You are here

Cybersecurity Readiness
Share

Cybersecurity Readiness
A Holistic and High-Performance Approach

First Edition


March 2021 | 336 pages | SAGE Publications, Inc

"Information security has become an important and critical component of every organization. In his book, Professor Chatterjee explains the challenges that organizations experience to protect information assets. The book sheds light on different aspects of cybersecurity including a history and impact of the most recent security breaches, as well as the strategic and leadership components that help build strong cybersecurity programs. This book helps bridge the gap between academia and practice and provides important insights that may help professionals in every industry."

Mauricio Angee, Chief Information Security Officer, GenesisCare USA, Fort Myers, Florida, USA

"This book by Dave Chatterjee is by far the most comprehensive book on cybersecurity management. Cybersecurity is on top of the minds of board members, CEOs, and CIOs as they strive to protect their employees and intellectual property. This book is a must-read for CIOs and CISOs to build a robust cybersecurity program for their organizations."
Vidhya Belapure, Chief Information Officer, Huber Engineered Materials & CP Kelco, Marietta, Georgia, USA

Cybersecurity has traditionally been the purview of information technology professionals, who possess specialized knowledge and speak a language that few outside of their department can understand. In our current corporate landscape, however, cybersecurity awareness must be an organization-wide management competency in order to mitigate major threats to an organization’s well-being—and be prepared to act if the worst happens.

With rapidly expanding attacks and evolving methods of attack, organizations are in a perpetual state of breach and have to deal with this existential threat head-on. Cybersecurity preparedness is a critical and distinctive competenc
y, and this book is intended to help students and practitioners develop and enhance this capability, as individuals continue to be both the strongest and weakest links in a cyber defense system.

 

In addition to providing the non-specialist with a jargon-free overview of cybersecurity threats, Dr. Chatterjee focuses most of the book on developing a practical and easy-to-comprehend management framework and success factors that will help leaders assess cybersecurity risks, address organizational weaknesses, and build a collaborative culture that is informed and responsive. Through brief case studies, literature review, and practical tools, he creates a manual for the student and professional alike to put into practice essential skills for any workplace. 

 
Preface
 
Foreword
 
Endorsements
 
Acknowledgments
 
About the Author
 
Chapter 1. Introduction: The Challenge of Cybersecurity
 
Chapter 2. The Cyberattack Epidemic
2.1 Expanding Hardware and Software Attack Surfaces

 
2.2 The Human Vulnerability Factor

 
2.3 Growing Attack Vectors

 
2.4 Nature and Extent of Impact

 
 
Chapter 3. Breach Incidents and Lessons Learned
3.1 The Capital One Breach That Exposed 100 Million Applicants and Customer Information

 
3.2 British Airways Ordered to Pay a Record Fine of $230 Million

 
3.3 Target Retail Chain Experiences an External Intrusion That Compromised Millions of Customers’ Data

 
3.4 Adult Friend Finder Site Breach Exposes Millions of Customer Records

 
3.5 Three Billion Yahoo User Accounts Compromised

 
3.6 Equifax Data Breach Exposes Millions of Customers’ Data

 
3.7 Adobe Breach Exposes 38 Million Customer Records

 
3.8 Anthem Breach Affects 78.8 Million People

 
 
Chapter 4. Foundations of the High-Performance Information Security Culture Framework
4.1 Organizational Culture and Firm Performance

 
4.2 Organizational Culture and Cybersecurity

 
4.3 High-Reliability Organizational Culture Traits

 
 
Chapter 5. Commitment
5.1 Hands-On Top Management

 
5.2 “We-Are-in-It-Together” Culture

 
5.3 Cross-Functional Participation

 
5.4 Sustainable Budget

 
5.5 Strategic Alignment and Partnerships

 
5.6 Joint Ownership and Accountability

 
5.7 Empowerment

 
 
Chapter 6. Preparedness
6.1 Identify

 
6.2 Protect

 
6.3 Detect

 
6.4 Respond and Recover

 
 
Chapter 7. Discipline
7.1 Information Security Governance Policy

 
7.2 Communications and Enforcement of Policies

 
7.3 Continuous Monitoring

 
7.4 Continuous Performance Assessment and Improvement

 
7.5 Security Audits and Drills

 
7.6 Penetration Testing and Red Team Exercises

 
 
Chapter 8. Key Messages and Actionable Recommendations
8.1 Commitment

 
8.2 Preparedness

 
8.3 Discipline

 
 
Appendix 1 Information Security Monitoring Controls
 
Appendix 2 Cybersecurity Performance Measures
 
Appendix 3A Cybersecurity Readiness Scorecard: Commitment
 
Appendix 3B Cybersecurity Readiness Scorecard: Preparedness
 
Appendix 3C Cybersecurity Readiness Scorecard: Discipline
 
Appendix 4 Cybersecurity and Privacy Laws and Regulations
 
Appendix 5 Physical, Technical, and Administrative Controls: A Representative List
 
Appendix 6 Case Studies
 
Cybersecurity Resources
 
Index

Information security has become an important and critical component of every organization. In his book, Professor Chatterjee explains the challenges that organizations experience to protect information assets. The book sheds light on different aspects of cybersecurity including a history and impact of the most recent security breaches, as well as the strategic and leadership components that help build strong cybersecurity programs. This book helps bridge the gap between academia and practice and provides important insights that may help professionals in every industry.

Mauricio Angee, Chief Information Security Officer
GenesisCare USA

This book by Dave Chatterjee is by far the most comprehensive book on cybersecurity management. Cybersecurity is on top of the minds of board members, CEOs, and CIOs as they strive to protect their employees and intellectual property. This book is a must-read for CIOs and CISOs to build a robust cybersecurity program for their organizations.

