Cybersecurity Series
Cyber Security_Blog_with Book

CIR Reference

This is a list of references sighted while writing the Manager's Guide to Cybersecurity Incident Response.  

Any bibliography sighted after 2017 will be highlighted in yellow, as this book is being upgraded in 2023.

Source: Chapter 25 References

Moh Heng Goh

CIR Academic Referencing

A Manager’s Guide to BCM for Cybersecurity Incident Response32 Reference


21st C.S. (2010). Five Critical Business Areas where DR/VFI Delivers Real Value. 21st Century Software. Retrieved from http://www.21stcenturysoftware.com/pdf/5_Critical_Bus_Areas_EB.pdf

A.W. (2015). Armistead Whitney: Cybersecurity Is a Pillar of Your Business Continuity Program. The Preparis Blog, 30. Retrieved from http://www.preparis.com/blog/cybersecurity-is-a-pillar-of-your-business-continuity-program/

Afsar, C. (2017). Kaizen with Six Sigma Ensures Continuous Improvement. iSixSigma. Retrieved from https://www.isixsigma.com/methodology/kaizen/kaizen-six-sigma-ensures-continuous-improvement/

Austin, T. (2014). Cyber security, business continuity go hand in hand. Continuity Centers, (Sep). Retrieved from http://continuitycenters.com/news/cyber-security-business-continuity-go-hand-hand/

Avast. (2017). Creating a Culture of Cybersecurity at Work. Business IT Research, (January). Retrieved from https://blog.avast.com/creating-a-culture-of-cybersecurity-at-work

B.S, T. (2014). Disaster Recovery and Business Continuity: A Quick Guide for Organisations and Business Managers. IT Governance Publishing (3rd ed.). Retrieved from http://library.books24x7.com.libraryproxy.griffith.edu.au/assetviewer.aspx?bookid=62285&chunkid=1&rowid=2

Bassett, G. (2017). Managing risk by understanding attack surfaces. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/73395/managing-risk-by-understanding-attack-surfaces


BCI. (2010). The psychological contract. Continuity - The Magazine of the Business Continuity Institute, Nov/Dec(1). Retrieved from http://www.bcifiles.com/ContinuityNovDec10.pdf

BCM Institute. (2008). BCMpedia. A Wiki Glossary for Business Continuity Management (BCM), Crisis Communication (CC), Crisis Management (CM), Disaster Recovery (DR) and ISO22301 Audit. BCMpedia. Retrieved from http://www.bcmpedia.org/wiki/Business_Continuity_Life_Cycle

Bhunia, P. (2017). Building Next Gen Singapore Armed Forces: Cyber defence , Analytics , Artificial Intelligence and Robotics. Open GOV, (Mar). Retrieved from http://www.opengovasia.com/articles/7393-building-next-gen-singapore-armed-forces-cyber-defence-analytics-artificial-intelligence-and-robotics

Bisk. (2017a). Six Sigma: DMADV Methodology. Villanova University, 1–9. Retrieved from https://www.villanovau.com/resources/six-sigma/six-sigma-methodology-dmadv/#.WHkA_LGcZTZ

Bisk. (2017b). Six Sigma: DMAIC Methodology. Villanova University. Retrieved from http://www.villanovau.com/resources/six-sigma/six-sigma-methodology-dmaic/#.VZCJl_l_Oko

Bobsguide. (2012). COBIT 5: A Framework to Help Corporates Fight Fraud? Bobsguide. Retrieved from http://www.bobsguide.com/guide/news/2012/Nov/20/cobit-5-a-framework-to-help-corporates-fight-fraud/

Brenner, B. (2013). The Security Team’s Role Within An Organization. Akamai InfoSec Blog, (Jul). Retrieved from https://blogs.akamai.com/2013/07/the-security-teams-role-within-an-organization.html

CareersinAudit.com. (2013). Internal vs. External Auditors, What’s the Difference?

