Enterprise Cyber Risk Management as a Value Creator: Leverage Cybersecurity for Competitive Advantage
暫譯: 企業網路風險管理作為價值創造者:利用網路安全提升競爭優勢
Chaput, Bob
商品描述
This book will help you learn the importance of organizations treating enterprise cyber risk management (ECRM) as a value creator, a business enabler, and a mechanism to create a competitive advantage. Organizations began to see the real value of information and information technology in the mid-1980s. Forty years later, it's time to leverage your ECRM program and cybersecurity strategy in the same way.
The main topics covered include the case for action with specific coverage on the topic of cybersecurity as a value creator, including how the courts, legislators, and regulators are raising the bar for C-suite executives and board members. The book covers how the board's three primary responsibilities (talent management, strategy, and risk management) intersect with their ECRM responsibilities.
ECRM was once solely focused on managing the downside of risk by defending the organization from adversarial, accidental, structural, and environmental threat sources. Author Bob Chaput presents the view that we must focus equally on managing the upside of cyber strengths to increase customer trust and brand loyalty, improving social responsibility, driving revenue growth, lowering the cost of capital, attracting higher quality investments, creating competitive advantage, attracting and retaining talent, and facilitating M&A work. He focuses on the C-suite and board role in the first part and provides guidance on their roles and responsibilities, the most important decision about ECRM they must facilitate, and how to think differently about ECRM funding. You will learn how to the pivot from cost-center thinking to value-center thinking.
Having built the case for action, in the second part, the book details the steps that organizations must take to develop and document their ECRM program and cybersecurity strategy. The book first covers how ECRM must be integrated into business strategy. The remainder of that part presents a sample table of contents for an ECRM Program and Cybersecurity Strategy document and works through each section to facilitate development of your own program and strategy. With all the content and ideas presented, you will be able to establish, implement, and mature your program and strategy.
What You Will Learn
- Read new information and treat ECRM and cybersecurity as a value creator
- Receive updates on legal cases, legislative actions, and regulations that are raising the stakes for organizations, their C-suites, and boards
- Think differently about funding ECRM and cybersecurity initiatives
- Understand the most critical ECRM decision that boards must facilitate in their organizations
- Use practical, tangible, actionable content to develop and document your ECRM program and cybersecurity strategy
"This book should be mandatory reading for C-suite executives and board members. It shows you how to move from viewing cybersecurity as a risk to avoid, and a cost center that does not add value and is overhead, to seeing cybersecurity as an enabler and part of your core strategy to transform your business and earn customer and stakeholder trust."
--Paul Connelly, First CISO at the White House and HCA Healthcare
Who This Book Is For
