I am pleased to announce that my latest book is now available on Amazon (see below).
The intent is to help business leaders and information security practitioners discuss cyber risk in business rather than technical language, enabling executives and the board to make informed and intelligent business decisions.
It’s not enough to say that cyber risk is “high” when there are so many business risks to address. It’s not enough to follow standards from NIST, ISO, or FAIR when they don’t help you understand the risk to the achievement of enterprise objectives.
Leaders need to know whether to invest more of their scarce resources into cybersecurity or satisfy competing demands for those same resources from other sources of risk and opportunity[1].
Should they invest their last million dollars into cyber, a marketing program, product development, employee safety, customer satisfaction, compliance, new cloud systems, an upgrade to their network, an acquisition, or other area?
How much investment is enough?
This is what four eminent reviewers had to say:
“With Managing the Business Risk that is Cyber Norman Marks has written a practical guide to the elusive concept of cyber risk. Addressing cyber risk as business risk rather than IT risk is pivotal to ensure proper understanding, prioritization and…
