Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Book Review: Cybersecurity Program Development for Business: The Essential Planning Guide
Many reports to business owners, executives and consumers on the subject of cybersecurity are prefaced with an array of statistics and news stories designed to induce fear and insecurity, while at the same time creating an awareness of the immediate need for action. While this approach can be effective at expressing the seriousness of the subject matter and opening the door to a dialogue, it's really less of a conversation than a sales pitch unless both sides have a requisite understanding of the issues, terminology and reasonable objectives they should be seeking.
Focusing on the commercial side, the problem is that while many business owners and executives understand that a data security problem/need exists, they do not have a baseline fluency in the concepts and alphabet soup that comprise the language of digital information security. Beyond that, they further do not comprehend other critical basics, such as: what are a business' digital assets; who and what are the cybercriminals they should fear; what are a business' vulnerabilities; and what are the practical options and strategies to protect against and rebound from a cyber attack.
To this extent, Chris Moschovitis' new book is an effective cybersecurity primer for the management community. It's not designed to transform a businessperson into a CISO, but it will help recognize the need to employ a CISO and what to look for when hiring one. The book will help identify, define and explain what an effective, practical and maintainable defensive strategy should look and feel like. This includes the appropriate controls for preventing, detecting, correcting or compensating against cyber risk as well as identifying and categorizing the various types of risk. In addition, the book works the reader through the necessary elements of an incident response plan.
Is this a comprehensive executive guide to cybersecurity? No. The book leaves out plenty and perhaps over-explains some basics at the expense of other important topics. For example, Moschovitis doesn't get into such matters as cyber insurance, which is probably a book of its own, but a chapter on the basics would have been helpful — at least enough information to establish a working knowledge of the essential terms and pitfalls for the unwary.
Nevertheless, Moschovitis does do an effective job of opening up the door to his cybersecurity workshop and walking the reader through the basic tools, describing and defining what they are and how they work. He describes the various systems in play, which individuals should properly be responsible for their administration, and how they can best use the tools at their disposal. In short, the book serves as its own tool for executives to understand the basic cybersecurity concepts and presents them with a sufficient basis and perspective to be able to make informed decisions about their companies' digital security.
Perhaps the greatest challenge in producing a practical primer of this nature lies in the author's ability to present real-world business and work-culture difficulties in relatable terms. One of Moschovitis' more effective techniques is his use of detailed case studies. These accounts walk the reader through various challenges and provide step-by-step discussions of the corrective steps taken, the results achieved and the lessons learned. The case studies are not self-congratulatory or promotional accounts, but rather useful mechanisms to illustrate Moschovitis' points in a way that should resonate with senior staff.
Ultimately, no one expects a business owner or executive to be cybersecurity expert, but in today's digital environment, they must be at least conversant in the nomenclature, as well as be able to grasp key cybersecurity issues and vulnerabilities. While there is no need for a business executive to have the dozens of security-specific acronyms available at the tip of their tongue, they should be able to identify and relate to the ones appropriate to their individual business environments. Reading Moschovitis' book and making a few notes will go a long way to helping the reader engage in meaningful and intelligent conversations about cybersecurity.
Cybersecurity Program Development for Business: The Essential Planning Guide
By Chris Moschovitis Wiley. ISBN: 9781119429517 (Hardcover)
*****
Adam Schlagman is the Editor-in-Chief of Cybersecurity Law & Strategy.
This premium content is locked for Entertainment Law & Finance subscribers only
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
- Stay current on the latest information, rulings, regulations, and trends
- Includes practical, must-have information on copyrights, royalties, AI, and more
- Tap into expert guidance from top entertainment lawyers and experts
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
'Huguenot LLC v. Megalith Capital Group Fund I, L.P.': A Tutorial On Contract Liability for Real Estate Purchasers
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
CoStar Wins Injunction for Breach-of-Contract Damages In CRE Database Access Lawsuit
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.