Professional Documents
Culture Documents
review
Transforming Cybersecurity
Transforming Cybersecurity, published by ISACA®, The day-to-day business of cyber security is IT-
should be read in the context of COBIT® 5 for centric, and COBIT 5 can help senior management
Information Security and the COBIT® 5 framework. support and budget the implementation of
Transforming Cybersecurity is a useful handbook cyber security strategies. The financial impact of
for any cyber security practitioner, information cybercrime justifies rethinking cyber security. This
security manager (ISM) or IT auditor. The book book describes the legal and regulatory impacts, in
explains that cyber security is a management task addition to societal impacts, of cybercrime in detail.
and encompasses all that protects enterprises It is also important to identify systemic weaknesses
and individuals from attacks and breaches in to understand how attacks and security breaches
a connected environment. The governance, happen. The book provides a list of typical threats,
management, and assurance of vulnerabilities and risk, which is very
cyber security are iterative and useful for security practitioners.
evolving processes.
Transforming Cybersecurity explains
The focus of cyber security the risk-based categorization of
should be on advanced persistent organizational controls, social
threats (APTs), cyberwarfare and controls, technical controls and
the impact on individuals. The process controls, along with the
tasks and responsibilities linked COBIT 5 processes that apply
to cyber security are essential to cyber security. Attack and
for an organization’s survival and incident data should be treated
profitability. The integration of these as learning materials and not just
tasks with COBIT would enable forensic evidence. Past attacks and
enterprises and individuals to incidents should be analyzed and
harmonize security strategies in a systematic way. integrated into the risk management process.
Among the types of risk discussed in this book
Transforming Cybersecurity discusses the preparing, are organizational design and structural risk;
investigating, responding and transforming (PIRT) governance, compliance and control risk; cultural
security life cycle approach along with the approach risk; social risk; people risk; risk associated with
to transform organizational security to strengthen human factors and all forms of technical risk.
defenses and integrate cyber security with security
governance, risk and compliance management. The publication also explains developing a business
Transforming Cybersecurity discusses various threats case for a cyber security governance framework
such as APTs, cyberwarfare, political activism and and the application of the five COBIT 5 Principles
damage to reputation. for better cyber security governance. COBIT® 5
for Information Security provides a general catalog
of information security principles, which are
Reviewed by Ravi Ayappa, Ph.D., CISA, CRISC, CISM, enumerated in detail in Transforming Cybersecurity.
who is currently a principal security consultant with Cognizant Technology
Solutions based in the United States. Over the last 20 years of his career, he A cyber security policy should give a sense of
has worked in the domains of governance, risk and compliance consulting,
direction and mission rather than outlining any
Internet of Things security, infrastructure security, application security,
lower-level management practices and activities.
business continuity planning and disaster recovery, and information and
communications technology security in Asia, Europe and the United States This book details the components of a cyber
across various industries and the military. He is also a voluntary instructor security policy along with the cyber security
for certification courses at the ISACA® Detroit (Michigan, USA) Chapter. management processes across COBIT 5. Even
though cyber security forms part of a corporate