Corporate Governance and Ethics: Cyber Resilience Strategies
VerifiedAdded on 2023/06/06
|12
|3245
|237
Report
AI Summary
This report explores cyber resilience within the context of corporate governance and ethics. It begins by defining cyber resilience and its distinction from cyber security, emphasizing the ability of an organization to maintain normal business operations despite cyber incidents. The report then examines the considerations outlined by the World Economic Forum to support cyber resilience, including principles for the corporate board such as responsibility, knowledge, and accountability. It details how these principles can influence the development of cyber resilience policies, including the integration of these policies into business plans and risk management practices. The report also discusses cyber resilience toolkits, cyber risk frameworks, and the board's insights on emerging technology risks. Furthermore, it highlights the importance of continuous improvement, partnerships, and ethical guidelines in maintaining and enhancing cyber resilience. The report concludes by emphasizing the need for strategies to evaluate system performance and implement continuous development to address evolving cyber threats, ensuring a resilient system within the organization.
Running head: Corporate Governance and Ethics
Corporate Governance and Ethics
Name of the Student
Name of the University
Author Note
Corporate Governance and Ethics
Name of the Student
Name of the University
Author Note
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
1Corporate Governance and Ethics
Introduction: What is cyber resiliency?
Cyber Resilience can be understood as the ability of an organization to continue its
business normally despite cyber incidents. This involves the concepts of information security
and organizational continuity. Here cyber incidents are those incidents that adversely affect
the integrity, availability and confidentiality of information and networked information
technology systems and can be intentional or unintentional (Rodriguez et al. 2015). The
objective of cyber resilience if to ensure that an organization is able to continue its normal
order of work even after incidents of cyber security incidents through the restoration of the
normal IT mechanisms from backup or contingent systems. Cyber resilience is different from
Cyber Security, which deals with the security of the information system, data and IT
infrastructure (Björck et al. 2015). Cyber Security ensures availability, integrity and
confidentiality of digital information and the IT infrastructure (such as networked computers,
routing systems and servers). Good Cyber Security helps to protect against adverse cyber
incidents and is therefore is high on the agenda list in all business and organizational sectors
(Harrop and Matteson 2015).
Since the engagement of the World Economic Forum in cyber security, two main
ideas have emerged: Cyber Resilience is an issue of leadership and the importance of going
beyond cyber security to develop a more robust and effective cyber security and cyber
resilience policy (Hathaway 2013; Johnson 2015; weforum.org 2017).
Discussion:
Several considerations have been outlined by the World Economic Forum that can
support Cyber Resilience in an organization which includes Principles of cyber resilience,
Cyber Principles Toolkit, Board Cyber Risk Framework and Board Insights on Emerging
Technology Risks. This information can help to develop policies and practices that can
Introduction: What is cyber resiliency?
Cyber Resilience can be understood as the ability of an organization to continue its
business normally despite cyber incidents. This involves the concepts of information security
and organizational continuity. Here cyber incidents are those incidents that adversely affect
the integrity, availability and confidentiality of information and networked information
technology systems and can be intentional or unintentional (Rodriguez et al. 2015). The
objective of cyber resilience if to ensure that an organization is able to continue its normal
order of work even after incidents of cyber security incidents through the restoration of the
normal IT mechanisms from backup or contingent systems. Cyber resilience is different from
Cyber Security, which deals with the security of the information system, data and IT
infrastructure (Björck et al. 2015). Cyber Security ensures availability, integrity and
confidentiality of digital information and the IT infrastructure (such as networked computers,
routing systems and servers). Good Cyber Security helps to protect against adverse cyber
incidents and is therefore is high on the agenda list in all business and organizational sectors
(Harrop and Matteson 2015).
Since the engagement of the World Economic Forum in cyber security, two main
ideas have emerged: Cyber Resilience is an issue of leadership and the importance of going
beyond cyber security to develop a more robust and effective cyber security and cyber
resilience policy (Hathaway 2013; Johnson 2015; weforum.org 2017).
