Author Description

This book shows in a practical way how to set up cybersecurity in an organisation, guided by the most critical business needs.The relationship between the mission critical business processes and the IT infrastructure is first modeled, using modelling languages that ensure a common understanding among the different stakeholders.Next the cyberthreats against the information systems and services are identified using a combination of methods, and the resulting risks are assessed and managed.An entire chapter is dedicated to solutions for mitigating the risks, from high level policies down to network architectures and components.Since incidents will occur the concept of designing cyber resilient solutions is presented, with a focus on managing incidents.Finally cybersecurity governance is discussed, together with a skills framework, and the use of cyber trainings.