The intentions of the cyberterrorist, the cybercriminal, the cyberactivist and the state-sponsored hacker are not the same. They can all cause serious problems for your organisation, however, including information theft, disruption of normal operations and undermining your reputation or credibility. Many books on cybersecurity focus on technical responses to these threats. As important as this is, human fallibility and other known vulnerabilities will allow hackers to easily break into a system that has not taken account of these factors. This book encourages cybersecurity professionals to take a wider view of what cybersecurity means, and to exploit international standards and best practice to create a culture of cybersecurity awareness within their organization that supplements technology-based defenses. This second edition takes account of the changing threats in the cyber landscape, and includes an updated body of knowledge that describes how to acquire, develop, and sustain a secure information environment that goes beyond technology. This enables you to move towards a cyber aware organizational culture that is more robust and better able to deal with a wider range of threats. Related references and recommendations for additional reading are included at the end of each chapter, making this a valuable resource for trainers and researchers, as well as cybersecurity practitioners.

• Cover
• Title
• Copyright
• Preface
• About The Author
• Contents
• Introduction
• Chapter 1: Technology Is a Double-Edged Sword
  • From the printing press to the information age
  • The ‘dark side of high tech’
• Chapter 2: Cyber Attack: It’s A Dangerous World for Information Systems
  • Cyberwar
  • Cyberterror
  • Cybercrime
  • CyberEspionage (and Information Exfiltration) – It’s midnight; do you know where your data is?
  • Social Media – an opportunity and a challenge
  • Supply Chain (In-) security
  • The blended threat
  • The asymmetric effects of cyber attacks
  • Porous perimeters, compromisable software – or both?
  • If we know about the vulnerabilities, why are exploits still successful?
• Chapter 3: The Human Factor: The Underrated Threat
  • Are people the problem?
  • Who are the attackers?
  • Most likely forms of attack
  • Sometimes it’s just human error
  • People can also be the solution!
• Chapter 4: Transition from an Environment of ‘FUD’ to a Standards-Based Environment
• Chapter 5: Establishing a Culture of Cybersecurity
• Chapter 6: Increasing Internationalism: Governance, Laws, and Ethics
  • Information globalism equals increased exposure
  • Following the lead of good governance
  • The proliferation of laws
  • Ethics in an information society and a minimum standard of due care in cybersecurity
  • Cybersecurity and privacy
• Chapter 7: Standards: What Are They and Why Should We Care?
  • What are standards?
  • How and by whom are standards developed?
  • The importance of terminology
  • Standards-based process improvement
  • Focus on consensus-based cybersecurity
  • Standards provide a level playing-field for co-ordination and co-operation
  • If standards are so good, then why is it so hard?
• Chapter 8: From Reaction to Proaction: Applying Standards in an Environment of Change and Danger
  • Moving beyond compliance and reaction
  • A quick look at relevant standards
  • Take four steps forward
  • The future is ‘ROSI’
  • Making the case for cybersecurity assurance
• Chapter 9: Conclusion: Where Do We Go From Here?
  • Cybersecurity program roadmap
• Appendix 1: Gap Analysis Areas of Interest
• Appendix 2: Standards Crosswalk
• Definitions
• Acronyms
• Index
• ITG Resources