Discussion:
Several considerations have been outlined by the World Economic Forum that can
support Cyber Resilience in an organization which includes Principles of cyber resilience,
Cyber Principles Toolkit, Board Cyber Risk Framework and Board Insights on Emerging
Technology Risks. This information can help to develop policies and practices that can
2Corporate Governance and Ethics
develop cyber resilience and cyber security in an organization (weforum.org 2017).
Discussed below are the considerations and how they can be used to develop best practices to
initiate Cyber Resilience Policy at the Corporate Board level:
Principles of the Board to ensure Cyber Resilience:
The main principles that should be considered by the Corporate Board include:
responsibility for cyber security and resilience, knowledge of cyber resilience, accountability,
integration, risk tolerance, risk assessment and reports, planning, collaboration, reviews and
effectiveness. These principles dictate the responsibilities of the corporate board to ensure
cyber security and cyber resilience (Ormrod and Turnbull 2018; weforum.org 2017).
Discussed next is how such principles can influence the cyber resilience policies:
The principles identified above can be used to develop a cyber resilience policy that
has the following implications: 1) Entire board should have the apex responsibility to oversee
the cyber security and cyber resiliency in the organization and can delegate some of the tasks
to risk committee or cyber resilience committee. 2) Orientation programs should be
developed for the board to keep them up to date on the trends and risks in cyber security or
cyber resilience therefore enhancing their knowledge and understanding of the subject. 3)
Allocating an officer who would be accountable for monitoring and reporting cyber incidents,
assess the ability of the organization to manage protocols or implement goals of cyber
resilience. 4) Integrating the cyber resilience policies and practices into the business plan,
including the organizational risk management practice and budgeting/allocation of resources.
5) Developing an understanding of the extent to which the organization can handle or tolerate
adverse cyber events both for current and future risks. This can helps to set to setup a
benchmark for organization. 6) The board can delegate the tasks of assessing and reporting
cyber security and resilience incidents which can be discussed in the board meetings with the
develop cyber resilience and cyber security in an organization (weforum.org 2017).
Discussed below are the considerations and how they can be used to develop best practices to
initiate Cyber Resilience Policy at the Corporate Board level:
Principles of the Board to ensure Cyber Resilience:
The main principles that should be considered by the Corporate Board include:
responsibility for cyber security and resilience, knowledge of cyber resilience, accountability,
integration, risk tolerance, risk assessment and reports, planning, collaboration, reviews and
effectiveness. These principles dictate the responsibilities of the corporate board to ensure
cyber security and cyber resilience (Ormrod and Turnbull 2018; weforum.org 2017).
Discussed next is how such principles can influence the cyber resilience policies:
The principles identified above can be used to develop a cyber resilience policy that
has the following implications: 1) Entire board should have the apex responsibility to oversee
the cyber security and cyber resiliency in the organization and can delegate some of the tasks
to risk committee or cyber resilience committee. 2) Orientation programs should be
developed for the board to keep them up to date on the trends and risks in cyber security or
cyber resilience therefore enhancing their knowledge and understanding of the subject. 3)
Allocating an officer who would be accountable for monitoring and reporting cyber incidents,
assess the ability of the organization to manage protocols or implement goals of cyber
resilience. 4) Integrating the cyber resilience policies and practices into the business plan,
including the organizational risk management practice and budgeting/allocation of resources.
5) Developing an understanding of the extent to which the organization can handle or tolerate
adverse cyber events both for current and future risks. This can helps to set to setup a
benchmark for organization. 6) The board can delegate the tasks of assessing and reporting
cyber security and resilience incidents which can be discussed in the board meetings with the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
3Corporate Governance and Ethics
management. 7) Developing cyber resilience plan with the support of the management and
having the cyber security officer to develop implement and test cyber security protocols and
practices to improve cyber resilience. 8) The board should also collaborate with the
stakeholders to systematize the process of cyber resilience and involve their perspectives and
expectations into the process. 9) Involving an independent system for reviewing the cyber
resilience of the organization, this can be conducted every year. 10) The Board also has the
responsibility to review their own performances in the implementation of cyber security and
cyber resilience practices and seeking advices from independent bodies as and when required
to ensure continuous development in the practices (weforum.org 2017; George 2017;
Wardekker et al. 2017).
