Understand critical cybersecurity and risk perspectives, insights, and tools for the leaders of complex financial systems and markets. This book offers guidance for decision makers and helps establish a framework for communication between cyber leaders and front-line professionals. Information is provided to help in the analysis of cyber challenges and choosing between risk treatment options.
Financial cybersecurity is a complex, systemic risk challenge that includes technological and operational elements. The interconnectedness of financial systems and markets creates dynamic, high-risk environments where organizational security is greatly impacted by the level of security effectiveness of partners, counterparties, and other external organizations. The result is a high-risk environment with a growing need for cooperation between enterprises that are otherwise direct competitors. There is a new normal of continuous attack pressures that produce unprecedented enterprise threats that must be met with an array of countermeasures.
Financial Cybersecurity Risk Management explores a range of cybersecurity topics impacting financial enterprises. This includes the threat and vulnerability landscape confronting the financial sector, risk assessment practices and methodologies, and cybersecurity data analytics. Governance perspectives, including executive and board considerations, are analyzed as are the appropriate control measures and executive risk reporting.
What You'll Learn
- Analyze the threat and vulnerability landscape confronting the financial sector
- Implement effective technology risk assessment practices and methodologies
- Craft strategies to treat observed risks in financial systems
- Improve the effectiveness of enterprise cybersecurity capabilities
- Evaluate critical aspects of cybersecurity governance, including executive and board oversight
- Identify significant cybersecurity operational challenges
- Consider the impact of the cybersecurity mission across the enterprise
- Leverage cybersecurity regulatory and industry standards to help manage financial services risks
- Use cybersecurity scenarios to measure systemic risks in financial systems environments
- Apply key experiences from actual cybersecurity events to develop more robust cybersecurity architectures
Who This Book Is For
Decision makers, cyber leaders, and front-line professionals, including: chief risk officers, operational risk officers, chief information security officers, chief security officers, chief information officers, enterprise risk managers, cybersecurity operations directors, technology and cybersecurity risk analysts, cybersecurity architects and engineers, and compliance officers
Paul Rohmeyer has extensive industry and academic experience in many areas, including: information systems management, IT audit, information security, business continuity planning, and vendor management. He is a faculty member at the School of Business at Stevens Institute of Technology and has presented and published on information security, decision making, and business continuation. He has provided senior-level guidance to numerous financial institutions in the areas of risk management, information assurance, and network security over the past two decades. Prior to his consulting career, Paul served as Director of IT for AXA Financial and Director of IT Architecture Planning for SAIC/Bellcore. He has MS and PhD degrees in information management from Stevens Institute of Technology, an MBA in finance from St. Joseph's University, and a BA in economics from Rutgers University. He has achieved the CGEIT (Certified in the Governance of Enterprise IT), PMP (Project Management Professional), and NSA-IAM (US National Security Agency Information Assurance Methodology) credentials.Jennifer L. Bayuk is a cybersecurity due diligence expert, cybersecurity risk management consultant, and an adjunct professor at Stevens Institute of Technology. She has served in many roles, including: global financial services technology risk management officer, Wall Street chief information security officer, Big 4 information risk management consultant, manager of information technology internal audit, security architect, Bell Labs security software engineer, professor of systems security engineering, private cybersecurity investigator, and expert witness.Jennifer has written numerous publications on information security management, information technology risk management, information security tools and techniques, cybersecurity forensics, technology-related privacy issues, audit of physical and information systems, security awareness education, and systems security metrics. She has master degrees in computer science and philosophy, and a PhD in systems engineering. Her certifications include CISSP, CISA, CISM, CGEIT, and a New Jersey state private investigator license.