Book Review: Cyber Strategy: Risk-Driven Security and Resiliency
Cyber Strategy: Risk-Driven Security and Resiliency; By Carol A. Siegel and Mark Sweeney. Auerbach Publications; Routledge.com; 214 pages; $49.95.
In the world of team sports, great players do not guarantee a winning season. To be champions, players must work together effectively towards the same goal. In Cyber Strategy: Risk-Driven Security and Resiliency, authors Carol Siegel and Mark Sweeney give the reader a playbook, if you will, on how to approach information security, risk, and resilience.
A mistake frequently made within information security and operational risk is thinking that it is about the often-expensive hardware and software. But getting hardware and software running in the enterprise is only the beginning of the security journey, not the endgame. Having a strategy to make these enterprise systems work as designed is a serious endeavor that does not end when the installation is done.
In fact, that is only the beginning. It is crucial to bring all those technologies together within a single methodology—not a trivial endeavor for most organizations. And that is the problem this book attempts to solve.
The authors detail the many processes and stages needed to get such a strategy in place. As noted earlier, hardware and software are not the main factors in success, so the book does not dwell on them. Instead, this text helps the reader understand what business risks these technologies are supposed to protect and secure, and it focuses on risk within the organization, business goals, the performance of quantitative risk assessments, and more.
The final chapter provides downloadable checklists, tables, data flow diagrams, figures, and assessment tools that can be customized to a company’s specific needs. For organizations with no shortage of hardware and software but a lack of strategic direction, Cyber Strategy: Risk-Driven Security and Resiliency can serve as a valuable resource.
Reviewer: Ben Rothke, CISSP (Certified Information Systems Security Professional), is a senior information security specialist with Tapad, Inc.
