Enterprise Cybersecurity empowers organizations of all sizes to defend themselves with next-generation cybersecurity programs against the escalating threat of modern targeted cyberattacks. This book presents a comprehensive framework for managing all aspects of an enterprise cybersecurity program. It enables an enterprise to architect, design, implement, and operate a coherent cybersecurity program that is seamlessly coordinated with policy, programmatics, IT life cycle, and assessment. A Study Guide, containing slides to accompany the book, is also available.
Enterprise Cybersecurity presents a unified framework for managing all aspects of an enterprise cybersecurity program's people, technology, and operations. This framework spans policy, people, budget, technology, strategy, engineering, operations, and assessment. We believe it is the first fully unified cybersecurity framework to be documented and publicly disclosed. This framework has been used successfully at Fortune 500 companies to manage cyberdefenses against nation-state attackers, cyber criminals, and other advanced attackers.
At the heart of Enterprise Cybersecurity is the concept that cyberdefenses must be integrated with the organization's IT infrastructure, and layered to provide redundancy in protection. Rather than striving for perfection, organizations should seek to define "good enough" cybersecurity, and then rely on visibility, metrics indicators, and an active defense to guide their cyberdefense efforts where such efforts are most needed. Blindly trying to "protect everything" without any visibility into whether your protections are working is not going to cut it.