CareersinAudit.com, (Sep). Retrieved from http://www.careersinaudit.com/article/internal-vs-external-auditors-what-s-the-difference-/

CCM. (2017). Introduction to IT Security. CCM, (Jun), 1–5. Retrieved from http://ccm.net/contents/635-introduction-to-it-security

Chandana. (2013). Key Roles & Responsibilities of IT Security Professionals. IT Security Management, (June). Retrieved from https://www.simplilearn.com/it-security-professionals-key-roles-responsibilities-article

Chmielecki, T., Chołda, P., Pacyna, P., Potrawka, P., Rapacz, N., Stankiewicz, R., & Wydrych, P. (2014). Enterprise-oriented Cybersecurity Management. AGH University of Science and Technology, 2, 863–870. https://doi.org/10.15439/2014F38

CIIA. (2017). Internal audit’s relationship with external audit. Chartered Institute of Internal Auditors, (July). Retrieved from https://www.iia.org.uk/resources/delivering-internal-audit/position-paper-internal-audits-relationship-with-external-audit/

City of Vancouver. (2016). Cyber Security Audit. Internal Audit Summary Report, (Jul). Retrieved from http://vancouver.ca/files/cov/internal-audit-cyber-security.pdf

Clearwater Compliance. (2017). Harnessing the Power of the NIST Cybersecurity Framework. Clearwater Compliance. Retrieved from https://clearwatercompliance.com/nist-cybersecurity-framework/

CloudBuzz. (2016). The Future of Cybersecurity and Authentication Methods. CloudTweaks, (Sep). Retrieved from https://cloudtweaks.com/2016/09/future-cybersecurity-authentication-methods/

CMI Staff Writer. (2004). Integrated Crisis Management Defined. Crisis Management International, 1–3.

Continuum. (2017). Everything you need to know about Mobile Device Management (MDM). Continuum, 1–8. Retrieved from https://www.continuum.net/resources/mspedia/everything-to-know-about-mobile-device-management-mdm

County of Placer. (2017). Security and Project Management Office. Placer County California. Retrieved from https://www.placer.ca.gov/departments/admin/it/securityproject

Csaplar, D. (2017). The Evolving Challenge of Cybersecurity. Disaster Recovery Journal, (Jan). Retrieved from https://www.drj.com/articles/online-exclusive/the-evolving-challenge-of-cybersecurity.html

CybeRisk. (2016). Hardware Authentication and its Place in Cybersecurity. CybeRisk, (Aug). Retrieved from http://www.cyberisk.biz/hardware-authentication/

Das, R. (2016). The Types of Penetration Testing. InfoSec Institute, (Jun). Retrieved from http://resources.infosecinstitute.com/the-types-of-penetration-testing/#gref

Davidson, S. (2013). Managing the message. European Interagency Security Forum, (Oct). https://doi.org/10.1177/016344391013002010

de Bruijn, H., & Janssen, M. (2017). Building Cybersecurity Awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1–7. https://doi.org/10.1016/j.giq.2017.02.007

Dinkins, M. (2017). Cyber Incident Response Plan. The University of Tennessee Chattanooga, (Feb). Retrieved from https://www.utc.edu/information-technology/security/pdfs/cirp-20170217.pdf

Durbin, K. (2017). Demystifying the NIST Cybersecurity Framework for Healthcare. Symantec. Retrieved from https://www.symantec.com/connect/blogs/demystifying-nist-cybersecurity-framework-healthcare

Dutton, J. (2014). Continual improvement and ISO27001:2013. IT Governance, 1–5. Retrieved from https://www.itgovernanceusa.com/blog/continual-improvement-and-iso270012013/

Dutton, W. (2017). Fostering a cyber security mindset. Internet Policy Review, 6(1). https://doi.org/10.14763/2017.1.443

EBA. (2016). Plan Do Check Act: A Simple 4 Step Problem Solving Methodology. Educational Business Articles, 1–7. Retrieved from http://www.educational-business-articles.com/plan-do-check-act/

Ecfirst. (2016). Getting Started with ISO 27000. https://doi.org/10.1007/978-1-4842-1694-1_3
Edgerton, T. (2016). Verizon Data Breach Scenarios Stress Identity Management with Multi-Factor Authentication. Avatier, (March 2016), 1–9. Retrieved from https://www.avatier.com/blog/verizon-data-breach-scenarios-stress-identity-management-with-multifactor-authentication/

