𝔖 Scriptorium
✦   LIBER   ✦
📁

Enterprise Cyber Risk Management as a Value Creator: Leverage Cybersecurity for Competitive Advantage

✍ Scribed by Bob Chaput

Tongue
English
Leaves
414
Category
Library
⬇  Acquire This Volume

No coin nor oath required. For personal study only.

✦ Table of Contents

Table of Contents
Endorsements for Enterprise Cyber Risk Management as a Value Creator
Acknowledgments
About the Author
About the Technical Reviewer
Foreword
Preface
Abbreviations
Part I: A Case for Action
Chapter 1: Enterprise Cyber Risk Management as a Value Creator
The Next Cybersecurity Pivot
Digital Transformation Is Not Slowing Down
Creating Business Value
Increasing Customer Trust and Brand Loyalty
Improving Social Responsibility
Driving Revenue Growth
Facilitating Digital Transformation and Innovation
Lowering the Cost of Capital
Attracting Higher-Quality Investments
Assuring Operational Continuity and Resilience
Creating Competitive Advantage
Attracting and Retaining Talent
Facilitating M&A Activity
Leveraging Regulatory Compliance Requirements
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 2: SEC and Other Important Cyber Regulations
Overview of the SEC “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” Final Rule
Why Are These Changes Being Made?
When Will the SEC “Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure” Changes Be Implemented?
Who Is Covered?
What Changes Are Being Made?
Who Enforces These and Other SEC Regulations?
What Happens If Your Company Doesn’t Comply?
Disclosure of Cybersecurity Incidents on Current Reports
Disclosure About Cybersecurity Incidents in Periodic Reports
Disclosure of a Registrant’s Risk Management, Strategy, and Governance Regarding Cybersecurity Risks
Disclosure Regarding the Board of Directors’ Cybersecurity Expertise
What Is Cybersecurity Expertise?
Should Your Not-for-Profit and Private Company Care About SEC Cyber Disclosure Requirements?
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 3: The Courts Are Picking Up  the Cyber Pace
The Board and Risk Management Responsibilities
Cyber Legal Cases
The Caremark Standard and Recent Cyber Cases
An Important Healthcare Case to Watch
Three Other Relevant Cybersecurity Cases
Effective Compliance Programs: US Sentencing Guidelines and Federal Prosecution of Business Organizations
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 4: The Most Critical Cybersecurity Decision
What Does “HOW Your Organization Will Conduct ECRM” Mean?
Risk
Risk Owner/Executive
Risk Management
Enterprise Risk Management (ERM)
Enterprise Cyber Risk Management (ECRM)
Cybersecurity
Strategy
Cybersecurity Strategy
The Board and Risk Management Responsibilities
Regulatory and Enforcement Changes
Key Actions/Decisions to Facilitate Your Important “HOW Your Organization Will Conduct ECRM” Decision
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 5: Justifying ECRM Funding
The Challenge of Cybersecurity Investments Being Wasted
A New ECRM Budget Philosophy Is Needed
Why Create an ECRM Budget Philosophy
Building Your ECRM Budget Philosophy
ECRM Budget Philosophy
The Single Most Important Cybersecurity Question for the Board to Ask
The Solution: Overcoming ECRM and Cybersecurity Investment Challenges
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 6: The C-Suite and Board Role
Set the “Tone at the Top” with Strong ECRM Guiding Principles
Require ECRM to Be Formally Established and Documented
Ensure Equal Focus on Positive Cyber Opportunities
Increasing Customer Trust and Brand Loyalty
Improving Social Responsibility
Driving Revenue Growth
Facilitating Digital Transformation and Innovation
Attracting and Retaining Talent
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Part II: Building and Implementing Your ECRM Program
Chapter 7: Integrating ECRM into Business Strategy
The Challenge
The Case for Action
Actions to Take
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 8: Getting Started
Document Management
History
Location
Revision History
Authorization
Distribution
Related Documents
Table of Contents
Executive Summary
Introduction
Glossary
Cyber Risk and Cyber Opportunity Notional Equations
Cyber Risk Notional Equation
Cyber Opportunity Notional Equation
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 9: ECRM Guiding Principles and  Business Alignment
ECRM Guiding Principles
Scope of the ECRM Strategy
Business Strategic Objectives
ECRM Strategic Objectives
Responsibility for and Governance of the ECRM Program
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 10: Three Vital ECRM Building Blocks
ECRM Framework
ECRM Process
ECRM Maturity Model
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 11: Adapting Your Process to Include Cyber Opportunities
Risk and Opportunity Framing
ECRM Key Inputs and Preconditions
ECRM Assumptions | Information Asset Assumptions
ECRM Assumptions | Vulnerability and Strength Assumptions
ECRM Risk Appetite and Opportunity Threshold
ECRM Constraints | Legal, Regulatory, and Contractual Constraints
Risk and Opportunity Assessment
Risk and Opportunity Response
Risk and Opportunity Monitoring
ECRM Process Standards, Policies, and Procedures
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 12: Additional Essential ECRM Program Elements
ECRM Education and Training
ECRM Automation and Technology Tools
ECRM Third-Party Risk Management
ECRM Recordkeeping and Reporting
Standards, Plans, Policies, and Procedures
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Chapter 13: Ten Recommended Implementation Steps
Implementation Step #1: Establish ECRM Governance
Implementation Step #2: Design and Deliver Ongoing ECRM and Cybersecurity Education
Implementation Step #3: Establish and Document ECRM Guiding Principles
Implementation Step #4: Establish and Document Strategic Business and ECRM Objectives
Strategic Business Objectives
Strategic ECRM Objectives
Implementation Step #5: Set the Scope of Your ECRM Program
Implementation Step #6: Establish and  Document Your ECRM Budget Philosophy
Implementation Step #7: Formally Adopt Your ECRM Framework, Process, and  Maturity Model
Implementation Step #8: Conduct a  Comprehensive, ­NIST-Based Enterprise- Wide Risk and Opportunity Assessment
Implementation Step #9: Establish Your Cyber Risk Appetite, Opportunity Threshold, and Complete Risk and Opportunity Treatment
Implementation Step #10: Formally Document Your ECRM Program and  Cybersecurity Strategy
Conclusion
Questions Management and the Board Should Ask and Discuss
Endnotes
Appendix A
What to Look for in an ECRM Company and Solution
Alignment with Your Organization’s Strategic ECRM Objectives
Competency and Expertise
Capability and Capacity to Scale to Enterprise
Industry Commitment
Reputation
Customer Service
Appendix B
Enterprise Cyber Risk Management Software (ECRMS)
Risk and Opportunity Assessment Features and Functionality
Compliance and Technical Testing Assessment Features and Functionality
Cybersecurity Framework Support
General Additional Features and Functionality
A Word About Cloud-Based Software Solutions, Software-as-a-Service (SaaS)
Reputation
Customer Service
The Benefits of Using an ECRMS Solution
Appendix C
The Benefits of a NIST-Based ECRM Approach
A Strong ECRM Program and Cybersecurity Strategy Creates Competitive Advantage
The Benefits of Implementing a NIST-Based ECRM Program and Cybersecurity Strategy
The NIST Approach Was Developed Using an Open, Inclusive Process
The NIST Approach Uses Accessible Language That All Stakeholders in Your Organization Can Understand
The NIST Approach Facilitates Information Governance
The NIST Approach Leverages Current Standards, Guidelines, and Best Practices from Multiple Internationally Recognized Sources
Numerous Industries Align with and Have Adopted the NIST Approach
The NIST Cybersecurity Framework Has Become the Standard for the US Government
The NIST Approach Is Customizable
The NIST Cybersecurity Framework Is Scalable
The NIST Approach Is Affordable
The NIST Cybersecurity Framework Does Not Require Certification
The NIST Approach Is Designed to Accommodate Changes in Technology
Appendix D
Twenty-Five Essential Terms for Your ECRM Glossary
Key ECRM and Cybersecurity Terminology
Bringing It All Together
Appendix E
Sample ECRM Program and Cybersecurity Strategy Table of Contents
Index

