Cybersecurity for Business - by Larry Clinton (Paperback)

About the Book

Achieve digital transformation goals without creating undue risks with this guide to managing cybersecurity from a strategic, business-wide perspective.

Book Synopsis

FINALIST: International Book Awards 2023 - Business: General
FINALIST: American Book Fest Best Book Award 2023 - Business: General

Balance the benefits of digital transformation with the associated risks with this guide to effectively managing cybersecurity as a strategic business issue.

Important and cost-effective innovations can substantially increase cyber risk and the loss of intellectual property, corporate reputation and consumer confidence. Over the past several years, organizations around the world have increasingly come to appreciate the need to address cybersecurity issues from a business perspective, not just from a technical or risk angle. Cybersecurity for Business builds on a set of principles developed with international leaders from technology, government and the boardroom to lay out a clear roadmap of how to meet goals without creating undue cyber risk.

This essential guide outlines the true nature of modern cyber risk, and how it can be assessed and managed using modern analytical tools to put cybersecurity in business terms. It then describes the roles and responsibilities each part of the organization has in implementing an effective enterprise-wide cyber risk management program, covering critical issues such as incident response, supply chain management and creating a culture of security. Bringing together a range of experts and senior leaders, this edited collection enables leaders and students to understand how to manage digital transformation and cybersecurity from a business perspective.

Review Quotes

"Cybersecurity for Business is one of those rare practical books for businesses that can help large, medium and small companies manage the ongoing and unavoidable cyber risks now facing all industries. The threats facing manufacturers and all firms compound by the day, so learning these lessons now is crucial."-- "Jay Timmons, President and CEO, National Association of Manufacturers"

"Cybersecurity for Business is a bonfire of wisdom for leaders who desire to be part of the executive decision-making team in their organization. Co-authored by an extraordinary group of global leaders and luminaries with topics as diverse as 'managing' your board of directors, developing key inter-organizational relationships and aligning business goals to cybersecurity, among others, this book will find a home on the desk of leaders and managers across the cybersecurity community."-- "Mark Weatherford, former Deputy Undersecretary for Cybersecurity at the US Department of Homeland Security. Chief Security Officer at AlertEnterprise"

"Cybersecurity for Business takes the complicated and ever-changing world of data security and technology and offers a remarkably cogent collection of guidance from industry experts. The result is a practical and wide-ranging text and a powerful tool for keeping businesses safe."-- "Preet Bharara, former U.S. Attorney, Distinguished Scholar in Residence at NYU School of Law; CNN Senior Legal Analyst; author of NYT bestselling 'Doing Justice' and host of 'Stay Tuned with Preet'"

"Cybersecurity for Business tracks the principles we recommend our college and universities follow to enhance their own cyber risk resilience. As such, it's an excellent book for graduate and undergraduate courses in cyber, and its use will help create a more coherent, secure and sustainable digital environment."-- "Henry Stoever, President and CEO, Association of Governing Boards of Universities and Colleges (AGB)"

"Cybersecurity for Business outlines a model any business should consider to align its technical systems with proper management to strengthen its cyber resilience. Besides serving as a guide to better manage cyber attacks, this book provides confirmation of our security program and the approach we've taken. Additionally, it reinforces concepts we routinely share with partners, customers, and other stakeholders across our ecosystems. What I like most is that it offers practical advice with a robust list of references for readers to dive even deeper into the various topics."-- "Jon Brickey, Senior Vice President Cybersecurity Evangelist, Mastercard"

"All businesses, large and small, will eventually find themselves the target of sophisticated cyber-attacks. Companies need to account for and adapt to this reality, especially as we all rely more on technology and data to drive our businesses. Cybersecurity for Business provides specific guidance for directors down to the front lines of IT, that, if followed, can place a company in a far better position to be armed and prepared for the inevitable cyber-attack."-- "Kevin Mandia, CEO, Mandiant"

"As an early advocate of enterprise risk management, I have seen the significant business value from better quantifying and integrating strategic, operational and financial risks. Cybersecurity cannot be managed effectively as a silo given its critical business and risk interdependencies. This practical book will help any organization break down that silo and address cybersecurity as a strategic, enterprise risk issue."-- "James C. Lam, President, James Lam & Associates; Chair of the Board, Recology; Chair of the Audit Committee, RiskLens; Author, 'Implementing Enterprise Risk Management'"

"Cybersecurity is national security. The only way to effectively protect ourselves is through a collective defense model. Cybersecurity for Business describes the roles and responsibilities individuals across an organization must take in this new age to work together to protect their enterprise and, in so doing, contribute to our nation's defense."-- "GEN (Ret) Keith Alexander, Former head of US Cyber Command Co-CEO, IronNet Cybersecurity, Inc."