Engel, G. (2014). Deconstructing the Cyber Kill Chain. DARKReading, (Nov). Retrieved from http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542

ENISA. (2005). Steering Committee. European Union Agency for Network and Information Security. Retrieved from https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/bcm-resilience/bcm-framework/assign-bcm-responsibilities/bc-steering-committee

Ernst & Young. (2014). Cyber program management Identifying ways to get ahead of cybercrime. Insights on Governance, Risk and Compliance, (October). Retrieved from http://www.ey.com/Publication/vwLUAssets/EY-cyber-program-management/$FILE/EY-cyber-program-management.pdf

Essaid, R. (2015). 8 steps for dealing with digital extortion. Venturebeat, 1–10. Retrieved from https://venturebeat.com/2015/08/22/8-steps-for-dealing-with-digital-extortion/

F. Mills, R., R. Grimaila, M., L. Peterson, G., & W. Butts, J. (2011). A Scenario-Based Approach to Mitigating the Insider Threat. ISSA Journal, (May). https://doi.org/10.1007/978-1-60761-772-3
Finjan Team. (2016). A Closer Look at COBIT COSO Frameworks. Finjan Blog, (May). Retrieved from https://blog.finjan.com/cobit-coso-frameworks/

Finjan Team. (2017). Blacklisting vs Whitelisting - Understanding the Security Benefits of Each. Finjan Blog, (May). Retrieved from https://blog.finjan.com/blacklisting-vs-whitelisting-understanding-the-security-benefits-of-each/

Florida Tech. (2017). The Importance of Understanding Encryption in Cybersecurity. Florida Tech, 1–5. Retrieved from https://www.floridatechonline.com/blog/information-technology/the-importance-of-understanding-encryption-in-cybersecurity/

Friedman, S. (2017). What’s next for NIST cybersecurity framework? GCN, 4–7. Retrieved from https://gcn.com/articles/2017/05/16/nist-cybersecurity-framework.aspx

Gardner, S. (2013). Integrating Cyber Security and Business Continuity. Avalution Perspective. Retrieved from http://perspectives.avalution.com/2013/integrating-cyber-security-and-business-continuity/

Gibson, D. (2011). Understanding the Three Factors of Authentication. Pearson IT CertificationEducation, (Jun). Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=1718488

TheBCMPlanningSeriesSet_FacebookGoh, M. H. (2006). Testing and Exercising Your Business Continuity Plan. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2008a). Analyzing and Reviewing the Risks for Business Continuity Planning. Business Continuity Management Series (1st ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2008b). Conducting Your Impact Analysis for Business Continuity Planning. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2008c). Managing Your Business Continuity Planning Project. Business Continuity Management Series (3rd ed.). Singapore: GMH Pte Ltd. Retrieved from http://www.bcmpedia.org/wiki/Author_of_BCM_Books

Goh, M. H. (2009). Developing Recovery Strategy for Your Business Continuity Plan. Business Continuity Management Series (1st ed.). Singapore: GMH Pte Ltd. Retrieved from http://www.bcmpedia.org/wiki/Author_of_BCM_Books

Goh, M. H. (2010a). Implementing Your Business Continuity Plan. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2010b). Managing and Sustaining Your Business Continuity Management Program. Business Continuity Management Series (1st ed.). Singapore: GMH Pte Ltd. Retrieved from http://www.bcmpedia.org/wiki/Author_of_BCM_Books

Gov. of Odisha. (2016). Crisis Management Plan for Cyber Security in Odisha. Electronics and Information Technology Department, (Jun). Retrieved from http://appsit.odisha.gov.in/uploadDocuments/FormNotification/CMP-2016_Cyber Security_Odisha.pdf

Graves, A. (2012). Defining Kaizen: The Methodology and Applications. Six Sigma Daily, (Dec). Retrieved from http://www.sixsigmadaily.com/defining-kaizen-the-methodology-and-applications/

Hall, T. (2017). Crisis Management Team Roles and Responsibilities. Tucker Hall. Retrieved from http://www.tuckerhall.com/resources/crisis-management-team-roles-responsibilities/

