Cybersecurity Program Development for Business: The Essential Planning Guide

Praise for Cybersecurity Program Development for Business

"This is the book executives have been waiting for. It is clear: With deep expertise but in nontechnical language, it describes what cybersecurity risks are and the decisions executives need to make to address them. It is crisp: Quick and to the point, it doesn′t waste words and won′t waste your time. It is candid: There is no sure cybersecurity defense, and Chris Moschovitis doesn′t pretend there is; instead, he tells you how to understand your company′s risk and make smart business decisions about what you can mitigate and what you cannot.

It is also, in all likelihood, the only book ever written (or ever to be written) about cybersecurity defense that is fun to read."

Thomas A. Stewart, Executive Director, National Center for the Middle Market and Co–Author of Woo, Wow, and Win: Service Design, Strategy, and the Art of Customer Delight

"In my days as a Commanding Officer of U. S. Coast Guard ships at sea, I developed a deeply held respect for the notion of preparing well so as to perform well. Chris Moschovitis challenges a new generation to embrace that philosophy. He encourages us to recognize how overwhelming the flood of guidance and advice can be to leaders in either business or government especially when the topic seems more difficult to understand every day. Chris reaches backward into his own experience and lessons learned to design a practical approach to protecting the things for which those leaders are responsible. This book is not Cybersecurity for Dummies. Rather, it offers the insights and pathways important to those willing to do the hard work up front that will enable them to succeed when it counts.

Indeed, Preparation Equals Performance."

James M. Loy, Admiral, United States Coast Guard (Ret), Commandant, USCG 1998–2002, Administrator, Transportation Security Administration 2002–2003, Deputy Secretary, U. S. Department of Homeland, Security 2003–2005, Senior Counselor, The Cohen Group 2005–Present

"Cybersecurity Program Development for Business by Chris Moschovitis is a great addition to any executive′s library of practical, how–to books on a cutting–edge (even bleeding–edge) topic how to secure your organization′s cyber resilience.

The book acts not only as a primer but as a deeply knowledgeable and even entertaining resource full of useful examples and guidance. In this age of simultaneous hyper–transparency and hyper–opacity, it is critical that all executives and boards become at least conversant in what is going on in cyber this book gives them that helpful roadmap."

Dr. Andrea Bonime–Blanc, CEO and Founder, GEC Risk Advisory, Co–Author of The Artificial Intelligence Imperative: A Practical Roadmap for Business (Praeger 2018)

"An amazing, holistic, practical, accessible and enlightening view on cybersecurity acting as a business enabler. For those who believe that stakeholder trust is a must for their business in today s data–driven world. For security and technology professionals who need to talk business. And, for executives that need to talk cyber.  An essential guide for both.

Dr. Christos K. Dimitriadis, ISACA Board Chair 2015–2017, CISO Intralot

Cybersecurity Program Development for Business offers executives a rare look into the cybersecurity world in a pragmatic and jargon–free manner. Chris Moschovitis shows us how cyber enables rather than constrains business. It s refreshing to find a book on this subject that could easily become the must–have for an executive s desk!

Jo Stewart–Rattray, CISM CGEIT CISA CRISC CP, Director of Information Security & IT Assurance, BRM Holdich, Director, International Board of Directors, ISACA

A must–read book by an experienced practitioner and respected cyber security strategist. Chris Moschovitis provides an extraordinarily clear–eyed and concise perspective on the challenges of developing and executing cyber–security strategies in complex real–world environments. His deep understanding and keen insight create a valuable book that is both practical and actionable. Cyber–attacks have become ubiquitous; buy this book if you want to avoid becoming an easy target.

Mike Barlow, Author of Learning to Love Data Science, Co–author of Partnering with the CIO and Smart Cities, Smart Future

Chris Moschovitis provides relief to business leaders from cybersecurity–induced sleepless nights. His plain talk provides understanding of cyber risks to enable focus on building organizational capabilities that will instill confidence in the pursuit of business outcomes while mitigating the potential for business interruption.

Matt Loeb, CGEIT, CAE, FASAE, Chief Executive Officer, ISACA

Preface

Acknowledgments

About the Author

Chapter 1 Understanding Risk

Chapter 2 Everything You Always Wanted to Know About Tech  (But Were Afraid to Ask Your Kids)

Chapter 3 A Cybersecurity Primer

Chapter 4 Management, Governance, and Alignment

Chapter 5 Your Cyber Security Program: A High–Level Overview

Chapter 6 Assets

Chapter 7 Threats

Chapter 8 Vulnerabilities

Chapter 9 Environments

Chapter 10 Controls

Chapter 11 Incident Response Planning

Chapter 12 People

Chapter 13 Living Cybersecure!

Bibliography

CHRIS MOSCHOVITIS is the founder of tmg–emedia, a consultancy focused on providing independent technology and cybersecurity management expertise, development, and outsourcing services. It is one of the premier independent consulting firms in the country. He is sought after by private industry, government, and nonprofits for his ability to explain complex IT and cybersecurity topics to executives.