Toolkits for Cyber Resilience:
The cyber principles toolkit are important to help the board members to implement
better monitoring and oversight of cyber resilience responsibilities and help in a more
effective implementation of those practices. The toolkit is developed on the bases of the 10
principles of resiliency that can be adopted by the corporate board (Linkov and Kott 2018).
Discussed below on how the toolkit can be associated with each of the principle discussed
above to monitor and manage cyber resilience of the organization:
1) To ensure responsibility of cyber resilience, the scope of the responsibilities should
be discussed in detail during board meetings. This can help to determine whether the board
should take the complete responsibilities of cyber resilience or if needs to be delegated to a
specific committee. 2) Board member should go through an orientation program for cyber
resilience when they join the organization, and should have a good knowledge on cyber
security and its oversight practices. The orientation should focus on the risk perspectives of
cyber security. Independent assessments can also be done to provide a benchmark to the
management. 7) Developing cyber resilience plan with the support of the management and
having the cyber security officer to develop implement and test cyber security protocols and
practices to improve cyber resilience. 8) The board should also collaborate with the
stakeholders to systematize the process of cyber resilience and involve their perspectives and
expectations into the process. 9) Involving an independent system for reviewing the cyber
resilience of the organization, this can be conducted every year. 10) The Board also has the
responsibility to review their own performances in the implementation of cyber security and
cyber resilience practices and seeking advices from independent bodies as and when required
to ensure continuous development in the practices (weforum.org 2017; George 2017;
Wardekker et al. 2017).
Toolkits for Cyber Resilience:
The cyber principles toolkit are important to help the board members to implement
better monitoring and oversight of cyber resilience responsibilities and help in a more
effective implementation of those practices. The toolkit is developed on the bases of the 10
principles of resiliency that can be adopted by the corporate board (Linkov and Kott 2018).
Discussed below on how the toolkit can be associated with each of the principle discussed
above to monitor and manage cyber resilience of the organization:
1) To ensure responsibility of cyber resilience, the scope of the responsibilities should
be discussed in detail during board meetings. This can help to determine whether the board
should take the complete responsibilities of cyber resilience or if needs to be delegated to a
specific committee. 2) Board member should go through an orientation program for cyber
resilience when they join the organization, and should have a good knowledge on cyber
security and its oversight practices. The orientation should focus on the risk perspectives of
cyber security. Independent assessments can also be done to provide a benchmark to the
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
4Corporate Governance and Ethics
organization. 3) To ensure accountability towards cyber resilience, the responsibilities and
roles of cyber resilience practice should be clearly outlined, and officer accountable for cyber
resilience should be given significant influence and authority and well as adequate resources
to support their work. Cyber resilience awareness as well as review of resilience strategies
should also be implemented. 4) Cyber Resilience policies can be integrated to the business
practice by identifying strategies to manage and evaluate cyber risks, governance of the risks,
determining the extent to which board needs to be involved in the process of reviewing and
approving resilience strategies. 5) Risk Apetite can be analyzed through measurement of the
costs or impact of cyber security incidents, and how these values can differ between
organizations. Also, risk tolerance can be benchmarked through the measurement of the
extent of disruption that can occur in case of different types of cyber incidents. 6) Assessment
and Reporting of risks can be done for both current and future possible situations. Moreover,
the culture of cyber security should be assessed and communication strategies developed to
inform about the damage caused to the organization due to cyber incidents. 7) To develop
resilience plans, organization needs to include business continuity practice, disaster recovery
strategies and response plans for cyber incidents. KPI can be used to assess the current
practices and the board needs to ensure that the practices are adopted at every level of the
organization. 8) Collaboration can be ensured by involving with different entities (internal or
external), identifying their responsibilities towards cyber resilience, developing strategies for
collaboration, understanding how the collaboration can be beneficial to the organization as
well as the potential liabilities due to it. 9) For reviewing the cyber resilience systems, board
