Cybersecurity for the Enterprise

Take an evidence-based approach to cybersecurity control design

A call to action for enterprises to demand a modern, data-driven approach to cybersecurity, Cybersecurity for the Enterprise: How to Design a Security Policy with Evidence-Based Methods delivers a how-to guide for the design and implementation of a modern security policy in an enterprise firm that’s based on empirical research instead of current industry consensus alone. It introduces techniques to critically review available research and evaluate the credibility of the findings as the basis for control selection.

The author explains how to structure a streamlined policy and differentiate between policy statements based on data and those based on industry habit. He explores the measurement of the efficacy of controls and provides practical demonstrations of how to justify evidence-based policies to internal and external stakeholders. The book also includes:

• Templates with policy language that maximize impact on the typical employee
• Reviews of current research that challenge the status quo and evolve industry best practices
• Highlights of areas in conventional security policy and industry standards that lack empirical support
• An efficient lens for how to prioritize what really matters in a security policy and how to ignore irrelevant “noise”

Ideal for information security executives, managers, and other leaders, Cybersecurity for the Enterprise is an essential blueprint for maximizing the impact of practical research and creating a security infrastructure based on real-world evidence.