The Definitive Cybersecurity Guide

for Directors and Officers

Get cutting-edge insight to help safeguard your organization from today’s most sophisticated cyberthreats.

More About the Book

  • Our Mission

    Navigating the Digital Age serves as a guidepost on the path to cybersecurity risk management best practice with practical expert advice on issues like business enablement, breach avoidance and response, and compliance.

  • The Source

    This book serves as an anthology of cybersecurity with chapters from CEOs, CISOs, lawyers, forensic experts, consultants, academia and current and former government officials

  • The Cybersecurity Focus

    "The reason cybersecurity is ingrained in news cycles and receives extraordinary investments and focus from businesses and governments around the world, is the growing realization that these breaches are putting our very digital lifestyle at risk.” – Mark McLaughlin, CEO Palo Alto Networks

  • It's a Business Issue

    “With the ability to shatter a company’s reputation with their customers and draw criticism from shareholders, lawsuits from impacted parties, and attention from the media, the threat of cyber risk is ubiquitous and insidious.” - Tom Farley, President of the New York Stock Exchange

Explore by Chapters

Introductions

The Cyber Threat in the Digital Age

 

  1. Introduction

    INTRODUCTION

    NYSE Group — Tom Farley, President

  2. Foreword

    FOREWORD

    Visa Inc. — Charles W.Scharf, Chief Executive Officer

  3. chapter 1

    PREVENTION: CAN IT BE DONE?

    Palo Alto Networks — Mark McLaughlin, CEO

  4. chapter 2

    THE THREE Ts OF THE CYBER ECONOMY

    The Chertoff Group - Michael Chertoff Executive Chairman and Former United States Secretary of Homeland Security
    The Chertoff Group - Jim Pflaging Principal

  5. chapter 4

    INVESTORS’ PERSPECTIVES ON CYBER RISKS: IMPLICATIONS FOR BOARDS

    Institutional Shareholder Services Inc. - Martha Carter ISS Global Head of Research
    Institutional Shareholder Services Inc. - Patrick McGurn Executive Director and Special Counsel

  6. chapter 5

    TOWARD CYBER RISKS MEASUREMENT

    Barclays - Elena Kvochko Head of Global Information Security Strategy and Implementation
    World Economic Forum - Danil Kerimi Director, Center for Global Industries

  7. chapter 6

    THE EVOLVING CYBERTHREAT AND AN ARCHITECTURE FOR ADDRESSING IT

    Internet Security Alliance — Larry Clinton, CEO

  8. chapter 7

    EFFECTIVE CYBER RISK MANAGEMENT: AN INTEGRATED APPROACH

    Robert Brese, Individual Contributor

I.

Cyber risks and the Board of directors

 

  1. chapter 08

    THE RISKS TO BOARDS OF DIRECTORS AND BOARD MEMBER OBLIGATIONS

    Orrick, Herrington & Sutcliffe LLP — Antony Kim, Partner

  2. chapter 09

    WHERE CYBERSECURITY MEETS CORPORATE SECURITIES: THE SEC’S PUSH TO REGULATE PUBLIC COMPANIES’ CYBER DEFENSES AND DISCLOSURES

    Fish & Richardson P.C. — Gus Coldebella, Principal

  3. Chapter 10

    A CYBERSECURITY ACTION PLAN FOR CORPORATE BOARDS

    National Association of Corporate Directors - Ken Daly Chief Executive Officer
    Internet Security Alliance - Larry Clinton CEO

  4. Chapter 11

    ESTABLISHING A BOARD-LEVEL CYBERSECURITY REVIEW BLUEPRINT

    Stroz Friedberg LLC — Erin Nealy Cox, Executive Managing Director

  5. chapter 12

    DEMYSTIFYING CYBERSECURITY STRATEGY AND REPORTING: HOW BOARDS CAN TEST ASSUMPTIONS

    Dell SecureWorks — Michael R. Cote, Chief Executive Officer

II.

Cyber risk corporate structure

 

  1. Chapter 13

    THE CEO’S GUIDE TO DRIVING BETTER SECURITY BY ASKING THE RIGHT QUESTIONS

    Palo Alto Networks — Davis Hake, Director of Cybersecurity Strategy

  2. chapter 14

    ESTABLISHING THE STRUCTURE, AUTHORITY, AND PROCESSES TO CREATE AN EFFECTIVE PROGRAM

    Coalfire — Larry Jones, Chief Executive Officer

III.

Cybersecurity legal and regulatory considerations

 

  1. chapter 15

    SECURING PRIVACY AND PROFIT IN THE ERA OF HYPERCONNECTIVITY AND BIG DATA

    Booz Allen Hamilton — Bill Stewart, Executive Vice President

  2. chapter 16

    OVERSIGHT OF COMPLIANCE AND CONTROL RESPONSIBILITIES

    BuckleySandler LLP — Elizabeth E. McGinn, Partner

  3. chapter 17

    RISKS OF DISPUTES AND REGULATORY INVESTIGATIONS RELATED TO CYBERSECURITY MATTERS

    Baker & McKenzie — David C. Lashway, Partner

  4. chapter 18

    LEGAL CONSIDERATIONS FOR CYBERSECURITY INSURANCE

    K&L Gates LLP — Roberta D. Anderson, Partner

  5. chapter 19

    CONSUMER PROTECTION: WHAT IS IT?

