CIR Reference

CIR Academic Referencing

32 Reference

21st C.S. (2010). Five Critical Business Areas where DR/VFI Delivers Real Value. 21st Century Software. Retrieved from http://www.21stcenturysoftware.com/pdf/5_Critical_Bus_Areas_EB.pdf

A.W. (2015). Armistead Whitney: Cybersecurity Is a Pillar of Your Business Continuity Program. The Preparis Blog, 30. Retrieved from http://www.preparis.com/blog/cybersecurity-is-a-pillar-of-your-business-continuity-program/

Afsar, C. (2017). Kaizen with Six Sigma Ensures Continuous Improvement. iSixSigma. Retrieved from https://www.isixsigma.com/methodology/kaizen/kaizen-six-sigma-ensures-continuous-improvement/

Austin, T. (2014). Cyber security, business continuity go hand in hand. Continuity Centers, (Sep). Retrieved from http://continuitycenters.com/news/cyber-security-business-continuity-go-hand-hand/

Avast. (2017). Creating a Culture of Cybersecurity at Work. Business IT Research, (January). Retrieved from https://blog.avast.com/creating-a-culture-of-cybersecurity-at-work

B.S, T. (2014). Disaster Recovery and Business Continuity: A Quick Guide for Organisations and Business Managers. IT Governance Publishing (3rd ed.). Retrieved from http://library.books24x7.com.libraryproxy.griffith.edu.au/assetviewer.aspx?bookid=62285&chunkid=1&rowid=2

Bassett, G. (2017). Managing risk by understanding attack surfaces. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/73395/managing-risk-by-understanding-attack-surfaces

BCI. (2010). The psychological contract. Continuity - The Magazine of the Business Continuity Institute, Nov/Dec(1). Retrieved from http://www.bcifiles.com/ContinuityNovDec10.pdf

BCM Institute. (2008). BCMpedia. A Wiki Glossary for Business Continuity Management (BCM), Crisis Communication (CC), Crisis Management (CM), Disaster Recovery (DR) and ISO22301 Audit. BCMpedia. Retrieved from http://www.bcmpedia.org/wiki/Business_Continuity_Life_Cycle

Bhunia, P. (2017). Building Next Gen Singapore Armed Forces: Cyber defence , Analytics , Artificial Intelligence and Robotics. Open GOV, (Mar). Retrieved from http://www.opengovasia.com/articles/7393-building-next-gen-singapore-armed-forces-cyber-defence-analytics-artificial-intelligence-and-robotics

Bisk. (2017a). Six Sigma: DMADV Methodology. Villanova University, 1–9. Retrieved from https://www.villanovau.com/resources/six-sigma/six-sigma-methodology-dmadv/#.WHkA_LGcZTZ

Bisk. (2017b). Six Sigma: DMAIC Methodology. Villanova University. Retrieved from http://www.villanovau.com/resources/six-sigma/six-sigma-methodology-dmaic/#.VZCJl_l_Oko

Bobsguide. (2012). COBIT 5: A Framework to Help Corporates Fight Fraud? Bobsguide. Retrieved from http://www.bobsguide.com/guide/news/2012/Nov/20/cobit-5-a-framework-to-help-corporates-fight-fraud/

Brenner, B. (2013). The Security Team’s Role Within An Organization. Akamai InfoSec Blog, (Jul). Retrieved from https://blogs.akamai.com/2013/07/the-security-teams-role-within-an-organization.html

CareersinAudit.com. (2013). Internal vs. External Auditors, What’s the Difference?

