{"title":"谁对网络安全负责?","authors":"Gregory Falco, Eric Rosenbach","doi":"10.1093/oso/9780197526545.003.0005","DOIUrl":null,"url":null,"abstract":"The question “Who is responsible for cybersecurity?” addresses how cyber risk prevention and resilience is not a one-person show: it takes a village to reduce organizational cyber risk. A case study opens the chapter by examining the immense hack of Equifax and the company’s poor cyber leadership during and after the data breach. It details the importance of strong leadership and educates readers on achieving accountable leadership for cyber risk. Afterward, it teaches readers about an organization’s enterprise information security policy and outlines the components of a cybersecurity culture. Topics include transparency, accountability, appropriate system knowledge, compliance with policy and procedure, and formal communication channels. The chapter guides executives in budgeting and allocating resources to cyber risk management and explains third-party agreements for cyber risk. It also details the importance of cyber talent management. The chapter concludes with Rosenbach’s Embedded Endurance strategy experience with cyber risk leadership at the U.S. Department of Défense.","PeriodicalId":176943,"journal":{"name":"Confronting Cyber Risk","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-11-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Who Is Responsible for Cybersecurity?\",\"authors\":\"Gregory Falco, Eric Rosenbach\",\"doi\":\"10.1093/oso/9780197526545.003.0005\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The question “Who is responsible for cybersecurity?” addresses how cyber risk prevention and resilience is not a one-person show: it takes a village to reduce organizational cyber risk. A case study opens the chapter by examining the immense hack of Equifax and the company’s poor cyber leadership during and after the data breach. It details the importance of strong leadership and educates readers on achieving accountable leadership for cyber risk. Afterward, it teaches readers about an organization’s enterprise information security policy and outlines the components of a cybersecurity culture. Topics include transparency, accountability, appropriate system knowledge, compliance with policy and procedure, and formal communication channels. The chapter guides executives in budgeting and allocating resources to cyber risk management and explains third-party agreements for cyber risk. It also details the importance of cyber talent management. The chapter concludes with Rosenbach’s Embedded Endurance strategy experience with cyber risk leadership at the U.S. Department of Défense.\",\"PeriodicalId\":176943,\"journal\":{\"name\":\"Confronting Cyber Risk\",\"volume\":\"28 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-11-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Confronting Cyber Risk\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1093/oso/9780197526545.003.0005\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Confronting Cyber Risk","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1093/oso/9780197526545.003.0005","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
The question “Who is responsible for cybersecurity?” addresses how cyber risk prevention and resilience is not a one-person show: it takes a village to reduce organizational cyber risk. A case study opens the chapter by examining the immense hack of Equifax and the company’s poor cyber leadership during and after the data breach. It details the importance of strong leadership and educates readers on achieving accountable leadership for cyber risk. Afterward, it teaches readers about an organization’s enterprise information security policy and outlines the components of a cybersecurity culture. Topics include transparency, accountability, appropriate system knowledge, compliance with policy and procedure, and formal communication channels. The chapter guides executives in budgeting and allocating resources to cyber risk management and explains third-party agreements for cyber risk. It also details the importance of cyber talent management. The chapter concludes with Rosenbach’s Embedded Endurance strategy experience with cyber risk leadership at the U.S. Department of Défense.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