Hawthorn, N. (2016). The First 48 Hours: How to Respond to a Data Breach. Infosecurity Group, (Jun), 6–8. Retrieved from https://www.infosecurity-magazine.com/opinions/the-first-48-hours-respond-data/

Higgins, S. (2009). Information Security Management: The ISO 27000 (ISO 27K) Series. Aberystwyth University, 27000, 27000–27003. Retrieved from http://www.dcc.ac.uk/resources/briefing-papers/standards-watch-papers/information-security-management-iso-27000-iso-27k-s

HM Government. (2014). Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks. Cyber Essentials Scheme, 5(1), 1–4. https://doi.org/10.1109/INDIN.2013.6622963

HSF. (2016). Cyber security and digital crisis management. Herbert Smith Freehills.
HSNW. (2017). Homeland Security News Wire: Bug-bounty program to strengthen DHS cyber defenses More. Cybersecurity, (Jun). Retrieved from http://www.homelandsecuritynewswire.com/dr20170601-bugbounty-program-to-strengthen-dhs-cyber-defenses

Huff, A. (2017). Building Your Team For Crisis Communications. Disaster Recovery Guide, 2–3. Retrieved from http://www.disaster-resource.com/index.php?option=com_content&view=article&id=320%3Abuilding-your-team-for-crisis-communications-&Itemid=15

Hunt, D. (2015). Building a Modern Cyber Security Team: 7 Key Roles & Responsibilities. Illusive Networks, (Dec), 1–9. Retrieved from https://blog.illusivenetworks.com/modern-cyber-security-team

IAAPA. (2016). Cybersecurity Management Guidelines Ver 1.1. Independent Administrative Agency Information-Technology Promotion Agency. Retrieved from http://www.meti.go.jp/policy/netsecurity/downloadfiles/CSM_Guidelines_v1.1_en.pdf

IAPP. (2004). An Introduction to the ISO Security Standards. International Association of Privacy Professionals, (c). Retrieved from https://iapp.org/media/presentations/14Symposium/CS14_Introduction to ISO.pdf

IDG Editors. (2017). Who’s responsible for cloud security? | Tech Talk Ep 1. Idg TV, 1–3. Retrieved from http://www.idg.tv/video/79936/whos-responsible-for-cloud-security-tech-talk-ep-1

IITR. (2013). Citizens’ Appeal: Ensuring Expeditious and Timely Justice to all. Indian Institue of Technology Ropar, (Sep). Retrieved from https://www.slideshare.net/Indian-CAG/pratibimb-25911569

IPPF. (2016). Assessing Cybersecurity Risk: Roles of the Three Lines of Defense. Global Technology Audit Guide, (Sep). Retrieved from https://www.iia.org.uk/media/1592032/gtag-assessing-cybersecurity-risk.pdf

ISACA. (2013). COBIT: A Business Framework for the Governance and Management of Enterprise IT. COBIT. Retrieved from http://www.oo2.fr/sites/default/files/document/pdf/cobit-5_res_eng_1012.pdf

ISO/IEC 27035. (2016). Overview ISO/IEC 27035-2:2016 Information technology -- Security techniques -- Information security incident management -- Part 2: Guidelines to plan and prepare for incident response. International Organization for Standardization. Retrieved from https://www.iso.org/standard/62071.html

ISO/IEC 27040. (2015). ISO/IEC 27040:2015 Information Technology - Security Techniques - Storage Security. International Organization for Standardization. Retrieved from https://www.iso.org/standard/44404.html

ISO 22301. (2012). ISO 22301:2012 Societal Security – Business Continuity Management Systems – Requirements. International Organization for Standardization (1st ed.). Switzerland: International Organization for Standardization. Retrieved from https://www.iso.org/standard/50038.html

ISO 27001. (2013). ISO/IEC 27001 Information Technology - Security Techniques - Information Security Management Systems - Requirements. International Organization for Standardization, 2013. Retrieved from https://www.iso.org/standard/54534.html

ISO 27002. (2013). ISO/IEC 27002 Information technology — Security techniques — Code of practice for information security controls. International Organization for Standardization, 2013. Retrieved from https://www.iso.org/standard/54533.html

