Buch, Englisch, 320 Seiten, Format (B × H): 156 mm x 234 mm
A Business Approach to Integrated Risk Management
Buch, Englisch, 320 Seiten, Format (B × H): 156 mm x 234 mm
ISBN: 978-1-041-24904-7
Verlag: Taylor & Francis
In boardrooms and C-suites across the globe, a dangerous disconnect persists. Security teams speak in technical jargon about vulnerabilities and patches while executives think in terms of revenue, reputation, and operational continuity. This communication gap isn't just inconvenient; it's potentially financially devastating.
The business world has created an artificial distinction between "cybersecurity risks" and "business risks" that causes substantial confusion and poor decision-making. Whether your manufacturing plant on the Gulf Coast goes offline because of ransomware or a hurricane, the business impact remains the same: lost production, missed deliveries, financial damage. The root cause matters far less than the business outcome.
"Cyber risk is a myth: it's about the business" removes this artificial separation. Drawing on court cases, stock market data, and hard evidence, this book establishes a revolutionary premise: when properly understood and communicated, security risks ARE business risks. They require the same frameworks, language, and decision processes as any other business risk.
The book provides a practical methodology for translating technical security concerns into business language, integrating security into enterprise risk frameworks, building compelling business cases for security investments, and developing metrics that resonate with executives. The result? Better-informed decisions, appropriate resource allocation, and security that truly enables business success.
Zielgruppe
Professional Practice & Development, Professional Reference, and Professional Training
Autoren/Hrsg.
Fachgebiete
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit Kryptographie, Datenverschlüsselung
- Mathematik | Informatik EDV | Informatik Computerkommunikation & -vernetzung Netzwerksicherheit
- Interdisziplinäres Wissenschaften Wissenschaften: Forschung und Information Risikobewertung, Risikotheorie
- Wirtschaftswissenschaften Finanzsektor & Finanzdienstleistungen Finanzsektor & Finanzdienstleistungen: Allgemeines
- Wirtschaftswissenschaften Betriebswirtschaft Management Risikomanagement
- Mathematik | Informatik EDV | Informatik Technische Informatik Computersicherheit Schadprogramme (Viren, Trojaner etc.)
- Wirtschaftswissenschaften Finanzsektor & Finanzdienstleistungen Versicherungswirtschaft
Weitere Infos & Material
Chapter 1 - THE MYTH OF CYBER RISK: 1.1. The Historical Separation of Cybersecurity and Business Risk, 1.2. The Language Problem: How Terminology Creates Artificial Divides, 1.3. The Costly Reality of Risk Silos, 1.4. Evidence for Integration: Better Business Outcomes, 1.5. A Unified Risk Model: Bringing Cyber and Business Together; Chapter 2 - LOST IN TRANSLATION: WHY TECHNICAL VULNERABILITIES DON'T RESONATE: 2.1. The Executive's Dilemma: Why Technical Vulnerability Reports Fail to Drive Action, 2.2. The Psychology of Risk Perception and Decision-Making, 2.3. When Technical Reports Miss the Mark, 2.4. Building a Translation Framework: Principles of Effective Risk Communication; Chapter 3 - BUSINESS IMPACT ANALYSIS: THE ESSENTIAL TRANSLATION TOOL: 3.1. The Business Impact Analysis Framework, 3.2. Systematically Connecting Technical Vulnerabilities to Business Processes, 3.3. Techniques for Quantifying Business Impacts, 3.4. Prioritizing Risks Based on Business Relevance, 3.5. Documenting and Communicating Translated Risks; Chapter 4 - INTEGRATING SECURITY INTO ENTERPRISE RISK MANAGEMENT: 4.1. Enterprise Risk Management Frameworks for Security, 4.2. Implementing Risk Registers for Security Integration, 4.3. Organizational Structures for Integrated Risk Management, 4.4. Establishing Risk Ownership and Accountability; Chapter 5 - BUILDING THE BUSINESS CASE FOR SECURITY INVESTMENTS: 5.1. Foundations of Business-Aligned Security Investment Proposals, 5.2. Quantifying Security Investment Value, 5.3. Demonstrating Value Beyond Risk Reduction, 5.4. Competing for Resources Against Business Alternatives, 5.5. Overcoming Common Objections to Security Investments; Chapter 6 - METRICS THAT MATTER: MEASURING SECURITY IN BUSINESS TERMS: 6.1. The Problem with Traditional Security Metrics, 6.2. Framework for Business-Relevant Security Metrics, 6.3. Linking Security Activities to Business Outcomes, 6.4. Stakeholder-Specific Metrics and Reporting, 6.5. Visualization and Communication Techniques; Chapter 7 - GOVERNANCE MODELS FOR INTEGRATED SECURITY AND RISK: 7.1. Foundations of Integrated Security Governance, 7.2. Decision Authority Frameworks, 7.3. Governance Structures and Reporting Relationships, 7.4. Implementation Models for Integrated Governance, 7.5. Overcoming Resistance to Integrated Governance; Chapter 8 - CREATING A CULTURE OF INTEGRATED RISK MANAGEMENT: 8.1. Understanding the Current State of Risk Culture, 8.2. Changing Entrenched Thinking About Security, 8.3. Breaking Down Organizational Silos, 8.4. Building Risk Awareness Beyond Security Teams, 8.5. Incentivizing Collaborative Risk Management, 8.6. Measuring Cultural Progress and Maintaining Momentum; Chapter 9 - FROM RISK REDUCTION TO BUSINESS ENABLEMENT: 9.1. The Evolution of Security's Business Role, 9.2. Framework for Identifying Security's Business Enabling Functions, 9.3. Security as a Driver of Business Opportunities, 9.4. Positioning Security as a Competitive Differentiator, 9.5. Measuring and Communicating Security's Business Value; Chapter 10 - PUTTING IT ALL TOGETHER: INTEGRATED RISK MANAGEMENT IN ACTION: 10.1. What Successful Integration Looks Like in Practice, 10.2. How Real Organizations Have Transformed Their Approach to Security Risk, 10.3. Implementation Roadmap for Your Organization, 10.4. Overcoming Common Challenges in the Transformation Journey, 10.5. Measuring Progress and Sustaining Momentum; References.
