Foreword by Ron Hale xxiii
About the Editor xxxi
List of Contributors xxxiii
Acknowledgments xxxv
CHAPTER 1 Introduction 1
Domenic Antonucci, Editor and Chief Risk Officer, Australia
CHAPTER 2 Board Cyber Risk Oversight 11
Tim J. Leech, Risk Oversight Solutions Inc., Canada Lauren C. Hanlon, Risk Oversight Solutions Inc., Canada
CHAPTER 3 Principles Behind Cyber Risk Management 23
RIMS, the risk management society Carol Fox, Vice President, Strategic Initiatives at RIMS, USA
CHAPTER 4 Cybersecurity Policies and Procedures 35
The Institute for Risk Management (IRM) Elliot Bryan, IRM and Willis Towers Watson, UK Alexander Larsen, IRM, and President of Baldwin Global Risk Services Ltd., UK
CHAPTER 5 Cyber Strategic Performance Management 67
McKinsey & Company James M. Kaplan, Partner, McKinsey & Company, New York, USA Jim Boehm, Consultant, McKinsey & Company, Washington, USA
CHAPTER 6 Standards and Frameworks for Cybersecurity 81
Stefan A. Deutscher, Principal, Boston Consulting Group (BCG), Berlin Germany William Yin, Senior Partner and Managing Director, Boston Consulting Group (BCG), Hong Kong
CHAPTER 7 Identifying, Analyzing, and Evaluating Cyber Risks 97
Information Security Forum (ISF) Steve Durbin, Managing Director, Information Security Forum Ltd.
CHAPTER 8 Treating Cyber Risks 109
John Hermans, Cyber Lead Partner Europe, Middle East, and Africa at KPMG, The Netherlands Ton Diemont, Senior Manager at KPMG, The Netherlands
CHAPTER 9 Treating Cyber Risks Using Process Capabilities 123
ISACA Todd Fitzgerald, CISO and ISACA, USA
CHAPTER 10 Treating Cyber Risks'Using Insurance and Finance 143
Aon Global Cyber Solutions Kevin Kalinich, Esq., Aon Risk Solutions Global Cyber Insurance Practice Leader, USA
CHAPTER 11 Monitoring and Review Using Key Risk Indicators (KRIs) 159
Ann Rodriguez, Managing Partner, Wability, Inc., USA
CHAPTER 12 Cybersecurity Incident and Crisis Management 171
CLUSIF Club de la Sécurité de lInformation Français Gérôme Billois, CLUSIF Administrator and Board Member Cybersecurity at Wavestone Consultancy, France
CHAPTER 13 Business Continuity Management and Cybersecurity 185
Marsh Sek Seong Lim, Marsh Risk Consulting Business Continuity Leader for Asia, Singapore
CHAPTER 14 External Context and Supply Chain 193
Supply Chain Risk Leadership Council (SCRLC) Nick Wildgoose, Board Member and ex-Chairperson of SCRLC, and Zurich Insurance Group, UK
CHAPTER 15 Internal Organization Context 207
Domenic Antonucci, Editor and Chief Risk Officer, Australia Bassam Alwarith, Head of the National Digitization Program, Ministry of Economy and Planning, Saudi Arabia
CHAPTER 16 Culture and Human Factors 243
Avinash Totade, ISACA Past President UAE Chapter and Management Consultant, UAE Sandeep Godbole, ISACA Past President Pune Chapter, India
CHAPTER 17 Legal and Compliance 255
American Bar Association Cybersecurity Legal Task Force Harvey Rishikof, Chair, Advisory Committee to the Standing Committee on Law and National Security, USA Conor Sullivan, Law Clerk for the Standing Committee on National Security, USA
CHAPTER 18 Assurance and Cyber Risk Management 271
Stig J. Sunde, Senior Internal Auditor (ICT), Emirates Nuclear Energy Corporation (ENEC), UAE
CHAPTER 19 Information Asset Management for Cyber 281
Booz Allen Hamilton Christopher Ling, Executive Vice President, Booz Allen Hamilton, USA
CHAPTER 20 Physical Security 289
Radar Risk Group Inge Vandijck, CEO, Radar Risk Group, Belgium Paul Van Lerberghe, CTO, Radar Risk Group, Belgium
CHAPTER 21 Cybersecurity for Operations and Communications 309
EY Chad Holmes, Principal, Cybersecurity, Ernst & Young LLP (EY US) James Phillippe, Principal, Cybersecurity, Ernst & Young LLP (EY US)
CHAPTER 22 Access Control 321
PwC Sidriaan de Villiers, Partner'Africa Cybersecurity Practice, PwC South Africa
CHAPTER 23 Cybersecurity Systems: Acquisition, Development, and Maintenance 335
Deloitte Michael Wyatt, Managing Director, Cyber Risk Services, Deloitte Advisory, USA
CHAPTER 24 People Risk Management in the Digital Age 347
Airmic Julia Graham, Deputy CEO and Technical Director at Airmic, UK
CHAPTER 25 Cyber Competencies and the Cybersecurity Offi cer 359
Ron Hale, PhD, CISM, ISACA, USA
CHAPTER 26 Human Resources Security 369
Domenic Antonucci, Editor and Chief Risk Offi cer, Australia
Epilogue 375
Becoming CyberSmart TM: a Risk Maturity Road Map for Measuring Capability Gap-Improvement
Domenic Antonucci, Editor and Chief Risk Officer (CRO), Australia Didier Verstichel, Chief Information Security Offi cer (CISO) and Chief Risk Officer (CRO), Belgium
Background 375
Becoming CyberSmartTM 376
About Domenic Antonucci 392
About Didier Verstichel 392
Glossary 393
Index 399