ISO 27004. (2009). ISO/IEC 27004 Information Technology - Security Techniques - Information Security Management - Measurement. International Organization for Standardization. Retrieved from https://www.iso.org/standard/42106.html

ISO 27031. (2011). ISO/IEC FDIS 27031 - Information Technology - Security Techniques - Guidelines for Information and Communication Technology Readiness for Business Continuity. International Organization for Standardization. Retrieved from https://www.iso.org/standard/44374.html

ISO 27032. (2012). ISO/IEC FDIS 27032:2012 Information technology - Security techniques - Guidelines for cybersecurity. International Organization for Standardization, (50). Retrieved from https://www.iso.org/standard/44375.html

ISO 27033. (2009). ISO/IEC 27033-1:2009 Information Technology - Security Techniques - Network Security - Part 1: Overview and Concepts. International Organization for Standardization. Retrieved from https://www.iso.org/standard/51580.html

IT Governance. (2012). ISO27032 Guidelines for Cybersecurity. Cyber Security Standards, 27032(Iso 27032), 5–6. Retrieved from https://www.itgovernance.co.uk/shop/product/iso27032-iso-27032-guidelines-for-cybersecurity

IT Governance. (2016). ISO27035 Information Security Incident Management. BSI, (Nov). Retrieved from https://www.itgovernance.co.uk/shop/product/iso27035-iso-27035-information-security-incident-management

Jody, B. (2013). Continuous Improvement is Key to Network Security Management. Firemon, (Nov). Retrieved from https://www.firemon.com/continuous-improvement-key-network-security-management/

KCG. (2017). Six Sigma Methodology. Kaizen Consulting Group. Retrieved from https://www.kcg.com.sg/six-sigma-methodology/

Kick, J. (2014). Cyber Exercise Playbook. Cyber Exercise Playbook, 7013(November), 1–40. Retrieved from https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf

Kirvan, P. (2014). Integrate cybersecurity practices into a business continuity program. SearchDisasterRecovery, (Jun), 5. Retrieved from http://searchdisasterrecovery.techtarget.com/tip/Integrate-cybersecurity-practices-into-a-business-continuity-program

Kosutic, D. (2015). Understanding IT disaster recovery according to ISO 27031. 27001 Academy. Retrieved from https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/

Kulikova, O., Heil, R., & Berg, J. van den. (2012). Cyber Crisis Management: A Decision-Support Framework for Disclosing Security Incident Information. University of Twente, (Jul). Retrieved from https://research.utwente.nl/en/publications/cyber-crisis-management-a-decision-support-framework-for-disclosi

Lackey, Z. (2017). How DevOps and cloud will speed up security More Security Popular. Idg TV, 1–3. Retrieved from http://www.idg.tv/video/80056/how-devops-and-cloud-will-speed-up-security

Lavallee, G. (2017). How to Use a Password Manager. The Slate Group, (Feb). Retrieved from http://www.slate.com/articles/technology/future_tense/2017/02/how_to_set_up_a_password_manager.html

Leal, R. (2017). Qualitative vs. Quantitative Risk Assessment in Information Security: Differences and Similarities. The ISO 27001 & ISO 22301 Blog, (Mar). Retrieved from https://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/

Lennon, E., Wilson, M., Korchak, R., Swanson, M., Wohl, A., Pope, L., … Bement, A. (2002). Contingency Planning Guide for Information Technology Systems. NIST Special Publication 800-34, (Jun). Retrieved from https://www.fismacenter.com/sp800-34.pdf

Limited, P. R. G. (2014). ISO/IEC 27002:2013 Plain English Objectives. Praxiom Research Group Limited, (April). Retrieved from http://www.praxiom.com/iso-27002-objectives.htm

Lockheed Martin. (2017). Cyber Kill Chain. Lockheed Martin. Retrieved from http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html

M.Brophy. (2015). IT Incident Response Plan. Creative Commons. Retrieved from http://www.iltanet.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=966e76a0-5664-43b6-9f3e-fa0540055508&forceDialog=1

Manuel, J. (2017a). Cybersecurity Framework: Detect Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-detect-function

Manuel, J. (2017b). Cybersecurity Framework: Identify Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-identify-function

Manuel, J. (2017c). Cybersecurity Framework: Protect Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-protect-function