"Despite the deluge of cyber-attack headlines, too often boards of directors remain focused on how they should be preparing for the next inevitable breach, rather than thinking proactively about their cybersecurity oversight responsibilities. Cybersecurity for Business is an invaluable guide for directors and executives at organizations of all sizes to better understand the business, legal and technical dimensions of cybersecurity risk management, and how to optimize corporate governance to meet the challenges posed by multifaceted cyber threats. I consider it required reading for everyone interested in safeguarding their critical systems, supply chains, employees and customers."-- "Professor Scott J. Shackelford, JD, PhD, Chair, Indiana University Cybersecurity Risk Management Program"

"It is rare for a new volume to provide such excellent guidance on cyber for the working manager and practitioner. I hope board members and executives everywhere invest the time to absorb this book's fine contents."-- "Ed Amoroso, Former CISO, AT&T"

"Leadership and management of cyber risk continues to evolve. Beyond just C-Suites and IT departments, this book brings the role of the whole organization - HR, PR, finance, legal compliance, marketing, etc. - into sharp focus. Cybersecurity is a team sport that must address leadership, management and the culture of security throughout the entire business enterprise. Cybersecurity for Business sets the principles and de-facto standard for modern cyber risk management."-- "Harry D. Raduege, Jr. Lieutenant General, USAF (Ret) Chief Executive Officer, National Cybersecurity Center"

"Regardless of industry - whether it is agriculture, aviation or health care - organizations are all increasingly susceptible to cyberattacks, and businesses need to adapt accordingly. Cybersecurity for Business provides the tools for business and IT leaders alike to successfully navigate this new reality."-- "Richard Rocca, CISO, Bunge"

"The aspect of Cybersecurity for Business that compelled me to adopt it as my textbook for Columbia's Enterprise Cyber Threats and Defenses course is the holistic approach taken to the defense of complex networks. As demonstrated by the impact of Hurricane Katrina on New Orleans, dis-aligned localized defenses cannot withstand systematic attacks on complex multi-part networks. Even a single point of failure in an otherwise robust entity 'perimeter' renders the entire entity vulnerable. Because there is no security through obscurity, the only sustainable cyber defense is one architected top-down."-- "Dr. Corey Hirsch, CISO, Teledyne"

"The ISA's Cybersecurity for Business is the first comprehensive, practical, strategic and tactical guide to this rapidly evolving and constantly challenging subject that is both practical and academic. Indeed, it is exactly what I have been looking for as someone who both advises boards and management on strategic cyber risk management and governance and as a cyber-professor teaching a course on 'Cyber Leadership, Risk Oversight and Resilience' at NYU, where it will become my core textbook for future semesters. This is an outstanding contribution because it is written by people with direct experience on the front lines - indeed on the bleeding edge - of this ever-evolving threat and opportunity matrix and incorporates some of the groundbreaking risk governance work that Larry and the Internet Security Alliance have been doing for years with the NACD, the World Economic Forum and a number of leading industry associations around the world. And, finally, it goes beyond other publications by looking at the bigger systemic cyber-picture including the role of culture, economics, governance and how all the strategic and tactical dots interconnect. Kudos to Larry and his team - they really made it happen!"-- "Andrea Bonime-Blanc, Founder & CEO, GEC Risk Advisory"

"This ISA book on cybersecurity risk management hits the mark on enabling organizations to contextualize cyber risk to financial, operational and business outcomes. These core principles align to the heightened expectations across the regulatory (SEC), investor, risk management and boardroom communities."-- "Chris Hetner, Former Senior Cybersecurity Advisor to the SEC Chair and Special Advisor for Cyber Risk to the NACD"

"Utilities have been hit hard by hackers during the past few years, creating a need to balance risk with the demands of the new economics of the digital world. I cannot recommend Cybersecurity for Business enough. It helps organizations evaluate security for an enterprise-wide perspective consistent with the economics required to maintain effective service."-- "Ryan Boulais, Chief Information Security Officer, The AES Corporation"

About the Author

Internet Security Alliance provides thought leadership in cybersecurity and works with the US government to advocate for public policy that will advance the interests of cybersecurity.

Larry Clinton is President of the Internet Security Alliance. He advises industry and government on cyber policy and regularly appears in the media to provide an expert opinion. He has briefed NATO, the Organization of American States (OAS), G-20 and the US Congress. He has twice been named to the NACD 'Directorship 100' list of the most influential individuals in corporate governance.