needs to decide how the independent reviewer would be selected, ensure the review is
properly scoped and the process plan of the independent reviewer is checked by the board
before implementation. 10) Effectiveness of the cyber resilience plan can be asses through
periodical review, delegation of responsibilities and following a timeline for the review
organization. 3) To ensure accountability towards cyber resilience, the responsibilities and
roles of cyber resilience practice should be clearly outlined, and officer accountable for cyber
resilience should be given significant influence and authority and well as adequate resources
to support their work. Cyber resilience awareness as well as review of resilience strategies
should also be implemented. 4) Cyber Resilience policies can be integrated to the business
practice by identifying strategies to manage and evaluate cyber risks, governance of the risks,
determining the extent to which board needs to be involved in the process of reviewing and
approving resilience strategies. 5) Risk Apetite can be analyzed through measurement of the
costs or impact of cyber security incidents, and how these values can differ between
organizations. Also, risk tolerance can be benchmarked through the measurement of the
extent of disruption that can occur in case of different types of cyber incidents. 6) Assessment
and Reporting of risks can be done for both current and future possible situations. Moreover,
the culture of cyber security should be assessed and communication strategies developed to
inform about the damage caused to the organization due to cyber incidents. 7) To develop
resilience plans, organization needs to include business continuity practice, disaster recovery
strategies and response plans for cyber incidents. KPI can be used to assess the current
practices and the board needs to ensure that the practices are adopted at every level of the
organization. 8) Collaboration can be ensured by involving with different entities (internal or
external), identifying their responsibilities towards cyber resilience, developing strategies for
collaboration, understanding how the collaboration can be beneficial to the organization as
well as the potential liabilities due to it. 9) For reviewing the cyber resilience systems, board
needs to decide how the independent reviewer would be selected, ensure the review is
properly scoped and the process plan of the independent reviewer is checked by the board
before implementation. 10) Effectiveness of the cyber resilience plan can be asses through
periodical review, delegation of responsibilities and following a timeline for the review
5Corporate Governance and Ethics
process. Also ensuring the quality of information in the review can enhance its effectiveness
(weforum.org 2017; George 2017; Tanque and Foxwell 2018).
Cyber Risk Framework for the Board:
The cyber risk framework helps the board to understand the extent an adverse cyber
incident can affect the organization in terms of its cyber resiliency (Young et al. 2016). Some
of the framework has been discussed below:
Risk Portfolio:
The risk portfolio helps to identify the common cyber security risks an organization
can face, thereby helping the board to understand how each of these risks can take place and
how it can adversely affect the organization and its processes. The portfolio can also include
the costs associated with each of the identified adverse security incidents which should be
updated on a regular basis. This portfolio can also be used to develop a residual portfolio of
incidents that can still occur apart from the ones identified and incorporated to the normal
expense of the company (Malhotra 2017; Feng et al. 2015).
Cyber Security Standards:
Common standards that can be implemented by the organization to ensure cyber
resiliency includes: ISO/IEC 27k, NIST Special Publication (SP) 800 Series, OCTAVE
Allegro, Federal Information Processing Standards (FIPS) by NIST, Payment Card Industry
Security Standards Council (PCISSC). These standards provide a system of monitoring
and managing cyber security and cyber resilience systems within an organization (Sani et
al. 2018; weforum.org 2018).
process. Also ensuring the quality of information in the review can enhance its effectiveness
(weforum.org 2017; George 2017; Tanque and Foxwell 2018).
Cyber Risk Framework for the Board:
The cyber risk framework helps the board to understand the extent an adverse cyber
incident can affect the organization in terms of its cyber resiliency (Young et al. 2016). Some
of the framework has been discussed below:
Risk Portfolio:
The risk portfolio helps to identify the common cyber security risks an organization
can face, thereby helping the board to understand how each of these risks can take place and
how it can adversely affect the organization and its processes. The portfolio can also include
the costs associated with each of the identified adverse security incidents which should be
updated on a regular basis. This portfolio can also be used to develop a residual portfolio of
incidents that can still occur apart from the ones identified and incorporated to the normal
expense of the company (Malhotra 2017; Feng et al. 2015).