CareersinAudit.com, (Sep). Retrieved from http://www.careersinaudit.com/article/internal-vs-external-auditors-what-s-the-difference-/

CCM. (2017). Introduction to IT Security. CCM, (Jun), 1–5. Retrieved from http://ccm.net/contents/635-introduction-to-it-security

Chandana. (2013). Key Roles & Responsibilities of IT Security Professionals. IT Security Management, (June). Retrieved from https://www.simplilearn.com/it-security-professionals-key-roles-responsibilities-article

Chmielecki, T., Chołda, P., Pacyna, P., Potrawka, P., Rapacz, N., Stankiewicz, R., & Wydrych, P. (2014). Enterprise-oriented Cybersecurity Management. AGH University of Science and Technology, 2, 863–870. https://doi.org/10.15439/2014F38

CIIA. (2017). Internal audit’s relationship with external audit. Chartered Institute of Internal Auditors, (July). Retrieved from https://www.iia.org.uk/resources/delivering-internal-audit/position-paper-internal-audits-relationship-with-external-audit/

City of Vancouver. (2016). Cyber Security Audit. Internal Audit Summary Report, (Jul). Retrieved from http://vancouver.ca/files/cov/internal-audit-cyber-security.pdf

Clearwater Compliance. (2017). Harnessing the Power of the NIST Cybersecurity Framework. Clearwater Compliance. Retrieved from https://clearwatercompliance.com/nist-cybersecurity-framework/

CloudBuzz. (2016). The Future of Cybersecurity and Authentication Methods. CloudTweaks, (Sep). Retrieved from https://cloudtweaks.com/2016/09/future-cybersecurity-authentication-methods/

CMI Staff Writer. (2004). Integrated Crisis Management Defined. Crisis Management International, 1–3.

Continuum. (2017). Everything you need to know about Mobile Device Management (MDM). Continuum, 1–8. Retrieved from https://www.continuum.net/resources/mspedia/everything-to-know-about-mobile-device-management-mdm

County of Placer. (2017). Security and Project Management Office. Placer County California. Retrieved from https://www.placer.ca.gov/departments/admin/it/securityproject

Csaplar, D. (2017). The Evolving Challenge of Cybersecurity. Disaster Recovery Journal, (Jan). Retrieved from https://www.drj.com/articles/online-exclusive/the-evolving-challenge-of-cybersecurity.html

CybeRisk. (2016). Hardware Authentication and its Place in Cybersecurity. CybeRisk, (Aug). Retrieved from http://www.cyberisk.biz/hardware-authentication/

Das, R. (2016). The Types of Penetration Testing. InfoSec Institute, (Jun). Retrieved from http://resources.infosecinstitute.com/the-types-of-penetration-testing/#gref

Davidson, S. (2013). Managing the message. European Interagency Security Forum, (Oct). https://doi.org/10.1177/016344391013002010

de Bruijn, H., & Janssen, M. (2017). Building Cybersecurity Awareness: The need for evidence-based framing strategies. Government Information Quarterly, 34(1), 1–7. https://doi.org/10.1016/j.giq.2017.02.007

Dinkins, M. (2017). Cyber Incident Response Plan. The University of Tennessee Chattanooga, (Feb). Retrieved from https://www.utc.edu/information-technology/security/pdfs/cirp-20170217.pdf

Durbin, K. (2017). Demystifying the NIST Cybersecurity Framework for Healthcare. Symantec. Retrieved from https://www.symantec.com/connect/blogs/demystifying-nist-cybersecurity-framework-healthcare

Dutton, J. (2014). Continual improvement and ISO27001:2013. IT Governance, 1–5. Retrieved from https://www.itgovernanceusa.com/blog/continual-improvement-and-iso270012013/

Dutton, W. (2017). Fostering a cyber security mindset. Internet Policy Review, 6(1). https://doi.org/10.14763/2017.1.443

EBA. (2016). Plan Do Check Act: A Simple 4 Step Problem Solving Methodology. Educational Business Articles, 1–7. Retrieved from http://www.educational-business-articles.com/plan-do-check-act/

Ecfirst. (2016). Getting Started with ISO 27000. https://doi.org/10.1007/978-1-4842-1694-1_3
Edgerton, T. (2016). Verizon Data Breach Scenarios Stress Identity Management with Multi-Factor Authentication. Avatier, (March 2016), 1–9. Retrieved from https://www.avatier.com/blog/verizon-data-breach-scenarios-stress-identity-management-with-multifactor-authentication/

Engel, G. (2014). Deconstructing the Cyber Kill Chain. DARKReading, (Nov). Retrieved from http://www.darkreading.com/attacks-breaches/deconstructing-the-cyber-kill-chain/a/d-id/1317542

