Title Cyber Risk Management
Subtitle Prioritize Threats, Identify Vulnerabilities and Apply Controls
Author Christopher J Hodson
ISBN 9780749484125
List price GBP 39.99
Price outside India Available on Request
Original price
Binding Paperback
No of pages 416
Book size 152 x 228 mm
Publishing year 2019
Original publisher Kogan Page Limited
Published in India by .
Exclusive distributors Viva Books Private Limited
Sales territory India, Sri Lanka, Bangladesh, Pakistan, Nepal, .
Status New Arrival
About the book Send Enquiry


“One of the most informative books currently on the market that demystifies the risk management process surrounding cyber security. Chris uses up-to-date case studies to highlight the most important aspects of cyber risk, informing the reader of current best practices within industry, how to implement it within your company and ultimately how you can keep your business safe against the growing number of cyber threats out there.”

Tom Huckle, Head Of Cyber Training And Development, Crucial Academy


“Written in an extremely accessible style and covering issues of vital importance to today’s organisations, Cyber Risk Management offers a valuable resource for a managers and scholars looking to understand more about the topic, as well as for cyber security professionals seeking an experience-based account of the issues they are likely to be facing.”

Steven Furnell, Professor of Information Security, University of Plymouth


Cyber Risk Management is extremely well researched and provides the reader with a simple to follow, guided journey through the cyber issues we face and the approaches we should be taking to cope with them. The pragmatic style demystifies complex issues making this a great read for both experienced security professionals and non-professionals alike.”

––Amanda Finch, CEO, Institute of Information Security Professionals


“An approachable resource that combines Chris’s considerable business acumen and life experiences with risk management approaches and frameworks. This book will help executives and techies alike find common ground as they handle today’s cybersecurity challenges.”

James Stanger, Chief Technology Evangelist, CompTIA


“The approach Chris suggests is sensible, methodical, and pragmatic, everything you want when running security for a business.”

James Freestone, Deputy Chief Information Security Officer, Informa


“A thoroughly enjoyable and insightful book that provides a well-rounded perspective into the interconnected world of cyber-risk management. The breadth of knowledge and the wonderful similes used to breakdown complex ideas show that Chris clearly knows his stuff!”

Atif Rafiq, Chief information Security Officer, Quantexa


Most organizations are undergoing a digital transformation of some sort and are looking to embrace innovative technology, but new ways of doing business inevitably lead to new threats which can cause irreparable financial, operational and reputational damage. In an increasingly punitive regulatory climate, organizations are also under pressure to be more accountable and compliant. Cyber Risk Management clearly explains the importance of implementing a cyber security strategy and provides practical guidance for those responsible for managing threat events, vulnerabilities and controls, including malware, data leakage, insider threat and Denial-of-Service.

Examples and use cases including Yahoo, Facebook and TalkTalk, add context throughout and emphasize the importance of communicating security and risk effectively, while implementation review checklists bring together key points at the end of each chapter. Cyber Risk Management analyzes the innate human factors around risk and how they affect cyber awareness and employee training, along with the need to assess the risks posed by third parties. Including an introduction to threat modelling, this book presents a data-centric approach to cyber risk management based on business impact assessments, data classification, data flow modelling and assessing return on investment. It covers pressing developments in artificial intelligence, machine learning, big data and cloud mobility, and includes advice on responding to risks which are applicable for the environment and not just based on media sensationalism.


About the author

List of contributors




PART ONE: Contextualizing cybersecurity risk

Chapter 1: Why now? The only constant is change • Digital transformation and the relevance of a digital strategy • Characteristics of a disruptive company • References

Chapter 2: Technologies and security challenges • The security of new technologies • Data science • References

Chapter 3: Data breaches • Important breaches • Breach response • References


PART TWO: Cybersecurity programme management

Chapter 4: What are cybersecurity and cybercrime? • Cybersecurity backdrop • Cyber-attacks, attribution and cybersecurity • References

Chapter 5: Establishing a cybersecurity programme • The security function • The cyber programme structure and objectives • References


PART THREE: Actors, events and vulnerabilities

Chapter 6: Threat actors • Actor DNA • The CIA triad and actor objectives • Threat actor attributes • Motivations for threat actors • References

Chapter 7: Threat events • Threat event DNA • Malicious threat events • Accidental threat events • Threat modelling • References

Chapter 8: Vulnerabilities • Vulnerabilities in technology • Vulnerabilities in people • Vulnerabilities in process • Finding vulnerabilities: security testing and assurance • References

Chapter 9: Controls • What is a control? • Common controls: people • Common controls: process • Common controls: technology • References


PART FOUR: Conclusion: the cybersecurity risk equation explained

Chapter 10: Cyber risk management: a conclusion • What is risk? • Performing a risk assessment • Risk frameworks • Information classification • References


About the Author:

Christopher J Hodson is Chief Information Security Officer (CISO), EMEA at Tanium. He has 18 years’ experience across the financial, retail, energy and media industry sectors and was previously CISO, EMEA and Data Protection Officer at Zscaler. He holds an MSc in Cyber Security from Royal Holloway and retains an active role in the Infosec industry through directorship of the Institute of Information Security Professionals (IISP) and membership of CompTIA’s Cyber Security Committee.

Target Audience:

This book is useful for managers and scholars looking to understand more about the topic, as well as for cyber security professionals seeking an experience-based account of the issues they are likely to be facing.

Special prices are applicable to the authorised sales territory only.
Prices are subject to change without prior notice.