You are previewing Cyber Risks for Business Professionals.
O'Reilly logo
Cyber Risks for Business Professionals

Book Description

Realise the benefits of Internet technologies, while ensuring your company is protected from the associated risks!

An effective risk management strategy is vital to your company's survival

Internet technologies have revolutionised the way that business is conducted. However, these innovations expose your business to various risks. Inadequate security can lead to the theft of customer data and, in the event of technological failure or a cyberattack, your business could lose its ability to function altogether. An effective risk management strategy is, therefore, vital to your company's survival.

Understand the origins of cyber risks and develop suitable strategies for their management

Cyber Risks for Business Professionals: A Management Guide is a general guide to the origins of cyber risks and to developing suitable strategies for their management. It provides a breakdown of the main risks involved and shows you how to manage them. Covering the relevant legislation on information security and data protection, the author combines his legal expertise with a solid, practical grasp of the latest developments in IT to offer a comprehensive overview of a highly complex subject.

Expert guidance examining the operational and technological risks

Drawing on interviews with experts from Clifford Chance, Capgemini and Morgan Stanley amongst others, the book examines the operational and technological risks alongside the legal and compliance issues. This book will be invaluable to lawyers and accountants, as well as to company directors and business professionals.

Benefits to business include:

  • Understand and manage the technological risks This book looks at the security issues surrounding Cloud computing, and highlights the problems that have arisen as a result of the use of laptop computers and memory sticks for remote working. Implementing a risk management framework will offer reassurance to your existing customers and improve your chances of winning new business.

  • Familiarise yourself with the legal issues You need to be aware of the laws that govern your activities when you do business online. The author offers you a guide to the most important aspects of IT law, and outlines the implications of recent legislation. The author also looks at the compliance requirements of PCI DSS (the Payment Card Industry Data Security Standard).

  • Control employee use of Web 2.0 technologies While sites such as Facebook and LinkedIn help people to develop business contacts, employee misuse of social networking sites also causes problems, ranging from damage to the company's reputation to breaches of commercial confidentiality. This book offers advice on the right policy to adopt to ensure your staff use Web 2.0 technologies responsibly.

  • Use technology to address the risks This book introduces you to IT solutions that you can deploy to improve your information security, such as encryption and digital watermarking. It also looks at how you can monitor and control e-mail to prevent the leaking of sensitive information.

"

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright Page
  4. Foreword
  5. Preface
  6. About the Author
  7. Acknowledgements
  8. Contents
  9. Part 1 – Identifying Cyber Risks
    1. Chapter 1: Setting the Scene
      1. The importance of IT
      2. The importance of the Internet
      3. Internet risk
      4. Internet risk implications
      5. The importance of governance
      6. Managing risk
      7. The need for governance principles
    2. Chapter 2: Technology Risks
      1. Communications risk
      2. Information security risk
      3. Business continuity risk
      4. IT outsourcing risks
      5. Social networking risks
    3. Chapter 3: Legal Compliance Risks
      1. Website management
      2. Consumers and services
      3. Jurisdiction and applicable laws
      4. Internet abuse
      5. Monitoring and surveillance
      6. Social networking
      7. IT outsourcing risks
    4. Chapter 4: Operational Risks
      1. Employee use of e-mail
      2. Employee use of the Internet
      3. Website management
      4. Delivery of electronic services
      5. Miscellaneous
  10. Part 2 – Risk Management Strategies
    1. Chapter 5: The Need for Governance
      1. Strategy
      2. Corporate governance
      3. IT governance
      4. Project governance
      5. Risk
    2. Chapter 6: Assessing Risk
      1. Risk concepts
      2. Approaching risk assessment
      3. Objectives and benefits
      4. The risk assessment
      5. The risk control plan
      6. The risk register
      7. Risk assessment techniques – ISO/IEC 31010: 2009
    3. Chapter 7: Risk Management Strategies
      1. Senior management
      2. Risk management principles
      3. Objectives
      4. Benefits
      5. Cyber risk management framework
      6. Standards certification
      7. Risk compliance provisions
  11. Part 3 – Cyber Risk Solutions
    1. Chapter 8: Technology Solutions
      1. Communications
      2. Information and data security
      3. Networks
      4. Identity and access management
      5. General information and data control
      6. World Wide Web controls
      7. Online payment systems
      8. Business continuity
      9. Traditional outsourcing
      10. Web 2.0 security
    2. Chapter 9: Compliance Solutions
      1. Website management
      2. Clients and services
      3. Jurisdiction and applicable law
      4. Internet abuse
      5. Monitoring and surveillance
    3. Chapter 10: Operational Solutions
      1. Internet policies
      2. Specific policies
      3. Cyberliability insurance
    4. Chapter 11: The Cybersecure Entity
      1. Strategic and operational changes
      2. Managing change
      3. The cybersecure organisation
      4. Governance implications
      5. Integrating the cyber risk team
      6. Conclusion
  12. ITG Resources