ENISA. (2005). Steering Committee. European Union Agency for Network and Information Security. Retrieved from https://www.enisa.europa.eu/topics/threat-risk-management/risk-management/current-risk/bcm-resilience/bcm-framework/assign-bcm-responsibilities/bc-steering-committee

Ernst & Young. (2014). Cyber program management Identifying ways to get ahead of cybercrime. Insights on Governance, Risk and Compliance, (October). Retrieved from http://www.ey.com/Publication/vwLUAssets/EY-cyber-program-management/$FILE/EY-cyber-program-management.pdf

Essaid, R. (2015). 8 steps for dealing with digital extortion. Venturebeat, 1–10. Retrieved from https://venturebeat.com/2015/08/22/8-steps-for-dealing-with-digital-extortion/

F. Mills, R., R. Grimaila, M., L. Peterson, G., & W. Butts, J. (2011). A Scenario-Based Approach to Mitigating the Insider Threat. ISSA Journal, (May). https://doi.org/10.1007/978-1-60761-772-3
Finjan Team. (2016). A Closer Look at COBIT COSO Frameworks. Finjan Blog, (May). Retrieved from https://blog.finjan.com/cobit-coso-frameworks/

Finjan Team. (2017). Blacklisting vs Whitelisting - Understanding the Security Benefits of Each. Finjan Blog, (May). Retrieved from https://blog.finjan.com/blacklisting-vs-whitelisting-understanding-the-security-benefits-of-each/

Florida Tech. (2017). The Importance of Understanding Encryption in Cybersecurity. Florida Tech, 1–5. Retrieved from https://www.floridatechonline.com/blog/information-technology/the-importance-of-understanding-encryption-in-cybersecurity/

Friedman, S. (2017). What’s next for NIST cybersecurity framework? GCN, 4–7. Retrieved from https://gcn.com/articles/2017/05/16/nist-cybersecurity-framework.aspx

Gardner, S. (2013). Integrating Cyber Security and Business Continuity. Avalution Perspective. Retrieved from http://perspectives.avalution.com/2013/integrating-cyber-security-and-business-continuity/

Gibson, D. (2011). Understanding the Three Factors of Authentication. Pearson IT CertificationEducation, (Jun). Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=1718488

Goh, M. H. (2006). Testing and Exercising Your Business Continuity Plan. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2008a). Analyzing and Reviewing the Risks for Business Continuity Planning. Business Continuity Management Series (1st ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2008b). Conducting Your Impact Analysis for Business Continuity Planning. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2008c). Managing Your Business Continuity Planning Project. Business Continuity Management Series (3rd ed.). Singapore: GMH Pte Ltd. Retrieved from http://www.bcmpedia.org/wiki/Author_of_BCM_Books

Goh, M. H. (2009). Developing Recovery Strategy for Your Business Continuity Plan. Business Continuity Management Series (1st ed.). Singapore: GMH Pte Ltd. Retrieved from http://www.bcmpedia.org/wiki/Author_of_BCM_Books

Goh, M. H. (2010a). Implementing Your Business Continuity Plan. Business Continuity Management Series (2nd ed.). Singapore: GMH Pte Ltd.

Goh, M. H. (2010b). Managing and Sustaining Your Business Continuity Management Program. Business Continuity Management Series (1st ed.). Singapore: GMH Pte Ltd. Retrieved from http://www.bcmpedia.org/wiki/Author_of_BCM_Books

Gov. of Odisha. (2016). Crisis Management Plan for Cyber Security in Odisha. Electronics and Information Technology Department, (Jun). Retrieved from http://appsit.odisha.gov.in/uploadDocuments/FormNotification/CMP-2016_Cyber Security_Odisha.pdf

Graves, A. (2012). Defining Kaizen: The Methodology and Applications. Six Sigma Daily, (Dec). Retrieved from http://www.sixsigmadaily.com/defining-kaizen-the-methodology-and-applications/

Hall, T. (2017). Crisis Management Team Roles and Responsibilities. Tucker Hall. Retrieved from http://www.tuckerhall.com/resources/crisis-management-team-roles-responsibilities/

