Название: CyRM: Mastering the Management of Cybersecurity Автор: David X Martin Издательство: CRC Press Год: 2021 Страниц: 147 Язык: английский Формат: pdf (true) Размер: 10.2 MB
Is your enterprise’s strategy for cybersecurity just crossing its fingers and hoping nothing bad ever happens? If so…you’re not alone. Getting cybersecurity right is all too often an afterthought for Fortune 500 firms, bolted on and hopefully creating a secure environment. We all know this approach doesn’t work, but what should a smart enterprise do to stay safe?
Today, cybersecurity is no longer just a tech issue. In reality, it never was. It’s a management issue, a leadership issue, a strategy issue: It’s a "must have right"…a survival issue. Business leaders and IT managers alike need a new paradigm to work together and succeed.
In 2020 hackers broke into Lockheed Martin, one of the largest US defense contractors, by targeting remote workers. All hackers need to gain access to a company is one vulnerable point; once they find that, they can seize control of a whole network. Once they’re in, they can steal data and secrets and even lock authorized users out of the network.
One of the biggest exposures for any company lies in the cloud. As supply chains become ever more complex, financial institutions rely on third parties to provide scale and agility. Third-party provides are often the vector that cyber intruders exploit to reach their intended target. This dramatically increases the attack surface - the constellation of opportunities available to hackers - that companies have to worry about. Trusting that third parties will attend to your security needs in the same manner you would isn’t a prudent strategy. If you rely on a weak set of interfaces to interact with cloud services, security issues can arise concerning confidentiality, integrity, availability, and accountability.
Here are a few examples of problems that may arise with cloud technology. Attackers now have the ability to use your (or your employees’) login information to remotely access sensitive data stored on the cloud; falsify and manipulate data through hijacked credentials; or inject malware, which gets embedded in the cloud servers. And, if operating in tandem, attackers can eavesdrop, compromise the integrity of sensitive information, and even steal data. What’s more, the services provided by third-party companies are elastic - in other words, there are different degrees or levels of service and security available in them. This fosters an inconsistent security model. Maybe you’ve heard of application programming interfaces (APIs). APIs are programming filters that give users the opportunity to customize features of their cloud services to fit business needs. While these programs are incredibly useful in the way they allow users to authenticate, provide access, and affect encryption, they also can create vulnerabilities. The biggest vulnerability of an API lies in the communication that takes place between applications - creating exploitable security risks and new attack surfaces.
After years of distinguished work as a corporate executive, board member, author, consultant, and expert witness in the field of risk management and cybersecurity, David X Martin is THE pioneering thought leader in the new field of CyRMSM. Martin has created an entirely new paradigm that approaches security as a business problem and aligns it with business needs. He is the go-to guy on this vitally important issue. In this new book, Martin shares his experience and expertise to help you navigate today’s dangerous cybersecurity terrain, and take proactive steps to prepare your company—and yourself —to survive, thrive, and keep your data (and your reputation) secure.
Скачать CyRM: Mastering the Management of Cybersecurity
Внимание
Уважаемый посетитель, Вы зашли на сайт как незарегистрированный пользователь.
Мы рекомендуем Вам зарегистрироваться либо войти на сайт под своим именем.