Cyber Risk Management: Prioritize Threats, Identify Vulnerabilities and Apply Controls

Great book, inclusive.

The task of securing critical information and services within an ever evolving technological and threat landscape is, to say the least, a significant challenge. Our users are sold a vision of Cloud being quick and easy to implement and cheap to boot, leaving the IT and Security function to deal with the associated delivery challenges.Within this context, this book provides a practical, well informed, frame of reference for use when navigating the security threats / challenges associated with technology driven Business Change. The book’s foundation is based upon real-world examples of both data breaches and battle-hardened learning. Risk Management, by its nature, is a constantly evolving process, this book offers the reader a lot of collateral that can drive this evolution.Be it SaaS, Pass, IaaS or FaaS, the opportunities that modern computing architectures offer are accompanied by a cornucopia of incumbent Threats, Threat Actors and Vulnerabilities. Since buying the book I have drawn from it heavily when designing security solutions that protect and enable ‘The Business’.Whether a seasoned Cyber professional; a novice embarking on a Cyber career path; or somebody on the business side wanting to gain an understanding of your current / future risk exposure this book offers a lot. For me it has proven a very good investment.

If you are looking for a book you can pick and get working from, then this is for you, whether you are daily new to the industry or more experienced. It gives you background, why now? Challenges and information about breaches. Tell you how to establish a security programme. In part 3 the author goes through who's targeting you, the types of events, vulnerabilities and controls. Finally, in part 4 is about cyber risk management.I like the 'Learning Outcomes' at the beginning of the chapters, and the real-world interviews by security professionals who are living this on a daily basis.Yes there are other books out there on this subject but in this book the author takes what can be quite a dry subject, brings it to life, gives you a pragmatic way to move forward, and a way that will go down well with your management, and the board.I enjoyed reading the book, and I've already gone back to it for reference already.

This book is ok but offers nothing new in relation to cybersecurity especially for the high price. Most of the content is accessible for free from publications and/or existing frameworks. The mind maps are ok but feel unfinished and rushed. Overall it’s an ok book for those new to cyber risk management however you can get the same content for free elsewhere.

The book has added a tremendous value for passing my CISSP exam today!! I’m so grateful for reading that book!