Hawthorn, N. (2016). The First 48 Hours: How to Respond to a Data Breach. Infosecurity Group, (Jun), 6–8. Retrieved from https://www.infosecurity-magazine.com/opinions/the-first-48-hours-respond-data/

Higgins, S. (2009). Information Security Management: The ISO 27000 (ISO 27K) Series. Aberystwyth University, 27000, 27000–27003. Retrieved from http://www.dcc.ac.uk/resources/briefing-papers/standards-watch-papers/information-security-management-iso-27000-iso-27k-s

HM Government. (2014). Cyber Essentials Scheme: Requirements for basic technical protection from cyber attacks. Cyber Essentials Scheme, 5(1), 1–4. https://doi.org/10.1109/INDIN.2013.6622963

HSF. (2016). Cyber security and digital crisis management. Herbert Smith Freehills.
HSNW. (2017). Homeland Security News Wire: Bug-bounty program to strengthen DHS cyber defenses More. Cybersecurity, (Jun). Retrieved from http://www.homelandsecuritynewswire.com/dr20170601-bugbounty-program-to-strengthen-dhs-cyber-defenses

Huff, A. (2017). Building Your Team For Crisis Communications. Disaster Recovery Guide, 2–3. Retrieved from http://www.disaster-resource.com/index.php?option=com_content&view=article&id=320%3Abuilding-your-team-for-crisis-communications-&Itemid=15

Hunt, D. (2015). Building a Modern Cyber Security Team: 7 Key Roles & Responsibilities. Illusive Networks, (Dec), 1–9. Retrieved from https://blog.illusivenetworks.com/modern-cyber-security-team

IAAPA. (2016). Cybersecurity Management Guidelines Ver 1.1. Independent Administrative Agency Information-Technology Promotion Agency. Retrieved from http://www.meti.go.jp/policy/netsecurity/downloadfiles/CSM_Guidelines_v1.1_en.pdf

IAPP. (2004). An Introduction to the ISO Security Standards. International Association of Privacy Professionals, (c). Retrieved from https://iapp.org/media/presentations/14Symposium/CS14_Introduction to ISO.pdf

IDG Editors. (2017). Who’s responsible for cloud security? | Tech Talk Ep 1. Idg TV, 1–3. Retrieved from http://www.idg.tv/video/79936/whos-responsible-for-cloud-security-tech-talk-ep-1

IITR. (2013). Citizens’ Appeal: Ensuring Expeditious and Timely Justice to all. Indian Institue of Technology Ropar, (Sep). Retrieved from https://www.slideshare.net/Indian-CAG/pratibimb-25911569

IPPF. (2016). Assessing Cybersecurity Risk: Roles of the Three Lines of Defense. Global Technology Audit Guide, (Sep). Retrieved from https://www.iia.org.uk/media/1592032/gtag-assessing-cybersecurity-risk.pdf

ISACA. (2013). COBIT: A Business Framework for the Governance and Management of Enterprise IT. COBIT. Retrieved from http://www.oo2.fr/sites/default/files/document/pdf/cobit-5_res_eng_1012.pdf

ISO/IEC 27035. (2016). Overview ISO/IEC 27035-2:2016 Information technology -- Security techniques -- Information security incident management -- Part 2: Guidelines to plan and prepare for incident response. International Organization for Standardization. Retrieved from https://www.iso.org/standard/62071.html

ISO/IEC 27040. (2015). ISO/IEC 27040:2015 Information Technology - Security Techniques - Storage Security. International Organization for Standardization. Retrieved from https://www.iso.org/standard/44404.html

ISO 22301. (2012). ISO 22301:2012 Societal Security – Business Continuity Management Systems – Requirements. International Organization for Standardization (1st ed.). Switzerland: International Organization for Standardization. Retrieved from https://www.iso.org/standard/50038.html

ISO 27001. (2013). ISO/IEC 27001 Information Technology - Security Techniques - Information Security Management Systems - Requirements. International Organization for Standardization, 2013. Retrieved from https://www.iso.org/standard/54534.html

ISO 27002. (2013). ISO/IEC 27002 Information technology — Security techniques — Code of practice for information security controls. International Organization for Standardization, 2013. Retrieved from https://www.iso.org/standard/54533.html