Cyber Security Standards:
Common standards that can be implemented by the organization to ensure cyber
resiliency includes: ISO/IEC 27k, NIST Special Publication (SP) 800 Series, OCTAVE
Allegro, Federal Information Processing Standards (FIPS) by NIST, Payment Card Industry
Security Standards Council (PCISSC). These standards provide a system of monitoring
and managing cyber security and cyber resilience systems within an organization (Sani et
al. 2018; weforum.org 2018).
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
6Corporate Governance and Ethics
Cyber Risk Assessment:
This strategy helps to assess the risks of cyber incidents in the organization,
classifying the risks according to their probability of occurrence. This can help the board to
identify incidents which are high risk compared to incidents which are medium or low risks
(Ross et al. 2018; Mukhopadhyay et al. 2017).
Self Assessment Questionnaire:
Self assessment questionnaires are also useful for the board members as it can help to
identify the action priorities and develop future objectives and action plans for continuous
development. Self assessment also helps to assess current performance and future
performance requirements of the board members (weforum.org 2018; George 2017).
Insights of the board on emerging risks of technology:
Several emergent trends and risks can be identified in the domain of cyber security
and cyber resilience. These factors influence the success of the cyber resilience of the
organization. It is important therefore for any organization to implement these factors to
enhance the cyber security and cyber resilience (Reetz et al. 2018). Discussed below are the
key recommendations that can be used to such effect:
1) Increasing awareness of emerging risks in information technology. 2) Implement
resiliency in the design of the IT infrastructure. 3) Determine an acceptable level of security
that should be implemented based on the benchmarks of risk tolerance and appetite. 4)
Developing vendor partnerships and using external technologies for the management of
security risks in the organization for independent and neural reviews. 5) Developing a
lifecycle of the cyber security practices and new technologies which can help to design the
implementation, operation, maintenance and end of life of the system as well as determining
its supply chain and support systems. 6) Ensuring privacy of data. 7) Developing strategies
Cyber Risk Assessment:
This strategy helps to assess the risks of cyber incidents in the organization,
classifying the risks according to their probability of occurrence. This can help the board to
identify incidents which are high risk compared to incidents which are medium or low risks
(Ross et al. 2018; Mukhopadhyay et al. 2017).
Self Assessment Questionnaire:
Self assessment questionnaires are also useful for the board members as it can help to
identify the action priorities and develop future objectives and action plans for continuous
development. Self assessment also helps to assess current performance and future
performance requirements of the board members (weforum.org 2018; George 2017).
Insights of the board on emerging risks of technology:
Several emergent trends and risks can be identified in the domain of cyber security
and cyber resilience. These factors influence the success of the cyber resilience of the
organization. It is important therefore for any organization to implement these factors to
enhance the cyber security and cyber resilience (Reetz et al. 2018). Discussed below are the
key recommendations that can be used to such effect:
1) Increasing awareness of emerging risks in information technology. 2) Implement
resiliency in the design of the IT infrastructure. 3) Determine an acceptable level of security
that should be implemented based on the benchmarks of risk tolerance and appetite. 4)
Developing vendor partnerships and using external technologies for the management of
security risks in the organization for independent and neural reviews. 5) Developing a
lifecycle of the cyber security practices and new technologies which can help to design the
implementation, operation, maintenance and end of life of the system as well as determining
its supply chain and support systems. 6) Ensuring privacy of data. 7) Developing strategies
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
7Corporate Governance and Ethics
for continuous improvement of the control measures of cyber security. 8) Following ethical
guidelines and public policies of data security. 9) Increasing adaptability to changing needs
and technologies and maintain the level of cyber resilience (weforum.org 2018; George
2017).
