Cyber Guardians - Empowering Board Members for Effective Cybersecurity

Read more

A comprehensive overview for directors aiming to meet their cybersecurity responsibilities
 
In Cyber Guardians: Empowering Board Members for Effective Cybersecurity, veteran cybersecurity advisor Bart McDonough delivers a comprehensive and hands-on roadmap to effective cybersecurity oversight for directors and board members at organizations of all sizes. The author includes real-world case studies, examples, frameworks, and blueprints that address relevant cybersecurity risks, including the industrialized ransomware attacks so commonly found in today's headlines.
 
In the book, you'll explore the modern cybersecurity landscape, legal and regulatory requirements, risk management and assessment techniques, and the specific role played by board members in developing and promoting a culture of cybersecurity. You'll also find:
* Examples of cases in which board members failed to adhere to regulatory and legal requirements to notify the victims of data breaches about a cybersecurity incident and the consequences they faced as a result
* Specific and actional cybersecurity implementation strategies written for readers without a technical background
* What to do to prevent a cybersecurity incident, as well as how to respond should one occur in your organization
 
A practical and accessible resource for board members at firms of all shapes and sizes, Cyber Guardians is relevant across industries and sectors and a must-read guide for anyone with a stake in robust organizational cybersecurity.

List of contents

Preface: What to Expect from This Book xv
 
Chapter 1 Introduction 1
 
Summary of a Board's Incident Response 5
 
Checklist for a Board's Incident Response 8
 
Chapter 2 Cybersecurity Basics 11
 
CIA Framework 13
 
Key Cybersecurity Concepts and Terminology for Board Members 19
 
Threats and Risks 19
 
Vulnerabilities and Exploits 20
 
Malware 21
 
Social Engineering 22
 
Encryption and Data Protection 23
 
Authentication and Access Control 24
 
Common Cyber Threats and Risks Faced by Companies 26
 
Phishing 26
 
Malware 27
 
Ransomware 28
 
Business Email Compromise 29
 
Insider Threats 30
 
Third-Party Risk 31
 
Mistakes/Errors 32
 
Emerging Threats 33
 
Advanced Persistent Threats 34
 
Supply Chain Attacks 35
 
Data Destruction 36
 
Zero-Day Exploits 37
 
Internet of Things Attacks 38
 
Cloud Security 39
 
Mobile Device Security 40
 
Key Technologies and Defense Strategies 42
 
Firewall Technology 42
 
Intrusion Detection/Prevention Systems 43
 
Encryption 44
 
Multifactor Authentication 45
 
Virtual Private Network 46
 
Antivirus and Anti-malware Software 47
 
Endpoint Detection and Response 48
 
Patch Management 49
 
Cloud Technology 49
 
Identity and Access Management 50
 
Mobile Device Management 51
 
Data Backup and Recovery 52
 
Zero-Trust Architecture 54
 
Micro-segmentation 55
 
Secure Access Service Edge 56
 
Containerization 56
 
Artificial Intelligence and Machine Learning 57
 
Blockchain 59
 
Quantum Computing 61
 
Threat Intelligence 64
 
What Is Threat Intelligence? 65
 
How Can Threat Intelligence Help Organizations? 65
 
What Should Board Members Know About Threat Intelligence? 66
 
Threat Actors 67
 
External Threat Actors 68
 
State-Sponsored Attackers 68
 
Hacktivists 70
 
Cybercriminals 70
 
Competitors 72
 
Terrorists 72
 
Internal Actors 73
 
Employees 73
 
Contractors 75
 
Third-Party Vendors 76
 
Motivations of Threat Actors 77
 
Financial Gain 77
 
Political and Strategic Objectives 78
 
Ideological Beliefs 79
 
Personal Motivations 80
 
Tactics, Techniques, and Procedures 81
 
Examples of TTPs Used by Different Threat Actors 81
 
MITRE ATT&CK Framework 83
 
Chapter 2 Summary 85
 
Chapter 3 Legal and Regulatory Landscape 87
 
Overview of Relevant Cybersecurity Regulations and Laws 90
 
Federal Regulations in the United States 90
 
The Federal Trade Commission Act 90
 
The Gramm-Leach-Bliley Act 92
 
The Health Insurance Portability and Accountability Act 94
 
State Regulations in the United States 97
 
Data Breach Notification Laws 97
 
California Consumer Privacy Act 99
 
European Union Regulations 101
 
General Data Protection Regulation 101
 
Network and Information Security Directive 102
 
ePrivacy Directive 104
 
Industry Standards 105
 
Payment Card Industry Data Security Standard 105
 
National Institute of Standards and Technology 107
 
Securities Exchange Commission 108
 
2011 Cybersecurity Disclosure Guidance 108
 
2018 Cybersecurity Disclosure Guidance 108
 
2023 Proposal for New Cybersecurity Re

About the author

BART R. McDONOUGH, the CEO and Founder of Agio, uses his extensive 20-plus years of IT and cybersecurity expertise to decode complex cybersecurity subjects, establishing him as a reliable resource for clients. His acclaimed book Cyber Smart provides a user-friendly guide to navigating the intricate landscape of cybersecurity for professionals and families alike. In addition to his role as a strategic cybersecurity advisor to boards, McDonough has also contributed valuable insights and perspectives as a member of several boards. Throughout his notable career, he has offered expert cybersecurity counsel to some of the world's premier money managers. Bart received his undergraduate degree from the University of Connecticut and his Master's degree from Yale University.