    Wilson Elser Moskowitz Edelman & Dicker LLP — Melissa Ventrone, Partner

  6. Chapter 20

    PROTECTING TRADE SECRETS IN THE AGE OF CYBERESPIONAGE

    Fish & Richardson P.C. — Gus Coldebella, Principal

  7. chapter 21

    CYBERSECURITY DUE DILIGENCE IN M&A TRANSACTIONS: TIPS FOR CONDUCTING A ROBUST AND MEANINGFUL PROCESS

    Latham & Watkins LLP — Jennifer Archie, Partner

  8. chapter 22

    INTERNATIONAL INFLECTION POINT—COMPANIES, GOVERNMENTS, AND RULES OF THE ROAD

    Kaye Scholer LLP — Adam Golodner, Partner

  9. chapter 23

    MANAGING THIRD-PARTY LIABILITY USING THE SAFETY ACT

    Pillsbury Winthrop Shaw Pittman LLP — Brian Finch, Partner

  10. chapter 24

    COMBATING THE INSIDER THREAT: REDUCING SECURITY RISKS FROM MALICIOUS AND NEGLIGENT EMPLOYEES

    Littler Mendelson P.C. — Philip L. Gordon, Co-Chair, Privacy and Background Checks Practice Group

IV.

Comprehensive approach to cybersecurity

 

  1. Chapter 25

    DEVELOPING A CYBERSECURITY STRATEGY: THRIVE IN AN EVOLVING THREAT ENVIRONMENT

    Booz Allen Hamilton — Bill Stewart, Executive Vice President

  2. Chapter 26

    DESIGNING A CYBER FUSION CENTER: A UNIFIED APPROACH WITH DIVERSE CAPABILITIES

    Booz Allen Hamilton — Bill Stewart, Executive Vice President

V.

Design best practices

 

  1. Chapter 27

    WHAT ARE THEY AFTER? A THREAT-BASED APPROACH TO CYBERSECURITY RISK MANAGEMENT

    Intercontinental Exchange & New York Stock Exchange — Jerry Perullo, CISO

  2. Chapter 28

    BREAKING THE STATUS QUO: DESIGNING FOR BREACH PREVENTION

    Palo Alto Networks — Davis Hake, Director of Cybersecurity Strategy

VI.

Cybersecurity beyond your network

 

  1. Chapter 29

    SUPPLY CHAIN AS AN ATTACK CHAIN

    Booz Allen Hamilton — Bill Stewart, Executive Vice President

  2. Chapter 30

    MANAGING RISK ASSOCIATED WITH THIRD-PARTY OUTSOURCING

    Covington & Burling LLP — David N. Fagan, Partner

  3. Chapter 31

    A NEW LOOK AT AN OLD THREAT IN CYBERSPACE: THE INSIDER

    Delta Risk LLC — Thomas Fuhrman, President

  4. Chapter 32

    THE INTERNET OF THINGS

    The Chertoff Group — Mark Weatherford, Principal

VII

Incident response

 

  1. chapter 33

    WORKING WITH LAW ENFORCEMENT IN CYBER INVESTIGATIONS

    U.S. Department of Justice - CCIPS Cybersecurity Unit

  2. Chapter 34

    PLANNING, PREPARATION, AND TESTING FOR AN ENTERPRISE-WIDE INCIDENT RESPONSE

    Booz Allen Hamilton — Jason Escaravage, Vice President

  3. Chapter 35

    DETECTION, ANALYSIS, AND UNDERSTANDING OF THREAT VECTORS

    Fidelis Cybersecurity — Jim Jaeger, Chief Cyber Strategist

  4. Chapter 36

    FORENSIC REMEDIATION

    Fidelis Cybersecurity — Jim Jaeger, Chief Cyber Strategist

  5. Chapter 37

    LESSONS LEARNED—CONTAINMENT AND ERADICATION

    Rackspace Inc. — Brian Kelly, Chief Security Officer

  6. Chapter 38

    CYBER INCIDENT RESPONSE

    BakerHostetler — Theodore J. Kobus, Partner and Co-Leader, Privacy and Data Protection

  7. Chapter 39

    COMMUNICATING AFTER A CYBER INCIDENT

    Sard Verbinnen & Co — Scott Lindlaw, Principal

VIII

Cyber risk management investment decisions

 

  1. Chapter 40

    OPTIMIZING INVESTMENT TO MINIMIZE CYBER EXPOSURE

    Axio Global — Scott Kannry, Chief Executive Officer


  2. Chapter 41

    INVESTMENT IN CYBER INSURANCE

    Lockton Companies Inc. — Ben Beeson, Senior Vice President, Cybersecurity Practice

IX

Cyber risk and workforce development

 

  1. Chapter 42

    CYBER EDUCATION: A JOB NEVER FINISHED

    NYSE Governance Services — Adam Sodowick, President

  2. Chapter 43

    COLLABORATION AND COMMUNICATION BETWEEN TECHNICAL AND NONTECHNICAL STAFF, BUSINESS LINES AND EXECUTIVES

    Wells Fargo & Company — Rich Baich, Chief Information Security Officer

  3. Chapter 44

    Cybersecurity readiness through workforce development

    Booz Allen Hamilton — Lori Zukin, Principal

  4. Chapter 45

    BUILDING A CYBER-SAVVY BOARD

    Korn Ferry — Jamey Cummings, Senior Client Partner

  5. Chapter 46

    EVALUATING AND ATTRACTING YOUR NEXT CISO: MORE SOPHISTICATED APPROACHES FOR A MORE SOPHISTICATED ROLE

    Egon Zehnder — Kal Bittianda, Consultant

Get the Book