Future Considerations of Cyber Resilience:
It is not only important to implement cyber security successfully to ensure cyber
resilience, but also have strategies that can be used to evaluate the performance of the system
and implement continuous development to cope up with emerging threats and challenges in
cyber security in order to maintain a resilient system in the organization. The important
considerations are discussed next:
Continuous Improvement:
Continuous improvement tools helps to ensure that the security framework goes to
continuous improvement which allows it to address the constantly changing and evolving
nature of cyber risks and threats, preventing both existing and new types of incidents. This
strategy helps to identify scopes for further development in a system and then implement
plans to address those scopes followed by review of those upgrades to see if they are working
properly (Rodriguez et al. 2015).
Partnerships:
Partnerships with other organizations as well as independent bodies can help to
develop a collaborated effort in the development of a robust and resilient system. This also
ensures more allocation of resources and an independent system of monitoring the existing
system thus helping to ensure its efficiency and efficacy (Björck et al. 2015).
for continuous improvement of the control measures of cyber security. 8) Following ethical
guidelines and public policies of data security. 9) Increasing adaptability to changing needs
and technologies and maintain the level of cyber resilience (weforum.org 2018; George
2017).
Future Considerations of Cyber Resilience:
It is not only important to implement cyber security successfully to ensure cyber
resilience, but also have strategies that can be used to evaluate the performance of the system
and implement continuous development to cope up with emerging threats and challenges in
cyber security in order to maintain a resilient system in the organization. The important
considerations are discussed next:
Continuous Improvement:
Continuous improvement tools helps to ensure that the security framework goes to
continuous improvement which allows it to address the constantly changing and evolving
nature of cyber risks and threats, preventing both existing and new types of incidents. This
strategy helps to identify scopes for further development in a system and then implement
plans to address those scopes followed by review of those upgrades to see if they are working
properly (Rodriguez et al. 2015).
Partnerships:
Partnerships with other organizations as well as independent bodies can help to
develop a collaborated effort in the development of a robust and resilient system. This also
ensures more allocation of resources and an independent system of monitoring the existing
system thus helping to ensure its efficiency and efficacy (Björck et al. 2015).
8Corporate Governance and Ethics
Leadership:
This is another important aspect that needs to be considered by the board, since
through effective leadership proper cyber resilience can be maintained. The board can act as
the organizations leaders, leading the organization by examples which others can follow in
their work to ensure a secure and safe system (Harrop and Matteson 2015).
Conclusion:
Cyber Resilience thus can be understood as the organizations ability to continue its
work even after an adverse incident has taken place. A resilient system ensures that the
organization is able to recover from the adverse cyber incident and prevent any major or
significant losses. However, cyber resilience is significantly dependant on cyber security,
which ensure the integrity, accountability and availability of all data and It systems in the
organization. Thus in order to ensure a resilient cyber system, an effective cyber security
must exist. The Board can play a pivotal role in ensuring the organization has a resilient
cyber system. The cyber resilience policies can be developed around 10 key principles that
can be used to develop tools and protocols for cyber resilience. These principles also are
important to develop frameworks for cyber security and implement strategies to meet not
only the current but also the future cyber security needs of the organization, thus developing a
robust and resilient cyber system. These aspects thus need to be implemented in the security
and resilience policy of the organization.
Leadership:
This is another important aspect that needs to be considered by the board, since
through effective leadership proper cyber resilience can be maintained. The board can act as
the organizations leaders, leading the organization by examples which others can follow in
their work to ensure a secure and safe system (Harrop and Matteson 2015).
