The True Cost of Information Security Breaches and Cyber Crime
By Michael Krausz and Prof. John Walker
()
About this ebook
This pocket guide uses case studies to illustrate the possible security breach scenarios that an organisation can face. It sets out a sensible, realistic assessment of the actual costs of a data or information breach and explains how managers can determine the business damage caused.
Michael Krausz
Michael Krausz studied Physics, Computer Science and Law at the University of Technology, Vienna, Vienna University and Webster University. In order to combine his two main hobbies, computers and investigations, he chose to become a professional investigator and IT expert. Over the course of his career he has investigated over a hundred cases of information security breaches, usually connected with white-collar crime. Michael Krausz is an ISO27001 auditor and has delivered over 5000 hours of professional and academic training. He has provided consulting or investigation services in 12 countries to date.
Read more from Michael Krausz
Managing Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratings
Related to The True Cost of Information Security Breaches and Cyber Crime
Related ebooks
Cyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsBuilding a Practical Information Security Program Rating: 5 out of 5 stars5/5Fundamentals of Adopting the NIST Cybersecurity Framework Rating: 0 out of 5 stars0 ratingsAssessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/5Managing Cybersecurity Risk: Cases Studies and Solutions Rating: 5 out of 5 stars5/5CSA Guide to Cloud Computing: Implementing Cloud Privacy and Security Rating: 0 out of 5 stars0 ratingsData Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsNIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsCybersecurity Law, Standards and Regulations, 2nd Edition Rating: 0 out of 5 stars0 ratingsBuild a Security Culture Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: Book 3 Rating: 0 out of 5 stars0 ratingsManaging Cybersecurity Risk: How Directors and Corporate Officers Can Protect their Businesses Rating: 5 out of 5 stars5/5Fundamentals of Information Security Risk Management Auditing: An introduction for managers and auditors Rating: 5 out of 5 stars5/5Cyber Security Awareness for Corporate Directors and Board Members Rating: 1 out of 5 stars1/5Information Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsSecurity: The Human Factor Rating: 0 out of 5 stars0 ratingsFight Fire with Fire: Proactive Cybersecurity Strategies for Today's Leaders Rating: 0 out of 5 stars0 ratingsA Practitioner's Guide to Adapting the NIST Cybersecurity Framework Rating: 0 out of 5 stars0 ratingsFire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks Rating: 0 out of 5 stars0 ratingsThe Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Building an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsCybersecurity Policy A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratings
Security For You
CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Destination CISSP Rating: 3 out of 5 stars3/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Cybersecurity All-in-One For Dummies Rating: 0 out of 5 stars0 ratingsCybersecurity For Dummies Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Amazon Web Services (AWS) Interview Questions and Answers Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Handbook of Digital Forensics and Investigation Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5
Reviews for The True Cost of Information Security Breaches and Cyber Crime
0 ratings0 reviews
Book preview
The True Cost of Information Security Breaches and Cyber Crime - Michael Krausz
The True Cost of
Information
Security Breaches
and Cyber Crime
The True Cost of
Information
Security Breaches
and Cyber Crime
MICHAEL KRAUSZ
PROF. JOHN WALKER
Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader's own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:
IT Governance Publishing
IT Governance Limited
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom
www.itgovernance.co.uk
© Prof. John Walker and Michael Krausz 2013
The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.
First published in the United Kingdom in 2013
by IT Governance Publishing.
ISBN 978-1-84928-497-4
FOREWORD
The year is 2013. Not 1988, when viruses were believed to be an April Fool's joke; not 1995, when companies had to be convinced that firewalls might make sense; and not 2004, when IT forensics started to become topical. It is 2013: companies are forced to protect their data and information, and a market has risen from almost nothing over the past 20 years because of regulatory, statutory or contractual requirements. Only the most stubborn would think that information security can still be avoided altogether. This stubbornness is usually punished by media reports of breaches occurring at such organisations within comparatively little time and the ICO¹ following up with a hefty fine.
Serious, not-so-serious and downright disreputable security companies now crowd the security services (and products) market. They cause incessant noise in the ears and brains of CxOs who have to make informed decisions about their organisation’s information security strategy, individual topics or current issues. They claim that 100 percent security exists, that it can be achieved at no cost if you outsource to the right third-world country, that an ISO27001 audit can be done within one week for an entire corporation and that, of course, you must have the latest security technology (‘toys’) in place to be 100 percent secure. The worst thing, however, is that many security providers still – in raising FUD (Fear-Uncertainty-Doubt) – sell services or products based on exaggerations about what a data or information breach can cost a company. A sale is then usually made rather quickly and the company is served – the security service provider that is, not the customer.
This pocket guide, by two seasoned security practitioners, presents a balanced view based on real-life case studies containing as many hard facts as possible. CxOs can then make informed decisions about their organisation’s information security strategy.
1 ICO: Information Commissioner’s Office
PREFACE
This pocket guide serves two purposes:
Presenting a balanced view of the true cost of data and cyber information breaches, through case studies that illustrate real-world examples, along with the associated real-world impact.
Providing guidance on the cost factors of a breach and how to determine figures in a breach situation.
This guide also explains the relationship between information security risk and business risk. While undoubtedly connected, distinct differences mean that not every information security risk becomes a business risk. This distinction can help CFOs, CSOs/CISOs and CEOs make informed decisions about how to treat a breach or on priorities for