Cybersecurity Risk Management. Cynthia Brumfield
Чтение книги онлайн.

Читать онлайн книгу Cybersecurity Risk Management - Cynthia Brumfield страница 5

Название: Cybersecurity Risk Management

Автор: Cynthia Brumfield

Издательство: John Wiley & Sons Limited

Жанр: Зарубежная компьютерная литература

Серия:

isbn: 9781119816300

isbn:

СКАЧАТЬ

      138  114

      139 115

      140  116

      141 117

      142 118

      143  119

      144  120

      145  121

      146 122

      147 123

      148 124

      149 125

      150 126

      151 127

      152 128

      153 129

      154 130

      155  131

      156 132

      157 133

      158 134

      159 135

      160 136

      161 137

      162 138

      163 139

      164 140

      165 141

      166 142

      As a professor who has developed cybersecurity education programs for industry, academia, and the government, I know first-hand how difficult it can be for even advanced IT professionals to grasp the complex concepts in cybersecurity. In my role as Executive Director of the Center for Information Assurance and Cybersecurity at the University of Washington in Seattle, among other positions I hold, I have seen even the best and brightest of the nation’s high-tech sector struggle when it comes to this still-new discipline. The difficulty is compounded by the varied missions that public, private, and academic organizations pursue.

      My center at the University of Washington is a Center of Academic Excellence in both Cybersecurity Education and Research, so designated by the National Security Agency and the Department of Homeland Security. This honor means that we are well placed to help bridge the cybersecurity communications gaps that exist across crucial sectors of society: government, industry, and academia.

      At the University of Washington, we take a pragmatic approach to equipping our students with the skills they need to enter the cybersecurity workforce. We emphasize critical thinking along with information management and technical skills so that we graduate ‘breach-ready’ students. Since there is no system that is 100% secure, we ingrain in our students the importance of having risk management tools in their toolkit, so they are equipped to make rational choices about what to protect and where to spend scarce cybersecurity dollars. We’ve found that the NIST Cybersecurity Framework is highly useful in conveying concepts in risk management.

      The Framework does not offer step-by-step instruction on installing a firewall, for example, nor does it recommend any specific technology for, say, managing patch updates. Instead, it offers a way to comprehensively manage cybersecurity risks by drawing on the best-of-breed conceptual thinking from other risk management frameworks, informed by prevailing standards. It teaches our students how to think about solving a cybersecurity problem and that there is no ‘one-size-fits-all’ solution.

      By walking the fine line between nitty-gritty technical discussions and high-level conceptual models, Cybersecurity Risk Management: Mastering the Fundamentals using the NIST Cybersecurity Framework should leave its readers with a new way of thinking about cybersecurity risk management. I hope that it also gives them the confidence to dive deeper into the growing number of cybersecurity disciplines that make up the cybersecurity field.

       Barbara Endicott-Popovsky, Ph.D., CRISC

       Executive Director, Center for Information Assurance and Cybersecurity

       Professor, University of Washington

       November 2021

      This book is the culmination of at least eight years of research on how organizations can better position themselves to manage cybersecurity risk. My work on the material in this book began in 2013 when CSO Online commissioned me to document the development of what is now known as the NIST Cybersecurity Framework.

      To accomplish this documentation, I attended all six of the workshops that led to the Framework’s release in 2014, flying to universities around the country and talking to the world’s leading cybersecurity experts for my CSO reports. A trade association also hired me to help industry executives understand cybersecurity. This client subsequently hired me to develop a series of courses to help train their workforce, particularly their non-cybersecurity technical personnel, in the best risk management practices using the NIST Cybersecurity Framework as a guide. (And I’m grateful that I was able to retain the rights to most of my work for this client.)

      I’ve based the content of this book on the many discussions I have had with experts who have graciously given me their time over the years to explain how they manage risks in their organizations. Thanks to the following individuals in particular, whose skill and guidance helped bring many of the NIST concepts, so often abstract and high-level, down to earth and understandable to non-cybersecurity tech workers:

       Paul Anderson, Director of Corporate Information Services, Hubbard Broadcasting,

       Howard Price, formerly CBCP/MBCI, Senior Manager, Business Continuity Planning Corporate Risk Management, The Walt Disney Company,

       Dan Ryan, formerly Vice President, Information Technology, Nexstar Broadcasting, Inc.; now Head of Information Technology at Standard Media Group LLC,

       Eric Winter, Vice President of Investigations and Technical Risk, Cox Enterprises,

       Mike Kelley, Vice President, Chief Information Security Officer, The E.W. Scripps Company,

       Jim Davis, formerly Director, Infrastructure & Service Delivery, Cox Media Group,

       Michael Funk, Director of Information Technology, Quincy Media, Inc., and

       Eric Neel, Director Information Technology Infrastructure, Hubbard Broadcasting

СКАЧАТЬ