This book is written for the manager, senior executive or company director who has some role in oversight or governance of Cyber Security.
This book will provide you with an understanding of cyber security from your perspective, whether your primary role is finance, marketing, or the CEO.
With a writing style tailored to senior management, it provides the insights and tools required to bridge the gap between technical functions and governance.
Who this book is for
if it hasn't happened to your business already, it will!
Someone, somewhere, will hack into your systems, steal customer data, and disrupt your organisation. Every 14 seconds, a business or organisation is attacked - nearly 4,000 new cyber-attacks happen daily.
The title reflects the senior manager who thought all this cyber stuff was taken care of when they hired an expert and has now been faced with a disaster they were not expecting.
This book is not intended to make you a cyber expert.
This book provides business leaders with the essential information required to engage in well-informed discussions with cybersecurity experts. By arming yourself with the knowledge presented here, you will be equipped to have productive conversations about how these professionals are safeguarding your company assets. The insights presented here will enable you to understand the threat landscape and make strategic decisions alongside your technical teams to fortify company defences. With clear communication and alignment between business objectives and security priorities, your organisation can build robust protections to match the ever-evolving risks of the digital domain. Read this guide with the purpose of gaining the perspective needed to direct resources wisely toward strengthening your systems against those who would do them harm. Knowledge and preparation are key to establishing effective partnerships between business leaders and their cybersecurity workforce. As a manager, you need to be armed with enough knowledge so that you can assess and evaluate what is happening to your organisation.
You need to be armed with the language and enough background so that when someone says, “We have been hacked” you can provide effective oversight and governance to a co-ordinated response.
A Federal Court ruling in Australia, with respect to a very large property group (Centro), found that Directors were liable for misstatements in their company's financial accounts and could not rely on the advice of either managers or external advisers.
This ruling is critical. It underscores that as leaders of businesses and public sector organisations, you cannot rely on a defence of “Our consultants said it was okay”. You are required, by law, to have a reasonable understanding of those aspects of your organisation over which you have management and oversight.
The requirement for directors and officers to make informed decisions is a common feature in corporate law across almost every jurisdiction. The USA, UK, Canada, Australia and other countries all have equivalent requirements. The law in each country knows you cannot be an expert on everything, and it doesn't ask you to be. What it asks is for a "reasonable" effort, the kind of effort that shows you care about getting it right, not just getting it done. This isn't just about ticking boxes; it's about genuine understanding and thoughtful consideration.
But the law also recognises that you can't get bogged down in details. It asks for a balance, for the wisdom to know how deep to go without losing sight of the bigger picture. It demands responsibility without paralysis and care without over-caution.
These principles aren't just rules in a book; they echo a global understanding. From the bustling boardrooms of New York to the growing businesses in London, there's an international nod, a shared agreement that this is how leaders should lead. It's not just about following the rules; it's about embracing a way of thinking, a way of leading that's recognised worldwide.
These laws mirror what's expected of a leader today: to be insightful, responsible, balanced, and, above all, to be someone who leads not by chance but by choice. It's about being the captain who knows the ship, the sea, and the journey ahead. That's the kind of leader the world believes in, and that's the kind of leader the law expects you to be.
When it comes to managing risk, cyber security is right up there. This book will help you to understand cyber security. More importantly, it will help you ask the right questions and comprehend the answers you are being given. This book will help you sort fact from fiction and make informed decisions.
Here is what we will discuss in this book
This book is aimed at executives who need to understand cybersecurity in plain language. It emphasises that as leaders, executives have a responsibility to have a working knowledge of cybersecurity issues affecting their organisations and the language that the experts use when discussing this subject.
The introductory chapter overviews cybersecurity, its history from the 1960s onwards, and why it matters today. It notes that cyber attacks are common threats that all businesses face.
Chapter 1 covers basics like defining cybersecurity, its objectives like confidentiality and system availability, and the challenges in the field. It explains how the Internet has changed power dynamics globally.
Chapter 2 explores cyber threats and emerging trends, like information warfare, surveillance, and the types of risks that you organisation will face. It uses examples like the Facebook-Cambridge Analytica scandal to discuss appropriate responses.
Chapter 3 looks at the global landscape of cybersecurity, issues like intellectual property theft, and international conventions. It introduces frameworks like the Information Security Forum's Standard of Good Practice.
Chapter 4 examines relevant laws in the US and EU. It compares the US CLOUD Act and EU GDPR, highlighting potential conflicts.
Chapter 5 provides an overview of international agreements and conventions related to cybersecurity.
Chapter 6 focuses on risk assessment and management. It explores methodologies for analyzing cyber risks.
Chapter 7 covers cybersecurity standards and frameworks that can be implemented for governance. It looks at ISO standards and industry best practices.
Chapter 8 discusses ethics in cybersecurity, emphasising principles like privacy, integrity, responsible disclosure, and avoiding harm.
In summary, the guide aims to equip executives with enough knowledge to understand cybersecurity issues, ask informed questions, and make sound decisions related to cyber risks. It covers a wide range of topics relevant for leaders seeking cybersecurity knowledge.
The goal of this book is to empower you with the knowledge and skills necessary to provide effective governance and oversight of the cybersecurity program and responses, enabling your organisation to operate safely in an increasingly complex digital world. As technology continues to evolve, the importance of cybersecurity will only grow. It's our responsibility to stay ahead of the curve, anticipating threats, and implementing robust strategies to keep our organisations secure. Let's embark on this journey together. Welcome to your cybersecurity journey.