Conclusion:
Cyber Resilience thus can be understood as the organizations ability to continue its
work even after an adverse incident has taken place. A resilient system ensures that the
organization is able to recover from the adverse cyber incident and prevent any major or
significant losses. However, cyber resilience is significantly dependant on cyber security,
which ensure the integrity, accountability and availability of all data and It systems in the
organization. Thus in order to ensure a resilient cyber system, an effective cyber security
must exist. The Board can play a pivotal role in ensuring the organization has a resilient
cyber system. The cyber resilience policies can be developed around 10 key principles that
can be used to develop tools and protocols for cyber resilience. These principles also are
important to develop frameworks for cyber security and implement strategies to meet not
only the current but also the future cyber security needs of the organization, thus developing a
robust and resilient cyber system. These aspects thus need to be implemented in the security
and resilience policy of the organization.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
9Corporate Governance and Ethics
References:
Björck, F., Henkel, M., Stirna, J. and Zdravkovic, J., 2015. Cyber resilience–fundamentals for
a definition. In New Contributions in Information Systems and Technologies (pp. 311-316).
Springer, Cham.
Feng, M., Wächter, A. and Staum, J., 2015. Practical algorithms for value-at-risk portfolio
optimization problems. Quantitative Finance Letters, 3(1), pp.1-9.
George, T., 2017. How to use the world economic forum's cybersecurity principles. Risk
Management, 64(6), p.33.
Harrop, W. and Matteson, A., 2015. Cyber resilience: A review of critical national
infrastructure and cyber-security protection measures applied in the UK and USA. In Current
and Emerging Trends in Cyber Operations (pp. 149-166). Palgrave Macmillan, London.
Hathaway, M., 2013. Cyber readiness index 1.0. Great Falls, VA: Hathaway Global
Strategies LLC.
Johnson, T.A. ed., 2015. Cybersecurity: Protecting critical infrastructures from cyber attack
and cyber warfare. CRC Press.
Linkov, I. and Kott, A., 2018. Fundamental Concepts of Cyber Resilience: Introduction and
Overview. In Cyber Resilience of Systems and Networks (pp. 1-25). Springer, Cham.
Malhotra, Y., 2017. Advancing Cyber Risk Insurance Underwriting Model Risk Management
beyond VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis.
Mukhopadhyay, A., Chatterjee, S., Bagchi, K.K., Kirs, P.J. and Shukla, G.K., 2017. Cyber
Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for
Cyber Insurance. Information Systems Frontiers, pp.1-22.
References:
Björck, F., Henkel, M., Stirna, J. and Zdravkovic, J., 2015. Cyber resilience–fundamentals for
a definition. In New Contributions in Information Systems and Technologies (pp. 311-316).
Springer, Cham.
Feng, M., Wächter, A. and Staum, J., 2015. Practical algorithms for value-at-risk portfolio
optimization problems. Quantitative Finance Letters, 3(1), pp.1-9.
George, T., 2017. How to use the world economic forum's cybersecurity principles. Risk
Management, 64(6), p.33.
Harrop, W. and Matteson, A., 2015. Cyber resilience: A review of critical national
infrastructure and cyber-security protection measures applied in the UK and USA. In Current
and Emerging Trends in Cyber Operations (pp. 149-166). Palgrave Macmillan, London.
Hathaway, M., 2013. Cyber readiness index 1.0. Great Falls, VA: Hathaway Global
Strategies LLC.
Johnson, T.A. ed., 2015. Cybersecurity: Protecting critical infrastructures from cyber attack
and cyber warfare. CRC Press.
Linkov, I. and Kott, A., 2018. Fundamental Concepts of Cyber Resilience: Introduction and
Overview. In Cyber Resilience of Systems and Networks (pp. 1-25). Springer, Cham.
Malhotra, Y., 2017. Advancing Cyber Risk Insurance Underwriting Model Risk Management
beyond VaR to Pre-Empt and Prevent the Forthcoming Global Cyber Insurance Crisis.
Mukhopadhyay, A., Chatterjee, S., Bagchi, K.K., Kirs, P.J. and Shukla, G.K., 2017. Cyber
Risk Assessment and Mitigation (CRAM) Framework Using Logit and Probit Models for
Cyber Insurance. Information Systems Frontiers, pp.1-22.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
10Corporate Governance and Ethics
Ormrod, D. and Turnbull, B., 2018, June. Cyber Resilience as an Information Operations
Action to Assure the Mission. In ECCWS 2018 17th European Conference on Cyber Warfare
and Security (p. 343). Academic Conferences and publishing limited.