📜 SIMILAR VOLUMES

Enterprise Cyber Risk Management as a Va
📁 Enterprise Cyber Risk Management as a Value Creator : Leverage Cybersecurity for Competitive Advantage
✍ Bob Chaput 📂 Library 📅 2024 🏛 Apress 🌐 English

This book will help you learn the importance of organizations treating enterprise cyber risk management (ECRM) as a value creator, a business enabler, and a mechanism to create a competitive advantage. Organizations began to see the real value of information and information technology in the mid-198

Analysis of Manufacturing Enterprises: A
📁 Analysis of Manufacturing Enterprises: An Approach to Leveraging Value Delivery Processes for Competitive Advantage
✍ N. Viswanadham (auth.) 📂 Library 📅 2000 🏛 Springer US 🌐 English

<p><em>Analysis of Manufacturing Enterprises</em> presents a unified and systematic treatment of manufacturing enterprises. These enterprises are networks of companies working in partnership. Such networks are a common occurrence in auto, grocery, apparel, computer and other industries; and competit

Human Capital Management: Leveraging You
📁 Human Capital Management: Leveraging Your Workforce for a Competitive Advantage
✍ Mark Salsbury 📂 Library 📅 2013 🏛 CreateSpace Independent Publishing Platform 🌐 English

We’re constantly looking for ways to make our companies or organizations more successful. We often ask ourselves: “What can we do to develop and drive maximum organizational performance?“ “How can we separate ourselves from the competition?” “How can we build a long-term sustainable advantage?” It u

Strategic Value Proposition Innovation M
📁 Strategic Value Proposition Innovation Management in Software Startups for Sustained Competitive Advantage: A Strategic Tool for Competitive Advantage
✍ Varun Gupta 📂 Library 📅 2022 🏛 Springer 🌐 English

<span>This book aims to increase the success rates of startups by focusing on value proposition innovation, which is propelled by the involvement of potential consumers as well as other resources such as freelancers and strategic relationships with academia. The author shows how startups who are res

The Professional Product Owner: Leveragi
📁 The Professional Product Owner: Leveraging Scrum as a Competitive Advantage
✍ Don McGreal, Ralph Jocham 📂 Library 📅 2018 🏛 Addison-Wesley Professional 🌐 English

<p>Product ownership is an utterly crucial role in most businesses. Scrum recognizes this -- but unfortunately, many companies, agile resources, and training curricula focus primarily on the mechanics of product ownership. Mechanics are important, but only as a means to an end: value.</p> <p> </p> <

The Professional Product Owner: Leveragi
📁 The Professional Product Owner: Leveraging Scrum as a Competitive Advantage
✍ Don McGreal, Ralph Jocham 📂 Library 📅 2018 🏛 Addison-Wesley Professional 🌐 English

<p>Product ownership is an utterly crucial role in most businesses. Scrum recognizes this -- but unfortunately, many companies, agile resources, and training curricula focus primarily on the mechanics of product ownership. Mechanics are important, but only as a means to an end: value.</p> <p> </p> <