1.1 Defining Cybersecurity
1.2 Cybersecurity is a Business Imperative
1.3 Cybersecurity is an Executive-Level Concern
1.4 Questions to Ask
1.5 Views of Others
1.6 Cybersecurity is a Full-Time Activity
Chapter 2.0 WHY BE CONCERNED?
2.1 A Classic Hack
2.2 Who Wants Your Fortune?
2.3 Nation-State Threats
2.4 Cybercrime is Big Business
2.5 Summary
Chapter 3.0 MANAGING RISK
3.1 Who Owns Risk in Your Business?
3.2 What are Your Risks?
3.3 Calculating Your Risk
3.4 Communicating Risk
3.5 Organizing for Success
3.6 Summary
Chapter 4.0 BUILD YOUR STRATEGY
4.1 How Much “Cybersecurity” Do I Need?
4.2 The Mechanics of Building Your Strategy
4.3 Avoiding Strategy Failure
4.4 Ways to Incorporate Cybersecurity into Your Strategy
4.5 Plan For Success
4.6 Summary
Chapter 5.0 Plan for Success
5.1 Turning Vision into Reality
5.2 Policies Complement Plans
5.3 Procedures Implement Plans
5.4 Exercise Your Plans
5.5 Legal Compliance Concerns
5.6 Auditing
5.7 Summary
Chapter 6.0 CHANGE MANAGEMENT
6.1 Why Managing Change is Important
6.2 When to Change?
6.3 What is Impacted by Change?
6.4 Change Management and Internal Controls
6.5 Change Management as a Process
6.6 Best Practices in Change Management
6.7 Summary
Chapter 7.0 PERSONNEL MANAGEMENT
7.1 Finding the Right Fit
7.2 Creating the Team
7.3 Establishing Performance Standards
7.4 Organizational Considerations
7.5 Training for Success
7.6 Special Considerations for Critical Infrastructure Protection
7.7 Summary
Chapter 8.0 PERFORMANCE MEASURES
8.1 Why Measure?
8.2 What to Measure?
8.3 Metrics and the C-Suite
8.4 The Executive Cybersecurity Dashboard
8.5 Summary
Chapter 9.0 WHAT TO DO WHEN YOU GET HACKED
9.1 Hackers Already Have You Under Surveillance
9.2 Things to do Before it’s Too Late: Preparing for the Hack
9.3 What to do When Bad Things Happen: Implementing Your Plan
9.4 Foot Stompers
9.5 Fool Me Once
9.6 Summary
10.0 BOARDROOM INTERACTIONS
Appendix A: Policies
Appendix B: General Rules for Email Etiquette: Sample
Training Handout
Glossary
Select Bibliography
Index