Manuel, J. (2017d). Cybersecurity Framework: Recover Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-recover-function

Manuel, J. (2017e). Cybersecurity Framework: Respond Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-respond-function

Marcell Gogan. (2016). How To Minimize Insider Threats In Cyber Security. isBuzznews, 0. Retrieved from http://www.informationsecuritybuzz.com/articles/minimize-insider-threats-cyber-security/

McLaughlin, T. (2017a). How to Implement a Security Awareness Program at Your Organization. Threat Stack Blog and Cloud Security News, (Mar). Retrieved from https://blog.threatstack.com/how-to-implement-a-security-awareness-program-at-your-organization

McLaughlin, T. (2017b). The Three Pillars of Continuous Security Improvement. Threat Stack Blog and Cloud Security News, (Mar). Retrieved from https://blog.threatstack.com/the-three-pillars-of-continuous-security-improvement

Miessler, D. (2017). The Difference Between Red, Blue and Purple Teams. Daniel Miessler, 1–10. Retrieved from https://danielmiessler.com/study/red-blue-purple-teams/#gs.X9fDEcM

Moraes, M. (2017). Simplifying 3 Trends That Are Changing the IT Landscape. Continuum, (Apr), 1–5. Retrieved from https://blog.continuum.net/simplifying-3-trends-that-are-changing-the-it-landscape

Murray, R. (2017). How to Educate your Employees about Cybersecurity. Technical Support International, (May), 1–2. Retrieved from http://tsisupport.com/educate-employees-cybersecurity/

Musthaler, L. (2008). 13 best practices for preventing and detecting insider threats. Network Security, (Jun). Retrieved from http://www.networkworld.com/article/2280365/lan-wan/13-best-practices-for-preventing-and-detecting-insider-threats.html

Nather, W. (2017). Stop blaming users for security misses. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/80055/stop-blaming-users-for-security-misses

NCI. (2015). Encryption : The Backbone of Cybersecurity Strategies. National Cybersecurity Institute, (Dec), 2–3. Retrieved from http://www.nationalcybersecurityinstitute.org/general-public-interests/encryption-the-backbone-of-cybersecurity-strategies/

NIST. (2017). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology. https://doi.org/10.1109/JPROC.2011.2165269

NoticeBored. (2010). ISO/IEC 27033: 2010 - Information technology - Security techniques - Network security. ISO 27001 Security. Retrieved from http://www.iso27001security.com/html/27033.html

NoticeBored. (2011). ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communications technology readiness for business continuity. ISO 27001 Security. Retrieved from http://www.iso27001security.com/html/27031.html

NoticeBored. (2013). ISO/IEC 27001:2013 Information technology — Information Security Management Systems (ISMS). ISO 27001 Security, 27000–27002. Retrieved from http://www.iso27001security.com/html/27001.html

NoticeBored. (2015). ISO/IEC 27040:2015 - Information technology - Security tecniques - Storage security. ISO 27001 Security. Retrieved from http://www.iso27001security.com/html/27040.html

Ogden, J. von. (2014). CSO vs. CISO. CIMCOR, (Sep). Retrieved from https://www.cimcor.com/blog/cso-vs-ciso

Olsen, B. (2014). The Role of Project and Program Management in Cyber Security. LinkediIn, (Sep). Retrieved from https://www.linkedin.com/pulse/20140924122921-6445912-the-role-of-project-and-program-management-in-cyber-security

PECB. (2016a). Guidelines to Cyber Security with ISO 27032. Information Security Management, 2015–2017. Retrieved from https://pecb.com/article/guidelines-to-cyber-security-with-iso-27032

PECB. (2016b). How to integrate ISO / IEC 27032 Cybersecurity on ISMS. IT Security, (September 2016), 3–6. Retrieved from https://pecb.com/article/how-to-integrate-isoiec-27032-cybersecurity-on-isms

PECB. (2016c). PECB Insights: Risk Resilience. PECB Insights, (1). Retrieved from https://pecb.com/pdf/magazine/PECB-Insights_Issue-01_April-2016.pdf