Reetz, M.A., Prunty, L.B., Mantych, G.S. and Hommel, D.J., 2018. Cyber Risks: Evolving
Threats, Emerging Coverages, and Ensuing Case Law. Penn State Law Review, 122(3).
Rodriguez, L., Curtis, D., Choudhury, S., Oler, K., Nordquist, P., Chen, P.Y. and Ray, I.,
2015, October. Action Recommendation for Cyber Resilience. In Proceedings of the 22nd
ACM SIGSAC Conference on Computer and Communications Security (pp. 1620-1622).
ACM.
Ross, D.M. and Edwards, C., Gemini Cyber Inc, 2018. Cyber risk assessment and
management system and method. U.S. Patent Application 15/794,313.
Sani, A.S., Yuan, D., Jin, J., Gao, L., Yu, S. and Dong, Z.Y., 2018. Cyber security framework
for Internet of Things-based Energy Internet. Future Generation Computer Systems.
Tanque, M. and Foxwell, H.J., 2018. Cyber Resilience for the Internet of Things. In
Handbook of Research on Information and Cyber Security in the Fourth Industrial
Revolution (pp. 304-335). IGI Global.
Wardekker, J.A., Wilk, B. and Brown, V., 2017. Assessing urban resilience in Rotterdam
using resilience principles: Workshop report.
weforum.org, 2017. Future of Digital Economy and Society System Initiative, Advancing
Cyber Resilience Principles and Tools for Boards. [online] Www3.weforum.org. Available
at: http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles- Tools.pdf
[Accessed 6 Sep. 2018].
Ormrod, D. and Turnbull, B., 2018, June. Cyber Resilience as an Information Operations
Action to Assure the Mission. In ECCWS 2018 17th European Conference on Cyber Warfare
and Security (p. 343). Academic Conferences and publishing limited.
Reetz, M.A., Prunty, L.B., Mantych, G.S. and Hommel, D.J., 2018. Cyber Risks: Evolving
Threats, Emerging Coverages, and Ensuing Case Law. Penn State Law Review, 122(3).
Rodriguez, L., Curtis, D., Choudhury, S., Oler, K., Nordquist, P., Chen, P.Y. and Ray, I.,
2015, October. Action Recommendation for Cyber Resilience. In Proceedings of the 22nd
ACM SIGSAC Conference on Computer and Communications Security (pp. 1620-1622).
ACM.
Ross, D.M. and Edwards, C., Gemini Cyber Inc, 2018. Cyber risk assessment and
management system and method. U.S. Patent Application 15/794,313.
Sani, A.S., Yuan, D., Jin, J., Gao, L., Yu, S. and Dong, Z.Y., 2018. Cyber security framework
for Internet of Things-based Energy Internet. Future Generation Computer Systems.
Tanque, M. and Foxwell, H.J., 2018. Cyber Resilience for the Internet of Things. In
Handbook of Research on Information and Cyber Security in the Fourth Industrial
Revolution (pp. 304-335). IGI Global.
Wardekker, J.A., Wilk, B. and Brown, V., 2017. Assessing urban resilience in Rotterdam
using resilience principles: Workshop report.
weforum.org, 2017. Future of Digital Economy and Society System Initiative, Advancing
Cyber Resilience Principles and Tools for Boards. [online] Www3.weforum.org. Available
at: http://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles- Tools.pdf
[Accessed 6 Sep. 2018].
11Corporate Governance and Ethics
Young, D., Lopez Jr, J., Rice, M., Ramsey, B. and McTasney, R., 2016. A framework for
incorporating insurance in critical infrastructure cyber risk strategies. International Journal of
Critical Infrastructure Protection, 14, pp.43-57.
Young, D., Lopez Jr, J., Rice, M., Ramsey, B. and McTasney, R., 2016. A framework for
incorporating insurance in critical infrastructure cyber risk strategies. International Journal of
Critical Infrastructure Protection, 14, pp.43-57.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 12
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.