Building an Effective Cybersecurity Program

When I was writing the first edition of this book, I knew that certain aspects of it would become dated owing to rapid changes in the cybersecurity industry, threat landscape and providers. Two years later I take full measure of all that has evolved in the cybersecurity world. Increasing zero-day attacks, growth of state-sponsored adversaries and consolidation of cybersecurity products and services all converged to shape where we are today. We have also witnessed some of the world’s largest data breach events, increasingly destructive ransomware attacks and changes in legal and regulatory statutes. Aside from substantial updates of standards, source links and cybersecurity products here is what’s new in the second edition: 50+ callout boxes highlighting cyberattacks and important resources. 60 self-study questions to hone your knowledge. 25 overviews of cybersecurity technologies. Expanded coverage of the intersection of cybersecurity and privacy. Expanded coverage of security training strategies. A new security talent development section. Discussion of cyber insurance policies. A new security testing strategies section. New adversary profiles. Expansion of attack surface discussion. Inclusion of new threat frameworks. Inclusion of a service management catalog. Introduction to emerging cybersecurity technologies. 17 powerful templates to document your cybersecurity program. I have always envisioned keeping this book regularly updated to ensure you would have a reliable cybersecurity reference source. I see this book as a forum to express my views on protecting assets and information. I also see it as a way to share what I learn through teaching Chief Information Security Officers (CISOs). Teaching affords me a platform to learn how some of the largest companies in the world address cybersecurity. I look forward to sharing future updates with you.