Jennifer L. Bayuk – författare

Drawing upon a wealth of experience from academia, industry, and government service, Cyber Security Policy Guidebook details and dissects, in simple language, current organizational cyber security policy issues on a global scale—taking great care to educate readers on the history and current approaches to the security of cyberspace. It includes thorough descriptions—as well as the pros and cons—of a plethora of issues, and documents policy alternatives for the sake of clarity with respect to policy alone. The Guidebook also delves into organizational implementation issues, and equips readers with descriptions of the positive and negative impact of specific policy choices.Inside are detailed chapters that: Explain what is meant by cyber security and cyber security policyDiscuss the process by which cyber security policy goals are setEducate the reader on decision-making processes related to cyber securityDescribe a new framework and taxonomy for explaining cyber security policy issuesShow how the U.S. government is dealing with cyber security policy issuesWith a glossary that puts cyber security language in layman's terms—and diagrams that help explain complex topics—Cyber Security Policy Guidebook gives students, scholars, and technical decision-makers the necessary knowledge to make informed decisions on cyber security policy.

Stepping Through Cybersecurity Risk Management Authoritative resource delivering the professional practice of cybersecurity from the perspective of enterprise governance and risk management.Stepping Through Cybersecurity Risk Management covers the professional practice of cybersecurity from the perspective of enterprise governance and risk management. It describes the state of the art in cybersecurity risk identification, classification, measurement, remediation, monitoring and reporting. It includes industry standard techniques for examining cybersecurity threat actors, cybersecurity attacks in the context of cybersecurity-related events, technology controls, cybersecurity measures and metrics, cybersecurity issue tracking and analysis, and risk and control assessments.The text provides precise definitions for information relevant to cybersecurity management decisions and recommendations for collecting and consolidating that information in the service of enterprise risk management. The objective is to enable the reader to recognize, understand, and apply risk-relevant information to the analysis, evaluation, and mitigation of cybersecurity risk. A well-rounded resource, the text describes both reports and studies that improve cybersecurity decision support.Composed of 10 chapters, the author provides learning objectives, exercises and quiz questions per chapter in an appendix, with quiz answers and exercise grading criteria available to professors.Written by a highly qualified professional with significant experience in the field, Stepping Through Cybersecurity Risk Management includes information on: Threat actors and networks, attack vectors, event sources, security operations, and CISO risk evaluation criteria with respect to this activityControl process, policy, standard, procedures, automation, and guidelines, along with risk and control self assessment and compliance with regulatory standardsCybersecurity measures and metrics, and corresponding key risk indicatorsThe role of humans in security, including the “three lines of defense” approach, auditing, and overall human risk managementRisk appetite, tolerance, and categories, and analysis of alternative security approaches via reports and studiesProviding comprehensive coverage on the topic of cybersecurity through the unique lens of perspective of enterprise governance and risk management, Stepping Through Cybersecurity Risk Management is an essential resource for professionals engaged in compliance with diverse business risk appetites, as well as regulatory requirements such as FFIEC, HIIPAA, and GDPR, as well as a comprehensive primer for those new to the field.A complimentary forward by Professor Gene Spafford explains why “This book will be helpful to the newcomer as well as to the hierophants in the C-suite. The newcomer can read this to understand general principles and terms. The C-suite occupants can use the material as a guide to check that their understanding encompasses all it should.”

Sound guidance on design, implementation, and governance of cybersecurity policy Now in its Second Edition, the Cybersecurity Policy Guidebook delivers an issue-focused treatment of public, private, and individual cybersecurity policy alternatives for treatment of systemic cyber risks. Seven practitioners from government, industry, and academia analyze overlapping perspectives of decision-makers, technology professionals, and critical infrastructure engineers within the recently transformed digital landscape. The first edition dealt with threats to impersonation, infrastructure access, intellectual property, internet access, nation-state conflict, operational continuity, privacy, and supply chain. New to this edition is coverage of AI's impact on cybersecurity, cyber-physical systems, and custodial issues for technology platforms and other cyber-enabled services. The book addresses threat intelligence across industry sectors, governance frameworks, and risk appetite thresholds. A policy catalog reflects pros and cons of pressing policy positions. Key topics also include: Communication strategies for conveying cybersecurity risk to decision makers across public and private levels of authorityPolicy objectives mapped to technology evolution, connecting operational choices with their broader strategic and regulatory implicationsGuidance on banking and financial services cybersecurity supervision, drawing on interagency regulatory frameworks and examination standardsOperational technology and control system cybersecurity policy, addressing risks unique to industrial control systems and other cyber-physical systemsCross-disciplinary course alignment for programs in public policy, law, business, computer science, engineering, and social sciencesCybersecurity Policy Guidebook serves leaders of public and private organizations, as well as technology professionals, industry analysts, scholars, and individuals seeking a structured reference on cybersecurity policy issues. Whatever the starting point of perspective, readers will gain the policy knowledge required to act with precision.