Название: Cybertax: Managing the Risks and ResultsАвтор: George K. Tsantes, James Ransome
Издательство: CRC Press/Auerbach Publications
Серия: IT Pro Practice Notes
Год: 2023
Страниц: 139
Язык: английский
Формат: pdf (true)
Размер: 10.1 MB
Cybersecurity risk is a top-of-the-house issue for all organizations. Cybertax—Managing the Risks and Results is a must read for every current or aspiring executive seeking the best way to manage and mitigate cybersecurity risk. It examines cybersecurity as a tax on the organization and charts the best ways leadership can be cybertax efficient. Viewing cybersecurity through the cybertax lens provides an effective way for non–cybersecurity experts in leadership to manage and govern cybersecurity in their organizations.
In a perfect world, we would not need cybersecurity. Technology would work without interference, there would be no malicious actors, and users would never make mistakes. There would be no holes or errors in the code that powers technology, and communications between technologies would be secure.
Unfortunately, the opposite is true. Technology systems are open and invite malicious exploits, bad actors are multiplying in numbers and sophistication, and users constantly make errors that allow bad things to happen. The number of devices and apps connected to the Internet is growing exponentially. Cybersecurity is a necessary program for any organization or individual. It is a tax on the organization; we call this “cybertax.”
Cybertax encompasses all resources required to provide and prove cybersecurity. This includes prevention, monitoring, remediation, improvements, and proving. It includes all the due diligence to select technology products and services that will improve your cybersecurity posture or, at a minimum, cause no harm. It includes the time and effort to design, implement, and monitor secure business processes. It also includes the resources required to monitor the security of your third-party providers.
Cybertax is unavoidable; there are no cybertax-free zones. The technologies that support ubiquitous access for permissioned users and systems can be exploited by malicious actors to achieve their goals. As the Internet of Things (IoT) expands, so does the surface area for cybersecurity attacks beyond traditional computer systems. For those of you who see good cybersecurity as a positive attribute for an organization, we agree that cybersecurity is an acceptable way to differentiate your organization from your competitors. That said, managing the efficiency and effectiveness of resources applied to cybersecurity is imperative for any organization. Viewing cybersecurity through the cybertax lens provides an effective way for non-cybersecurity experts in leadership to manage and govern cybersecurity in their organizations. Cybertax has nothing to do with the traditional compulsory contribution of revenue to a government entity.
Zero Trust is one of the more recent concepts that influence how organizations address cybersecurity. It used to be that there were aspects of your technology, employees, and key vendors that were vetted and “trusted” to use your technology resources and data properly. This has been replaced by Zero Trust, which is similar to the Reagan-era quote, “Trust but verify.” Systems and humans are permissioned in your organization to carry out various activities that benefit the organization, its customers, and stake holders. Technology systems are now layered on top to monitor for anomalous behavior and notify or stop the unexpected behavior. We’ve all read news stories where an employee who could only process dozens of accounts or files accessed and copied millions of records for unintended and malicious purpose. Zero Trust works hand in hand with cybertax to focus an organization’s efforts on the most effective use of cybersecurity resources.
The book outlines questions and leadership techniques to gain the relevant information to manage cybersecurity threats and risk. The book enables executives to:
Understand cybersecurity risk from a business perspective
Understand cybersecurity risk as a tax (cybertax)
Understand the cybersecurity threat landscape
Drive business-driven questions and metrics for managing cybersecurity risk
Understand the Seven C’s for managing cybersecurity risk
Governing the cybersecurity function is as important as governing finance, sales, human resources, and other key leadership responsibilities Executive leadership needs to manage cybersecurity risk like they manage other critical risks, such as sales, finances, resources, and competition. This book puts managing cybersecurity risk on an even plane with these other significant risks that demand leaderships’ attention. The authors strive to demystify cybersecurity to bridge the chasm from the top-of-the-house to the cybersecurity function. This book delivers actionable advice and metrics to measure and evaluate cybersecurity effectiveness across your organization.
Скачать Cybertax: Managing the Risks and Results