Introduction

The number of cyber attacks continues to rise. Demand for safe and secure data and other concerns mean that companies need professionals to keep their information safe. Cybersecurity risk includes not only the risk of a data breach, but also the risk of the entire organization being undermined via business activities that rely on digitization and accessibility. As a result, learning how to develop an adequate cybersecurity program is crucial for any organization. Cybersecurity can no longer be something that you delegate to the information technology (IT) team. Everyone needs to be involved, including the Board of Directors.

This book focuses on industry-leading practices and standards, such as the International Organization for Standardization (ISO) standards and the National Institute of Standards and Technology (NIST) Cybersecurity Framework and Special Publications. This book provides detailed guidance on how to effectively develop a cybersecurity program within your organization. This book is intended for anyone who is preparing for a leadership position in business, government, academia, financial services, or health-care. Mastering the material presented in this book is a must for any cybersecurity professional.

This book starts by providing an overview of cybersecurity policy and governance, and how to create cybersecurity policies and develop a cybersecurity framework. It then provides details about governance, risk management, asset management, and data loss prevention. You will learn how to incorporate human resource, physical, and environmental security as important elements of your cybersecurity program. This book also teaches you best practices in communications and operations security, access control management, and information systems acquisition, development, and maintenance. You will learn principles of cybersecurity incident response and how to develop an incident response plan. Organizations across the globe have to be aware of new cybersecurity regulations and how they affect their business in order to remain compliant. Compliance is especially crucial because the punishments for noncompliance typically include large fines. Three chapters in this book cover regulatory compliance for financial institutions and health-care institutions and provide detailed insights about the Payment Card Industry Data Security Standard (PCI DSS). The last chapter provides an overview of the NIST Cybersecurity Framework, and Appendix A provides comprehensive lists of resources covered throughout the book. Anyone—from cybersecurity engineers to incident managers, auditors, and executives—can benefit from the material covered in this book.