Use the methodology in this study guide to design, manage, and operate a balanced enterprise cybersecurity program that is pragmatic and realistic in the face of resource constraints and other real-world limitations. This guide is an instructional companion to the book Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats. The study guide will help you understand the book’s ideas and put them to work. The guide can be used for self-study or in the classroom.
Enterprise cybersecurity is about implementing a cyberdefense program that will succeed in defending against real-world attacks. While we often know what should be done, the resources to do it often are not sufficient. The reality is that the Cybersecurity Conundrum―what the defenders request, what the frameworks specify, and what the budget allows versus what the attackers exploit―gets in the way of what needs to be done. Cyberattacks in the headlines affecting millions of people show that this conundrum fails more often than we would prefer.
Cybersecurity professionals want to implement more than what control frameworks specify, and more than what the budget allows. Ironically, another challenge is that even when defenders get everything that they want, clever attackers are extremely effective at finding and exploiting the gaps in those defenses, regardless of their comprehensiveness. Therefore, the cybersecurity challenge is to spend the available budget on the right protections, so that real-world attacks can be thwarted without breaking the bank.
People involved in or interested in successful enterprise cybersecurity can use this study guide to gain insight into a comprehensive framework for coordinating an entire enterprise cyberdefense program.
Those involved in or interested in successful enterprise cybersecurity (e.g., business professionals, IT professionals, cybersecurity professionals, and students). This guide can be used in a self-study mode. The book can be used by students to facilitate note-taking in the classroom and by Instructors to develop classroom presentations based on the contents of the original book, Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats.
Part I: The Cybersecurity Challenge
Chapter 1: Defining the Cybersecurity Challenge
Chapter 2: Meeting the Cybersecurity Challenge
Part II: A New Enterprise Cybersecurity Architecture
Chapter 3: Enterprise Cybersecurity Architecture
Chapter 4: Implementing Enterprise Cybersecurity
Chapter 5: Operating Enterprise Cybersecurity
Chapter 6: Enterprise Cybersecurity and the Cloud
Chapter 7: Enterprise Cybersecurity for Mobile and BYOD
Part III: The Art of Cyberdefense
Chapter 8: Building an Effective Defense
Chapter 9: Responding to Incidents
Chapter 10: Managing a Cybersecurity Crisis
Part IV: Enterprise Cyberdefense Assessment
Chapter 11: Assessing Enterprise Cybersecurity
Chapter 12: Measuring a Cybersecurity Program
Chapter 13: Mapping Against Cybersecurity Frameworks
Part V: Enterprise Cybersecurity Program
Chapter 14: Managing an Enterprise Cybersecurity Program
Chapter 15: Looking to the Future
Part VI: Appendices
Appendix A: Sample Cybersecurity Policy
Appendix B: Cybersecurity Operational Processes
Appendix C: Object Measurement
Appendix D: Cybersecurity Sample Assessment
Appendix E: Cybersecurity Capability Value Scales