The primary audience includes Chief Information Security Officers, Chief Risk Officers, and Chief Compliance Officers. The secondary audience includes C-suite executives and board members. The tertiary audience includes any stakeholder responsible for privacy, security, compliance, and cyber risk management or students of these topics.
商品描述(中文翻譯)
這本書將幫助您了解組織將企業網絡風險管理(ECRM)視為價值創造者、業務促進者以及創造競爭優勢的機制的重要性。自1980年代中期以來,組織開始認識到資訊和資訊技術的真正價值。四十年後,是時候以相同的方式利用您的ECRM計劃和網絡安全策略。
本書涵蓋的主要主題包括行動的理由,特別針對網絡安全作為價值創造者的主題,包括法院、立法者和監管機構如何提高C-suite高管和董事會成員的標準。本書探討了董事會的三項主要責任(人才管理、策略和風險管理)如何與其ECRM責任交集。
ECRM曾經僅專注於通過防禦組織免受對抗性、意外、結構性和環境威脅來源的影響來管理風險的下行面。作者Bob Chaput提出,我們必須同樣專注於管理網絡優勢的上行面,以增強客戶信任和品牌忠誠度、改善社會責任、推動收入增長、降低資本成本、吸引更高質量的投資、創造競爭優勢、吸引和留住人才,以及促進併購工作。他在第一部分專注於C-suite和董事會的角色,並提供有關他們的角色和責任的指導,必須促進的ECRM最重要決策,以及如何以不同的方式思考ECRM資金。他將教您如何從成本中心思維轉變為價值中心思維。
在建立行動理由後,第二部分詳細說明了組織必須採取的步驟,以開發和記錄其ECRM計劃和網絡安全策略。本書首先介紹ECRM必須如何融入業務策略。該部分的其餘內容提供了一個ECRM計劃和網絡安全策略文件的樣本目錄,並逐步解析每個部分,以促進您自己計劃和策略的發展。通過所有內容和想法的呈現,您將能夠建立、實施和成熟您的計劃和策略。
您將學到的內容:
- 閱讀新資訊並將ECRM和網絡安全視為價值創造者
- 獲取有關法律案件、立法行動和提高組織、其C-suite和董事會風險的最新資訊
- 以不同的方式思考ECRM和網絡安全倡議的資金
- 理解董事會在其組織中必須促進的最關鍵ECRM決策
- 使用實用、具體、可行的內容來開發和記錄您的ECRM計劃和網絡安全策略
「這本書應該是C-suite高管和董事會成員的必讀書籍。它告訴您如何從將網絡安全視為需要避免的風險和不增值的成本中心,轉變為將網絡安全視為促進者和您核心策略的一部分,以轉型您的業務並贏得客戶和利益相關者的信任。」
--Paul Connelly,白宮首任CISO及HCA Healthcare
本書的主要讀者包括首席資訊安全官、首席風險官和首席合規官。次要讀者包括C-suite高管和董事會成員。第三類讀者包括任何負責隱私、安全、合規和網絡風險管理的利益相關者或這些主題的學生。
作者簡介
Bob Chaput, NACD.DC, is the author of "Stop the Cyber Bleeding: What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management (ECRM)." He is also the Founder and Executive Chairman of Clearwater, a leading provider of cybersecurity, risk management, and HIPAA compliance software, consulting, and managed services. As a leading authority in cybersecurity regulatory compliance and enterprise cyber risk management, Bob has assisted dozens of organizations and their business partners, including Fortune 100 organizations, improve their risk posture. Bob's degrees include an MA in Mathematics from Clark University and a BA in Mathematics from the Massachusetts College of Liberal Arts. In addition to the NACD.DC Directorship Certification, Bob holds numerous privacy, security, and cyber risk management certifications. He is a faculty member at IANS Research.
Bob decided to write this book to help facilitate the role of Chief Information Security Officers (CISO) to better integrate into their businesses and interact with C-suite executives and board members. As happened when Chief Information Officers (CIO) began to 'earn a seat at the table decades ago, there is a significant communications gap between this newly discovered role, the C-suite, and the board. Bob's goal is to make CISOs and their boards successful in better understanding one another and better in managing cyber risks and opportunities. The aim of this book is to help close the communications gap by linking CISOs with the three main topics that boards deal with: talent management, strategy, and risk management.
作者簡介(中文翻譯)
**Bob Chaput, NACD.DC** 是《停止網路傷害:醫療保健高管和董事會成員必須了解的企業網路風險管理 (ECRM)》的作者。他也是Clearwater的創始人和執行主席,Clearwater是一家領先的網路安全、風險管理和HIPAA合規性軟體、諮詢及管理服務提供商。作為網路安全法規遵循和企業網路風險管理的權威,Bob已協助數十個組織及其商業夥伴,包括《財富》100強企業,改善其風險狀況。Bob擁有克拉克大學的數學碩士學位和麻薩諸塞州文理學院的數學學士學位。除了NACD.DC董事資格認證外,Bob還擁有多項隱私、安全和網路風險管理的認證。他是IANS Research的教職員。
Bob決定撰寫這本書,以幫助首席資訊安全官 (CISO) 更好地融入其業務並與C-suite高管和董事會成員互動。正如數十年前首席資訊官 (CIO) 開始「獲得席位」時所發生的那樣,這個新發現的角色、C-suite和董事會之間存在著顯著的溝通差距。Bob的目標是使CISO及其董事會在更好地理解彼此和更有效地管理網路風險與機會方面取得成功。本書的目的是通過將CISO與董事會所處理的三個主要主題:人才管理、策略和風險管理聯繫起來,來幫助縮小這一溝通差距。