Pundmann, S., & Juergens, M. (2015). Cybersecurity The role of Internal Audit. Deloitte. Retrieved from https://www2.deloitte.com/us/en/pages/risk/articles/cybersecurity-internal-audit-role.html

PwC. (2011). The Cyber Savvy CEO: Getting to grips with today’s growing cyber-threats. Delusions of Safety? Retrieved from http://www.pwc.com/sg/en/tice/assets/ticenews201112/delusions-of-safety-cyber-savvy-ceo.pdf

Rainey, K. (2017). Are You Using Tabletop Simulations to Improve Your Information Security Program? Redcanary, (May). Retrieved from https://www.redcanary.com/blog/using-tabletop-simulations-to-improve-information-security/

Raja, S. (2017). Security Sessions: Realistic ways to lock down IoT. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/75499/security-sessions-realistic-ways-to-lock-down-iot
Rajani, N. (2017). Applying Lean Methodology for Cyber Security Management. LinkedIn, (Mar). Retrieved from https://www.linkedin.com/pulse/applying-lean-methodology-cyber-security-management-naushad-rajani

Ramanathan, P. (2010). Business Continuity Management Awareness Presentation for MAMPU. LinkediIn Slideshare, (Apr). Retrieved from https://www.slideshare.net/Nostrad/business-continuity-management-awareness-presentation-for-mampu

Redscan. (2017). What is a Penetration Test? Redscan Blog, (Mar). Retrieved from https://www.redscan.com/news/what-is-a-penetration-test/

Rehmen, R. (2016). Core CISO Org Structure. Identity Driven Enterprise (Security) Architecture, (May). Retrieved from http://identity-centric-architecture.blogspot.sg/2016/05/core-ciso-org-structure-to-threat.html

Resilia. (2016). Are your people playing an effective role in your cyber resilience? Axelos, 1–7. Retrieved from https://www.axelos.com/Corporate/media/Files/cyber-awareness.pdf

Richter, L. (2014). What is a Project Charter? Bright Hub Project Management, (Oct), 1–7. Retrieved from http://www.brighthubpm.com/project-planning/5161-what-is-a-project-charter/

Rick, H. (2017). Cybersecurity and the Cloud in 2017. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/74215/cybersecurity-and-the-cloud-in-2017

Rodriguez, N. (2017). 5 Steps GCs Should Take To Increase Cybersecurity Defenses. Law360, 1–6. Retrieved from https://www.law360.com/articles/783391/5-steps-gcs-should-take-to-increase-cybersecurity-defenses

Roos, D. (2014). How Crisis Communication Plans Work. How Stuff Works, 1–2. Retrieved from http://money.howstuffworks.com/business-communications/how-crisis-communication-plans-work.htm%5Cnhttp://money.howstuffworks.com/business-communications/how-crisis-communication-plans-work1.htm

Rouse, M., & Teravainen, T. (2016). Information Security (InfoSec). TechTarget, 1–7. Retrieved from http://searchsecurity.techtarget.com/definition/information-security-infosec

SANS Institute. (2013). Security Best Practices for IT Project Managers. SANS Institute InfoSec Reading Room, (Jun). Retrieved from https://www.sans.org/reading-room/whitepapers/bestprac/security-practices-project-managers-34257

Saunois, L. (2016). Black box, grey box, white box testing: what differences? NBS System, (May). Retrieved from https://www.nbs-system.com/en/blog/black-box-grey-box-white-box-testing-what-differences/

Segovia, A. (2015). ISO 27001 vs. ISO 27032 cybersecurity standard. Advisera, 1–19. Retrieved from https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/

Sekuriti, S. (2016). Guidelines on Management of Cyber Risk. Securities Commission, (Oct). Retrieved from https://www.sc.com.my/wp-content/uploads/eng/html/cyber/31102016_Guidelines_Cyber_Security.pdf

Shortridge, K. (2017). Bringing behavioral game theory to security defenses. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/80116/bringing-behavioral-game-theory-to-security-defenses

Siwicki, B. (2017). Bug bounties: Crowdsourcing hackers to strengthen cybersecurity. Healthcare IT News, (Aug). Retrieved from http://www.healthcareitnews.com/news/bug-bounties-crowdsourcing-hackers-strengthen-cybersecurity

