Cyber Mayday and the Day After. Daniel Lohrmann

      1  Cover

      2  Praise for Cyber Mayday and the Day After

      3  Title Page

      4  Copyright

      5  Introduction: Setting the Global Stage for Cyber Resilienceintroduction A NEW SENSE OF CYBER URGENCY A PEEK BEHIND THE CURTAINS, AND THE MAKING OF CYBER MAYDAY AND THE DAY AFTER THE THREE-PART BREAKDOWN NOTES

      6  PART I: A Leader's Guide to Preparing for the Inevitable CHAPTER 1: If I Had a Time Machine STARTING WITH THE UNKNOWNS – OR NOT? AN ISOLATED PERSPECTIVE HAS MANY LIMITS LEARNING FROM OUR PAST TO LEAD OUR FUTURE FREQUENT RANSOMWARE ATTACKS PROMPT RESPONSE CAPABILITY ENHANCEMENTS IN NEW YORK STATE LIKE A BAD PENNY EDUCATION SECTOR TARGETED BY CYBERCRIMINALS THE BATTLE CONTINUES FIVE TAKEAWAYS NOTES CHAPTER 2: Fail to Plan or Plan to Fail: Cyber Disruption Response Plans and Cyber Insurance THE MAKING OF THE MICHIGAN CYBER INITIATIVE CONFRONTING CYBER EMERGENCIES: THE MICHIGAN CYBER DISRUPTION RESPONSE PLAN U.S. FEDERAL GOVERNMENT GUIDANCE ON SECURITY INCIDENT HANDLING POSITIVE SECURITY AND RISK MANAGEMENT FOR INTERNATIONAL ORGANIZATIONS CHANGES IN THE PLANNING APPROACH POST-INCIDENT THE WISCONSIN GOVERNMENT APPROACH TO CYBERSECURITY INCIDENT RESPONSE A PRIVATE SECTOR PERSPECTIVE ON COMPUTER SECURITY INCIDENT RESPONSE INCIDENT RESPONSE AND CYBER INSURANCE NOTES CHAPTER 3: Practice Makes Perfect: Exercises, Cyber Ranges, and BCPs THE IMPORTANCE OF CYBER EXERCISES HISTORY OF CYBER STORM EXERCISES MICHIGAN PARTICIPATION IN CYBER STORM I CYBER SCENARIOS, EXERCISE PLANS, AND PLAYBOOKS HELP AVAILABLE, FROM A CYBER RANGE NEAR YOU INTERNAL BUSINESS CONTINUITY PLANNING (BCP) PLAYERS DESIGNING YOUR BCP IN ACCORDANCE WITH YOUR COMPANY'S MISSION WHERE NEXT WITH YOUR BCP? HOW OFTEN SHOULD WE BE RUNNING OUR BCPs? AUTOMATED RESPONSES TO INCIDENTS NOTES CHAPTER 4: What a Leader Needs to Do at the Top BUILDING RELATIONSHIPS WITH YOUR BUSINESS LEADERS SPEAK THEIR LANGUAGE LAYING THE GROUNDWORK SECURITY VARIANCE THE FUNDAMENTALS AND TOP MITIGATION STRATEGIES SECURITY NEEDS TO HAVE A BUSINESS PURPOSE FIGHTING THE INNATE NATURE OF A CISO HOW SHOULD A SENIOR EXECUTIVE APPROACH CYBER ISSUES? WHAT CAN THE BOARD CHANGE? STORY-BASED LEADERSHIP SETTING A SUPPORTIVE CULTURE LEADS TO CREATIVE SOLUTIONS NOTES

      7  PART II: Cyber Mayday: When the Alarm Goes Off CHAPTER 5: Where Were You When the Sirens Went Off? THE STORY OF TOLL FINE-TUNE YOUR BCP CYBER CRISIS IN PANDEMIC TIMES MICROSCOPIC LESSONS – DAY ONE OF THE INCIDENT THE RECOVERY IMPROVEMENT WITH HINDSIGHT THIRD-PARTY RISKS AND CYBER INSURANCE EFFECTIVE LEADERSHIP IN TIMES OF CRISIS A SUPPORTIVE MANAGEMENT HELPS BRING RESULTS NOTES CHAPTER 6: Where Do We Go When the Power Goes Off?