The True Cost of Information Security Breaches and Cyber Crime
By Michael Krausz and Prof. John Walker
()
About this ebook
This pocket guide uses case studies to illustrate the possible security breach scenarios that an organisation can face. It sets out a sensible, realistic assessment of the actual costs of a data or information breach and explains how managers can determine the business damage caused.
Michael Krausz
Michael Krausz studied Physics, Computer Science and Law at the University of Technology, Vienna, Vienna University and Webster University. In order to combine his two main hobbies, computers and investigations, he chose to become a professional investigator and IT expert. Over the course of his career he has investigated over a hundred cases of information security breaches, usually connected with white-collar crime. Michael Krausz is an ISO27001 auditor and has delivered over 5000 hours of professional and academic training. He has provided consulting or investigation services in 12 countries to date.
Read more from Michael Krausz
Managing Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratings
Related to The True Cost of Information Security Breaches and Cyber Crime
Related ebooks
Building a Practical Information Security Program Rating: 5 out of 5 stars5/5Data Breach Preparation and Response: Breaches are Certain, Impact is Not Rating: 0 out of 5 stars0 ratingsNIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsFundamentals of Adopting the NIST Cybersecurity Framework Rating: 0 out of 5 stars0 ratingsBuild a Security Culture Rating: 0 out of 5 stars0 ratingsCSA Guide to Cloud Computing: Implementing Cloud Privacy and Security Rating: 0 out of 5 stars0 ratingsThe Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Cyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsFundamentals of Information Security Risk Management Auditing: An introduction for managers and auditors Rating: 5 out of 5 stars5/5Digital Earth: Cyber threats, privacy and ethics in an age of paranoia Rating: 0 out of 5 stars0 ratingsFire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks Rating: 0 out of 5 stars0 ratingsThe Information Systems Security Officer's Guide: Establishing and Managing a Cyber Security Program Rating: 0 out of 5 stars0 ratingsManaging Online Risk: Apps, Mobile, and Social Media Security Rating: 0 out of 5 stars0 ratingsAssessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/58 Steps to Better Security: A Simple Cyber Resilience Guide for Business Rating: 0 out of 5 stars0 ratingsFISMA and the Risk Management Framework: The New Practice of Federal Cyber Security Rating: 0 out of 5 stars0 ratingsCybersecurity Risk Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsNine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsThe Official (ISC)2 Guide to the CCSP CBK Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5ThirdParty Cybersecurity Risk Management A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsIT GRC A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsInformation Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratings
Security For You
Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsCompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Mike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsWindows Registry Forensics: Advanced Digital Forensic Analysis of the Windows Registry Rating: 4 out of 5 stars4/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsSocial Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5Ultimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Cybersecurity Analyst Certification Passport (Exam CS0-002) Rating: 5 out of 5 stars5/5Codes and Ciphers Rating: 5 out of 5 stars5/5
Reviews for The True Cost of Information Security Breaches and Cyber Crime
0 ratings0 reviews
Book preview
The True Cost of Information Security Breaches and Cyber Crime - Michael Krausz
The True Cost of
Information
Security Breaches
and Cyber Crime
The True Cost of
Information
Security Breaches
and Cyber Crime
MICHAEL KRAUSZ
PROF. JOHN WALKER
Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader's own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:
IT Governance Publishing
IT Governance Limited
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom
www.itgovernance.co.uk
© Prof. John Walker and Michael Krausz 2013
The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.
First published in the United Kingdom in 2013
by IT Governance Publishing.
ISBN 978-1-84928-497-4
FOREWORD
The year is 2013. Not 1988, when viruses were believed to be an April Fool's joke; not 1995, when companies had to be convinced that firewalls might make sense; and not 2004, when IT forensics started to become topical. It is 2013: companies are forced to protect their data and information, and a market has risen from almost nothing over the past 20 years because of regulatory, statutory or contractual requirements. Only the most stubborn would think that information security can still be avoided altogether. This stubbornness is usually punished by media reports of breaches occurring at such organisations within comparatively little time and the ICO¹ following up with a hefty fine.
Serious, not-so-serious and downright disreputable security companies now crowd the security services (and products) market. They cause incessant noise in the ears and brains of CxOs who have to make informed decisions about their organisation’s information security strategy, individual topics or current issues. They claim that 100 percent security exists, that it can be achieved at no cost if you outsource to the right third-world country, that an ISO27001 audit can be done within one week for an entire corporation and that, of course, you must have the latest security technology (‘toys’) in place to be 100 percent secure. The worst thing, however, is that many security providers still – in raising FUD (Fear-Uncertainty-Doubt) – sell services or products based on exaggerations about what a data or information breach can cost a company. A sale is then usually made rather quickly and the company is served – the security service provider that is, not the customer.
This pocket guide, by two seasoned security practitioners, presents a balanced view based on real-life case studies containing as many hard facts as possible. CxOs can then make informed decisions about their organisation’s information security strategy.
1 ICO: Information Commissioner’s Office
PREFACE
This pocket guide serves two purposes:
Presenting a balanced view of the true cost of data and cyber information breaches, through case studies that illustrate real-world examples, along with the associated real-world impact.
Providing guidance on the cost factors of a breach and how to determine figures in a breach situation.
This guide also explains the relationship between information security risk and business risk. While undoubtedly connected, distinct differences mean that not every information security risk becomes a business risk. This distinction can help CFOs, CSOs/CISOs and CEOs make informed decisions about how to treat a breach or on priorities for