Drawing upon a wealth of experience from academia, industry, and government service, Cyber Security Policy Guidebook details and dissects, in simple language, current organizational cyber security policy issues on a global scaletaking great care to educate readers on the history and current approaches to the security of cyberspace. It includes thorough descriptionsas well as the pros and consof a plethora of issues, and documents policy alternatives for the sake of clarity with respect to policy alone. The Guidebook also delves into organizational implementation issues, and equips readers with descriptions of the positive and negative impact of specific policy choices.Inside are detailed chapters that:Explain what is meant by cyber security and cyber security policyDiscuss the process by which cyber security policy goals are setEducate the reader on decision-making processes related to cyber securityDescribe a new framework and taxonomy for explaining cyber security policy issuesShow how the U.S. government is dealing with cyber security policy issuesWith a glossary that puts cyber security language in layman's termsand diagrams that help explain complex topicsCyber Security Policy Guidebook gives students, scholars, and technical decision-makers the necessary knowledge to make informed decisions on cyber security policy.
Cited By
Althonayan A and Andronache A Shifting from Information Security towards a Cybersecurity Paradigm Proceedings of the 2018 10th International Conference on Information Management and Engineering, (68-79)- LeClair J, Abraham S and Shih L An Interdisciplinary Approach to Educating an Effective Cyber Security Workforce Proceedings of the 2013 on InfoSecCD '13: Information Security Curriculum Development Conference, (71-78)
Index Terms
- Cyber Security Policy Guidebook
Recommendations
Government regulations in cyber security: Framework, standards and recommendations
AbstractCyber security refers to the protection of Internet-connected systems, such as hardware, software as well as data (information) from cyber attacks (adversaries). A cyber security regulation is needed in order to protect information ...
Highlights- We list and discuss the cyber attacks, security requirements and measures. We then discuss the cyber security incident management framework and its various ...
Security policy compliance with violation management
FMSE '07: Proceedings of the 2007 ACM workshop on Formal methods in security engineeringA security policy of an information system is a set of security requirements that correspond to permissions, prohibitions and obligations to execute some actions when some contextual conditions are satisfied. Traditional approaches consider that the ...
Reviews
Eric Wayne Yocam
The authors of this guidebook provide a necessary foundation for the cyber security policy decision maker, including an analysis of how legislation mandates the need for policy. The book explores the policy drivers within a given cyber security environment, the challenges behind developing policy statements that meet identified needs, and the tradeoffs used to translate cyber security strategy into policy. In general terms, a policy can be thought of as representing a high-level objective of some kind. Policy specifies the statements necessary to meet a high-level objective in a particular strategy. In cyberspace, this high-level objective is to identify assessed risks that will drive the creation and implementation of strategic policy. Cyber security policy involves formal statements of what will and will not be done by people and systems within an organization or government in support of a particular strategy. A cyber security policy decision maker can think of policy as statements of simple rules, rather than mere suggestions or guidelines with the choice to follow or not. As with any rule, these must be written in clear, understandable, and enforceable language. Security policy writers can craft effective policies by asking five questions: who, what, where, when, and why. The authors present these foundational aspects of policy, statements, and strategy in a very concise and complete guidebook for policy decision makers to leverage when navigating the cyber security landscape. In chapters 1 to 3, the authors describe the relationships among cyberspace, cyber security, and cyber security policy. This section outlines the challenges of security controls in cyberspace, and establishes an approach for measuring the effectiveness of security. Chapters 4 to 6 discuss cyber security strategy, examine policy issues, and build on the concepts and definitions in previous chapters to lay out the environment faced by decision makers. In the remaining chapters (7 and 8), the authors revisit and chronicle the efforts of the US government to align cyber security strategy and policy from the perspective of historical events, and emphasize the links between objectives and challenges facing policy decision makers. I recommend this book for cyber security policy decision makers, as well as readers looking to enhance their existing understanding of cyber security policy. The authors emphasize the benefits of asking the five simple foundational questions: who, what, where, when, and why. This very readable and organized guidebook equips readers with a consistent methodology for turning their answers to those questions into cyber security policy. Online Computing Reviews Service
Access critical reviews of Computing literature here
Become a reviewer for Computing Reviews.