Vidhya Belapure, Chief Information Officer
Huber Engineered Materials & CP Kelco

Professor Chatterjee’s Cybersecurity Readiness: A Holistic and High-Performance Approach fills a critical unmet need for concise, timely, and actionable information for information technology and business leaders. So much of the literature available today is either too high level or too detailed to be usable by most practitioners. The book’s novel Cybersecurity Readiness Scorecard is a tool that any business should be able to use to better manage their risk.

Mike Benz, Partner and Fractional CIO
Fortium Partners

Business executives in today’s world are aware of cybersecurity threats, but many of them are not comfortable with technical discussions. Dr. Chatterjee has made an excellent effort to help business executives understand cybersecurity risks and learn how to mitigate them at the management level. A systematic approach described in this book will help executives launch an effective cybersecurity strategy. I would highly recommend this book for all business and IT executives.

Shoukat Ali Bhamani, Chief Information and Digital Officer
Schaeffler

It is time for a holistic (and high-performance) approach to cybersecurity. While cybersecurity remains, nay grows, a pandemic in its own right, it is increasingly more than simply an engineering problem, a network problem, an access problem, or a denial of service problem, awaiting technical solutions. It is all of the above and then some. It is an overarching and alarming business problem. From an accounting/ auditing perspective, it represents a going concern issue; from a managerial standpoint, it may lead to reputation loss, capital market misgivings, internal audit harangues, external audit jitters, legal woes, privacy implications, customer flight, penalties, and it questions the very survival of corporate and non-corporate entities. This book, in response, spans a wide range of issues such as privacy, national and transnational guidelines, opt-in vs. opt-out, ransomware, the use of crypto-currencies, the dark web, occasional sovereign nation sponsorships of miscreants and malware, and it presents a solution scorecard and other approaches that appeal to more than the technical or IT wings of an enterprise. These issues are more likely to be understood and acted upon by enterprise and enterprising managers. It is this holistic perspective, then, of a growing cyber pandemic, that sets this book apart and makes for its likely adoption by the government, the corporate sector and academia alike. Cybersecurity issues need to be addressed and managed holistically and this book tells us how.

Professor Som Bhattacharya, Dean, College of Business and Management
University of Illinois at Springfield

In the age of pandemic, the importance of cybersecurity readiness cannot be overemphasized. While a number of authors have focused on the technical aspects of cybersecurity, this book uniquely blends technology with management of cybersecurity and does it in a lucid and comprehensive manner. The author's vast experience and regular interactions with the people in the field is showcased in the engaging writing style involving practical examples and case studies. The book fulfills a gap that exists in the area and makes a timely and worthwhile contribution. The coverage of topics is extensive and depth of topics will fascinate even the specialized cybersecurity expert. This book is a must-have for academics and practitioners who want to learn about and manage the efforts toward creating cybersecurity awareness and preparedness in organizations.

Professor Indranil Bose
Indian Institute of Management Calcutta

Dr. Dave Chatterjee is a renowned scholar and technology thought leader. His vast knowledge and insight into the world of cybersecurity is well known and widely sought after by industry, academic, and government leaders around the globe. Now he delivers a book that gives leaders a real-world, coherent understanding of what they face and the multiple dimensions necessary to prepare and respond. I highly recommend reading Dr. Chatterjee’s book to learn and benefit from his years of experience and perceptions into this important subject.

Dr. Anne DeBeer, Former Senior Vice President & Chief Information Officer/Chief Financial Officer
Federal Reserve Bank of Atlanta

While there are many publications focused on the technical aspects of cybersecurity, very few provide such a well-formulated crosswalk between the technical and business sides of cyber risk. Cybersecurity Readiness: A Holistic and High-Performance Approach provides a clear roadmap for security practitioners to utilize as they build comprehensive information security programs, and it also guides business leaders and board members as they navigate through the journey of understanding and managing cyber risk as an enterprise risk.

Gretchen Hiley, Chief Information Security Officer, Senior Vice President, Global Information Security
Crawford & Company

With increasing importance of data as a source of competitive advantage, cybersecurity has moved beyond the confines of IT departments to an enterprise-wide endeavor. Professor Chatterjee takes a company culture-level perspective in his new book wherein he has dived deep into his years of experience as a cybersecurity expert and his role in advising firms and CIOs on this issue. This is an extremely relevant and timely piece of work that would advise many firms on the best organizational practices required to safeguard their data from cyberthreats. Professor Chatterjee leads his readers into the domain organizational aspects of cybersecurity and provides mechanisms to assess and plan a company’s readiness for future vulnerabilities and not just respond to the threats from a technical viewpoint. The book would find favor with an entire generation of business leaders interested in creating a secure organization.

Professor Ashish Kumar Jha
Trinity College Dublin

Very few issues in the modern world are as pervasive to individuals, corporations, and governments as that of cybersecurity. Dave brings to light aspects that have received too little attention, that is, the human factor, which provides a context that is central to this issue. The “success factors” he puts forward in the book provide any organization with the means to benchmark and monitor changes in programs of all sizes.

Professor Jimmie Lenz, Director, Master of Engineering in FinTech and Master of Engineering in Cybersecurity
Pratt School of Engineering, Duke University

For instructors

This book is not available as an inspection copy. For more information contact your local sales representative.

Purchasing options

Please select a format:

ISBN: 9781071837337
£46.00

SAGE Knowledge is the ultimate social sciences digital library for students, researchers, and faculty. Hosting more than 4,400 titles, it includes an expansive range of SAGE eBook and eReference content, including scholarly monographs, reference works, handbooks, series, professional development titles, and more.

The platform allows researchers to cross-search and seamlessly access a wide breadth of must-have SAGE book and reference content from one source.

SAGE Knowledge brings together high-quality content from across our imprints, including CQ Press and Corwin titles.