity -- Effective Communication Between the Board and Cybersecurity Executives -- Specific Recommendations for Reporting to the Board -- Insights from the FFIEC and other Standards on Board Involvement -- Cybersecurity Governance: Embedding Cybersecurity in Corporate Culture -- Legal and Regulatory Considerations for the Board -- The Future of Board Involvement in Cybersecurity -- Chapter Conclusion Case Study: Cybersecurity Board Governance at TechPioneer Inc. -- Chapter 7 Risk Management -- Risk Management in the Business -- Understanding the Risk Management Life Cycle -- FFIEC Handbooks and Risk Management Guidance -- Governance and Risk Management Framework -- Risk Approvals and the Role of Committees -- Risk Identification and Analysis -- Third-Party Risk Management -- Regulatory Expectations For third-party Risk Management -- Compliance and Legal Risk Management -- Monitoring and Reporting -- Chapter Conclusion -- Case Study: Navigating Risk Management at Phoenix Innovations -- Chapter 8 The NIST Risk Management Framework -- The NIST Risk Management Framework -- Understanding RMF's Authorization Process -- NIST RMF in Practice: Step-by-Step Analysis -- Applicability to Regulatory Expectations -- Integrating NIST RMF into an Organization -- Using NIST RMF for Risk Assessment and Management -- NIST RMF and Technology Implementation -- Challenges and Solutions in Implementing NIST RMF -- NIST RMF and Third-Party Risk Management -- Chapter Conclusion -- Case Study: OmniTech Corporation and NIST RMF Implementation -- Sample RMF Authorization Document Package -- Chapter 9 Cybersecurity Metrics -- Understanding Cybersecurity Metrics -- The Importance of Metrics in cybersecurity -- The Role of Metrics in Decision-making and Resource Allocation -- Differentiating Between KPIs and KRIs -- The Role of Metrics in Compliance -- Challenges and Considerations -- Key Performance Indicators (KPIs) -- Key Risk Indicators (KRIs) -- Integrating KPIs and KRIs into Cybersecurity Strategy -- Chapter Conclusion -- Case Study: Transforming TechNova's Defense Landscape -- Chapter 10 Risk Assessments -- The Importance of Risk Assessments -- The FFIEC's Perspective on Risk Assessments -- NIST's Approach to Risk Assessments -- Risk Assessment Frameworks Conducting a Cybersecurity Risk Assessment -- Managing Third-Party Risks -- Challenges and Best Practices in Risk Assessments -- Chapter Conclusion -- Case Study: Utilizing Risk Assessments in Cybersecurity: The Journey of Innovative Tech Solutions -- Risk Assessment Template Example -- Chapter 11 NIST Cybersecurity Framework -- Background on the NIST CSF -- Core Functions and Categories -- Implementation Tiers -- Tier 1: Partial -- Tier 2: Risk-Informed -- Tier 3: Repeatable -- Tier 4: Adaptive -- Profiles -- Purpose and Use of Profiles -- Creating a Profile -- Customizing Profiles -- Profile Examples -- Profile Maintenance and Updates -- Implementation -- Understanding Organizational Requirements -- Assessing the Current State -- Defining the Desired State -- Gap Analysis and Prioritization -- Developing and Executing the Action Plan -- Continuous Improvement -- Chapter Conclusion -- Case Study: Cybersecurity Journey of TechPulse Inc. -- Chapter 12 Cybersecurity Frameworks -- ISO/IEC 27001: Information Security Management -- COBIT (Control Objectives for Information and Related Technologies) -- CMMC (Cybersecurity Maturity Model Certification) -- CIS (Center for Internet Security) Controls -- PCI DSS (Payment Card Industry Data Security Standard) -- ICFR (internal Control over Financial Reporting) -- Cloud Security Alliance Controls -- ISO 27017: Code of Practice for Information Security Controls -- ISO 27701: Privacy Information Management -- Comparing and Integrating Different Cybersecurity Frameworks -- Future Trends in Cybersecurity Frameworks -- Chapter Conclusion -- Case Study: Securing Globex Corporation -- Top Strengths of Each Framework -- Chapter 13 NIST SP 800-53: Security and Privacy Controls Framework -- Overview of NIST SP 800-53 -- Structure and Organization of NIST SP 800-53 -- Understanding Controls and Control Families Chapter Conclusion -- Case Study: SecureTech Solutions -- NIST 800-53 Control Families and Descriptions -- AC: Access Control -- PE: Physical and Environmental Protection -- AT: Awareness and Training -- PL: Planning -- AU: Audit and Accountability -- PM: Program Management -- CA: Assessment, Authorization, and Monitoring -- PS: Personnel Security -- CM: Configuration Management -- PT: PII Processing and Transparency -- CP: Contingency Planning -- RA: Risk Assessment -- IA: Identification and Authentication -- SA: System and Services Acquisition -- IR: Incident Response -- SC: System and Communications Protection -- MA: Maintenance -- SI: System and Information Integrity -- MP: Media Protection -- SR: Supply Chain Risk Management -- Chapter 14 The FFIEC: An Introduction -- FFIEC History and Background -- Role and Responsibilities -- Understanding the FFIEC Examination Handbooks -- The FFIEC Cybersecurity Assessment Tool (CAT) -- The FFIEC Audit Handbook -- The FFIEC Business Continuity Handbook -- The FFIEC Development and Acquisition Handbook -- The FFIEC Information Security Handbook -- The FFIEC Management Handbook -- The Architecture, Infrastructure, and Operations Handbook -- The Outsourcing Technology Services Handbook -- The Retail Payment Systems Handbook -- The Supervision of Technology Service Providers Handbook -- The Wholesale Payment Systems Handbook -- Chapter Conclusion -- Chapter 15 U.S. Federal Cybersecurity Regulations -- Gramm-Leach-Bliley Act (GLBA) -- The Health Insurance Portability and Accountability Act (HIPAA) -- Interagency Guidelines Establishing Information Security Standards (12 CFR 30 Part B) -- Payment Card Industry Data Security Standard (PCI DSS) -- Sarbanes-Oxley Act (SOX) -- The Cloud Act -- Internal Revenue Service Publication 1075 -- Criminal Justice Information Services (CJIS) Security Policy Defense Federal Acquisition Regulation Supplement (DFARS) Business enterprises-Computer networks-Security measures Computer security Computer crimes-Prevention |
| title | The Cybersecurity Guide to Governance, Risk, and Compliance |
| title_auth | The Cybersecurity Guide to Governance, Risk, and Compliance |
| title_exact_search | The Cybersecurity Guide to Governance, Risk, and Compliance |
| title_full | The Cybersecurity Guide to Governance, Risk, and Compliance |
| title_fullStr | The Cybersecurity Guide to Governance, Risk, and Compliance |
| title_full_unstemmed | The Cybersecurity Guide to Governance, Risk, and Compliance |
| title_short | The Cybersecurity Guide to Governance, Risk, and Compliance |
| title_sort | the cybersecurity guide to governance risk and compliance |
| topic | Business enterprises-Computer networks-Security measures Computer security Computer crimes-Prevention |
| topic_facet | Business enterprises-Computer networks-Security measures Computer security Computer crimes-Prevention |
| work_keys_str_mv | AT edwardsjason thecybersecurityguidetogovernanceriskandcompliance AT weavergriffin thecybersecurityguidetogovernanceriskandcompliance |