1 Cover
2 Foreword Foreword Directors and executives are now at the heart of cybersecurity issues. This is my conviction; this is my experience gained by launching one of the first cybersecurity companies in 2005 and by meeting many executives. This is my conviction as the director of a defense company that is particularly exposed to these risks, as well as active in the development of new protection strategies. Let us make this expertise a driving force for differentiating our companies and France as a safe place to do business. This is where this book written by Marie de Fréminville takes on its full importance. It brings together five years of work and exchanges between experts and leaders, between the State and industrial actors who forge our conviction that the issue of cybersecurity can no longer remain confined to the circles of geeks, but that it has become a real issue of economic resilience. The issue is obviously much broader, and corporate governance must address it in all its dimensions: economic resilience, vulnerability of extended business strategies, customer protection, human issues, infrastructure development, insurance policy, crisis management, etc. The general management and its board of directors must not only be aware of this, but must also each act according to its own responsibility, in order to set up the necessary organizations, risk governance, as well as the company’s protection systems. It is this “call to consciences” that must resonate with the reader, who must then find appropriate solutions: this book will provide you with possible solutions and will enlighten you on the risks to be taken into account to inform your decisions. As they say in the shift changeover: now it’s up to you to take care of it… Hervé GUILLOU President and Chief Executive Officer Naval Group
3 Preface
4 Introduction
5 1 An Increasingly Vulnerable World1.1. The context 1.2. Cybercrime 1.3. The cybersecurity market 1.4. Cyber incidents 1.5. Examples of particularly exposed sectors of activity 1.6. Responsibilities of officers and directors
6 2 Corporate Governance and Digital Responsibility2.1. Corporate governance and stakeholders 2.2. The shareholders 2.3. The board of directors 2.4. Customers and suppliers 2.5. Operational management
7 3 Risk Mapping3.1. Cyber-risks 3.2. The context 3.3. Vulnerabilities 3.4. Legal risks 3.5. The objectives of risk mapping 3.6. The different methods of risk analysis 3.7. Risk assessment (identify) 3.8. Protecting 3.9. Detecting 3.10. Reacting 3.11. Restoring 3.12. Decentralized mapping 3.13. Insurance 3.14. Non-compliance risks and ethics
8 4 Regulations4.1. The context 4.2. The different international regulations (data protection) 4.3. Cybersecurity regulations, the NIS Directive 4.4. Sectoral regulations 4.5. The General Data Protection Regulation (GDPR) 4.6. Consequences for the company and the board of directors
9 5 Best Practices of the Board of Directors 5.1. Digital skills 5.2. Situational awareness 5.3. Internal governance 5.4. Data protection 5.5. Choosing your service providers 5.6. The budget 5.7. Cyberculture 5.8. The dashboard for officers and directors
10 6 Resilience and Crisis Management6.1. How to ensure resilience? 6.2. Definition of a CERT 6.3. Definition of a SOC 6.4. The role of ENISA 6.5. The business continuity plan 6.6. Crisis management 6.7. Crisis simulation
11 Conclusion: The Digital Committee
12 Appendices Appendix 1: Cybersecurity Dashboard Appendix 2: Ensuring Cybersecurity in Practice and on a Daily Basis Appendix 3: Tools to Identify, Protect, Detect, Train, React and Restore
13 Glossary
14 References
15 Index
16 End User License Agreement
1 Chapter 1 Table 3.1. 2017 World Economic Forum Risk Framework
1 Chapter 1Figure 1.1. The impact of digital transformation on the security of information ...Figure 1.2. History (source: Starboard Advisory)Figure 1.3. The five different types of attacks that companies face each year (s...Figure 1.4. Still a very high rate of companies affected by cyber-attacks (sourc...
2 Chapter 2Figure 2.1. The four missions of the board of directors (source: Starboard Advis...Figure 2.2. Civil and criminal liability of executives (source: Starboard Adviso...Figure 2.3. Background: CISOs are not very confident in the ability of their COM...Figure 2.4. Cyber-risk governance (source: Starboard Advisory)
3 Chapter 3Figure 3.1. History: the greater impact of cyber-attacks on the business of targ...Figure 3.2. Cyber-risk: a business risk (source: Naval Group)Figure 3.3. The interconnectivity of IT domains (source: Naval Group). For a col...Figure 3.4. Security breaches, the most striking feature of IoTs (source: accord...Figure 3.5. Companies are increasingly subscribing to cyber insurance (source: a...
4 Chapter 4Figure 4.1. Complying with the GDPR (source: Starboard Advisory). For a color ve...
5 Chapter 5Figure 5.1. Employees who are aware of cybersecurity, but who are not very invol...Figure 5.2. Most companies store at least some of their data in a cloud… most of...Figure 5.3. Companies deploy more than a dozen cybersecurity solutions on averag...Figure 5.4. Human intervention remains necessary in the eyes of CISOs (source: a...Figure 5.5. To secure data stored in a public cloud, the CISO does not only use ...
6 Chapter 6Figure 6.1. Preparing for a major cyber-attack: less than one in two companies f...Figure 6.2. Cyber resilience (source: Starboard Advisory)
1 Cover
2 Table of Contents
3 Begin Reading
1 v
2 iii
3 iv
4 xi
5 xii
6 xiii
7 xiv
8 xv
9 xvii
10 xviii
11 xix
12 xx
13 xxi
14 1
15 2
16 3
17 4
18 5
19 6
20 7
21 8
22 9
23 10
24 11
25 12
26 13
27 14
28 15
29 16
30 17
31 18
32 19
33 20
34 21
35 22
36 23
37 24
38 25
39 26
40 27
41 28
42 29
43 30
44 31
45 32
46 33
47 34
48 35
49 36
50 37
51 38
52 39
53 40
54 41
55 42
56 43
57 44
58 45
59 46
60 47
61 48
62 49
63 50
64 51
65 52
66 53
67 54
68 55
69 56
70 57
71 58
72 59
73 60
74 61
75 62
76 63
77 64
78 65
79 66
80 67
81 68
82 69
83 70
84 71
85 72
86 73
87 74
88 75
89 76
90 77
91 78
92 79
93 80
94 81
95 82
96 83
97 84
98 85
99 86
100 87
101 88
102 89
103 90
104 91
105 92
106 93
107 94
108 95
109 96
110 97
111 99
112 100
113 101
114 102
115 103
116 104
117 105
118 106
119 107
120 108
121 109
122 110
123 111
124 112
125 113
126 114
127 115
128 116
129 117
130 118
131 119
132 120
133 121
134 122
135 123
136 124
137 125
138 126
139 127
140 128
141 129
142 130
143 131
144 132
145 133
146 134
147 135
148 136
149 137
150 138
151 139
152 140
153 141
154 142
155 143
156 144
157 145
158 146
159 147
160 148
161 149
162 150
163 151
164 152
Читать дальше