Review: 'Managing Cybersecurity Risk: How Directors and Corporate Officers Can Protect their Businesses'

Written by

Managing Cybersecurity Risk is a comprehensive and engrossing guide for organizations, of any size, that are yet to fully appreciate their exposure to an ever-growing landscape of cyber-threats, as well as the numerous changes in related legal and regulatory requirements.

Small businesses in particular will benefit from Editor Jonathan Reuvid’s guidance, as it’s rare for such organizations to have the time and dedicated resources available to manage cybersecurity effectively.

The foreword is provided by Rt Hon Baroness Pauline Neville-Jones who, through her experience as Minister of State for Security and Counterterrorism, clearly sets out the changing landscape of the digital age. The reader is gently introduced to the sobering reality that managing cybersecurity is not a matter for government to handle in isolation, but is increasingly becoming a priority for organizations and individuals alike.

The content is carefully constructed across five sections, beginning with a harrowing overview of cybersecurity risks. This section demonstrates the impact of cyber-incidents in the context of several high-profile, recent examples involving companies that have been brought to their knees following an attack. This background is supplemented with insights into the varied and often illogical responses from the EU, UK and US law makers.

This section culminates with insights from notable security professionals about weaknesses in their organizations, which helps bring to life important matters that are, for many, currently seen as mere distractions from their core business activities.

Reuvid goes on to present how the international community are trying to help businesses understand the cyber-risks they face, and how to identify appropriate mitigating courses of action. Recent incidents are further utilized to reinforce the book’s underlying message about the financial, operational, reputational, regulatory and legal impact organizations potentially face if they fail to plan, implement and manage effective strategies to reduce their exposure.

Section three begins by providing the reader with the foundations of risk assessment and how to accurately identify and calculate impact and likelihood through standard matrices. This then leads on to the creation of a framework which focuses on developing cyber-resilience.

Rounding of the book, part five provides details on effective measures that all businesses can take to reduce the impact of cyber-incidents. This includes educating all employees across the business about their security related responsibilities - not just those in technical roles. There are also specific measures for organizations in the financial services sector.

The final section is tailored towards managing security incidents and includes a realistic framework which can be adapted to suit most business’ operating models. Returning to the intended audience of the book, part five presents seven challenges that CEOs may face during a cyber-incident, followed by an interesting insight into potential ‘animal behaviors’ that professionals may exhibit when responding to a breach. Alongside the book’s underlying message, part five also warns the reader to plan their ideal approach to cyber-incident management; plan for anything and everything!

Overall the book is an excellent introduction to the management of cybersecurity risk. The insight from current security professionals provides the reader with the context and foundational knowledge required to effectively identify, manage and respond to the cybersecurity threats their businesses face.

Managing Cybersecurity Risk is available for purchase via Amazon

What’s hot on Infosecurity Magazine?