Spiro, S. (2017). 2017 Cybersecurity Trends and How MSPs Can Capitalize. Continuum, 1–6. Retrieved from https://blog.continuum.net/2017-cybersecurity-trends-and-how-msps-can-capitalize

State Office of Cyber Security. (2016). Incident Response Planning The 15 Minute Workgroup Tabletop Exercise. Security Operations, (Feb). Retrieved from http://soc.wa.gov/sites/default/files/documents/2016-02 -Tabletop Exercise.pdf

Stern, M. (2013). What Does Your Cybersecurity “A Team” Look Like? Security Week, (Mar), 1–7. Retrieved from http://www.securityweek.com/what-does-your-cybersecurity-team-look

Stevens Institute of Technology. (2017). Change Management. Stevens Institute of Technology, 7–8. Retrieved from https://www.stevens.edu/directory/information-technology/cyber-security-and-information-security/change-management

Target Postgrad. (2014). IT job roles and responsibilities explained. Target Postgrad, 1–3. Retrieved from https://targetpostgrad.com/subjects/computer-science-and-it/it-job-roles-and-responsibilities-explained

Toivonen, E. (2015). Top-6 Critical Security Issues for a PMO. Thinking Portfolio, (March). Retrieved from https://www.thinkingportfolio.com/top-6-critical-security-issues-for-a-pmo/

Tripwire. (2014). Striking Similarities Between a WoW Raid Team and an Infosec Team. The State of Security, (May). Retrieved from https://www.tripwire.com/state-of-security/security-awareness/striking-similarities-between-a-wow-raid-team-and-an-infosec-team/

US-CERT. (2017). Avoiding Social Engineering and Phishing Attacks. Department of Homeland Security, (Jan), 1–2. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-014

V. Mack, O., & Bloom, K. (2017). The Cybersecurity Dream Team: How to Approach Internal Auditing. Lexology, (Jan). Retrieved from http://www.lexology.com/library/detail.aspx?g=5ffb7b3d-0d81-49fc-b6b0-95436461a7d5

Veltsos, C. (2017). Building a Cybersecurity Culture Around Layer 8. SecurityIntelligence, (Mar). Retrieved from https://securityintelligence.com/building-a-cybersecurity-culture-around-layer-8/

Verizon. (2016). Data Breach Digest. Verizon Business Journal, 6(2). Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf
Verizon. (2017a). Data Breach Digest. Verizon Business Journal. Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-perspective-is-reality_xg_en.pdf

Verizon. (2017b). The Insider Threat : Protecting the Keys to the Kingdom Insider threat scenarios. Data Breach Digest, 1–12. Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-insider-threat_xg_en.pdf

Vigliarolo, B. (2017). NIST Cybersecurity Framework: The smart person’s guide. TechRepublic. Retrieved from http://www.techrepublic.com/article/nist-cybersecurity-framework-the-smart-persons-guide/

Weedin, D. (2017). Responsibilities of Crisis Management Team Members. Chron, 1–2. Retrieved from http://smallbusiness.chron.com/responsibilities-crisis-management-team-members-70910.html

Weinstein, J., & Vasovski, S. (2004). The PDCA Continuous Improvement Cycle. MIT, (Summer). Retrieved from https://ocw.mit.edu/courses/engineering-systems-division/esd-60-lean-six-sigma-processes-summer-2004/lecture-notes/6_3_pdca.pdf

Zanderigo, M. (2017). 10 Best Practices for Cyber Security in 2017. Observeit, 1–5. Retrieved from https://www.observeit.com/blog/10-best-practices-cyber-security-2017/

Zimmer, J. (2017). PR Crisis Communications : Can You Put Yourself in United Airlines’ Shoes? Demand Metric Blog. Retrieved from https://blog.demandmetric.com/2017/04/26/pr-crisis-communications-can-you-put-yourself-united-airlines’-shoes

Zimmerman, J. (2015). Readiness Best Practices : Assembling Your Business Continuity Team. Mission Mode, (Jan). Retrieved from http://www.missionmode.com/readiness-best-practices-assembling-business-continuity-team/


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 32 Reference

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

 

Comments:

 

More Posts

New Call-to-action