As a business leader, you might think you have cybersecurity under control because you have a great IT team. But managing cyber risk requires more than firewalls and good passwords. Cash flow, insurance, relationships, and legal affairs for an organization all play major roles in managing cyber risk. Treating cybersecurity as "just an IT problem" leaves an organization exposed and unprepared. Therefore, executives must take charge of the big picture.
Cybersecurity: A Business Solution is a concise guide to managing cybersecurity from a business perspective, written specifically for the leaders of small and medium businesses. In this book you will find a step-by-step approach to managing the financial impact of cybersecurity. The strategy provides the knowledge you need to steer technical experts toward solutions that fit your organization's business mission. The book also covers common pitfalls that lead to a false sense of security. And, to help offset the cost of higher security, it explains how you can leverage investments in cybersecurity to capture market share and realize more profits.
The book's companion material also includes an executive guide to The National Institute of Standards and Technology (NIST) Cybersecurity Framework. It offers a business level overview of the following key terms and concepts, which are central to managing its adoption.
- Tiers
- Profiles
- Functions
- Informative References
About the Author: Rob Arnold entered the professional world of IT when what is today known as cybersecurity, was just part of the job. Rob spent two decades working and providing IT consulting, for companies ranging from Fortune 500 and large private firms, to small mom-and-pop shops, and everything in between. During this time, Rob wrote security policies, led companies through security-related compliance audits, and had several opportunities to do what is now called ethical hacking. Rob has solved many other problems for clients, ranging from securing executive communication from the prying eyes of untrusted IT staffers, to disaster recovery planning, to developing authentication and permission management software.
Rob returned to graduate school in 2010 where concept of risk management as applied to cybersecurity caught his attention. It was clear to him that risk management and the primary tool for measuring risk (a risk assessment) was well-suited to make investment decisions related to security. For his capstone project, he developed a unique strategic risk assessment that would lay the foundation for his next professional endeavor.
Rob founded Threat Sketch in 2015 and partnered with a financial and insurance risk expert to continue research and development. Their focus is on the development of cyber risk assessments to solve budgeting and planning problems for small and medium businesses. The addition of his business partner's professional risk-analysis knowledge marked the point where academic research transitioned to a practical tool.
The cybersecurity industry is awash with highly-technical advice, guides, and solutions. But there are few resources for business-minded owners and executives who need to understand the business aspects of managing cyber risk. This book distills Rob's practical and academic knowledge to help the leaders and decision-makers of small companies navigate the management of cyber risk. He is particularly in tune with what resources are available to small businesses and how they need to approach cybersecurity. His background helps him understand the unique constraints businesses of this size face, having worked many years in this industry.