ISO 27004. (2009). ISO/IEC 27004 Information Technology - Security Techniques - Information Security Management - Measurement. International Organization for Standardization. Retrieved from https://www.iso.org/standard/42106.html

ISO 27031. (2011). ISO/IEC FDIS 27031 - Information Technology - Security Techniques - Guidelines for Information and Communication Technology Readiness for Business Continuity. International Organization for Standardization. Retrieved from https://www.iso.org/standard/44374.html

ISO 27032. (2012). ISO/IEC FDIS 27032:2012 Information technology - Security techniques - Guidelines for cybersecurity. International Organization for Standardization, (50). Retrieved from https://www.iso.org/standard/44375.html

ISO 27033. (2009). ISO/IEC 27033-1:2009 Information Technology - Security Techniques - Network Security - Part 1: Overview and Concepts. International Organization for Standardization. Retrieved from https://www.iso.org/standard/51580.html

IT Governance. (2012). ISO27032 Guidelines for Cybersecurity. Cyber Security Standards, 27032(Iso 27032), 5–6. Retrieved from https://www.itgovernance.co.uk/shop/product/iso27032-iso-27032-guidelines-for-cybersecurity

IT Governance. (2016). ISO27035 Information Security Incident Management. BSI, (Nov). Retrieved from https://www.itgovernance.co.uk/shop/product/iso27035-iso-27035-information-security-incident-management

Jody, B. (2013). Continuous Improvement is Key to Network Security Management. Firemon, (Nov). Retrieved from https://www.firemon.com/continuous-improvement-key-network-security-management/

KCG. (2017). Six Sigma Methodology. Kaizen Consulting Group. Retrieved from https://www.kcg.com.sg/six-sigma-methodology/

Kick, J. (2014). Cyber Exercise Playbook. Cyber Exercise Playbook, 7013(November), 1–40. Retrieved from https://www.mitre.org/sites/default/files/publications/pr_14-3929-cyber-exercise-playbook.pdf

Kirvan, P. (2014). Integrate cybersecurity practices into a business continuity program. SearchDisasterRecovery, (Jun), 5. Retrieved from http://searchdisasterrecovery.techtarget.com/tip/Integrate-cybersecurity-practices-into-a-business-continuity-program

Kosutic, D. (2015). Understanding IT disaster recovery according to ISO 27031. 27001 Academy. Retrieved from https://advisera.com/27001academy/blog/2015/09/21/understanding-it-disaster-recovery-according-to-iso-27031/

Kulikova, O., Heil, R., & Berg, J. van den. (2012). Cyber Crisis Management: A Decision-Support Framework for Disclosing Security Incident Information. University of Twente, (Jul). Retrieved from https://research.utwente.nl/en/publications/cyber-crisis-management-a-decision-support-framework-for-disclosi

Lackey, Z. (2017). How DevOps and cloud will speed up security More Security Popular. Idg TV, 1–3. Retrieved from http://www.idg.tv/video/80056/how-devops-and-cloud-will-speed-up-security

Lavallee, G. (2017). How to Use a Password Manager. The Slate Group, (Feb). Retrieved from http://www.slate.com/articles/technology/future_tense/2017/02/how_to_set_up_a_password_manager.html

Leal, R. (2017). Qualitative vs. Quantitative Risk Assessment in Information Security: Differences and Similarities. The ISO 27001 & ISO 22301 Blog, (Mar). Retrieved from https://advisera.com/27001academy/blog/2017/03/06/qualitative-vs-quantitative-risk-assessments-in-information-security/

Lennon, E., Wilson, M., Korchak, R., Swanson, M., Wohl, A., Pope, L., … Bement, A. (2002). Contingency Planning Guide for Information Technology Systems. NIST Special Publication 800-34, (Jun). Retrieved from https://www.fismacenter.com/sp800-34.pdf

Limited, P. R. G. (2014). ISO/IEC 27002:2013 Plain English Objectives. Praxiom Research Group Limited, (April). Retrieved from http://www.praxiom.com/iso-27002-objectives.htm

Lockheed Martin. (2017). Cyber Kill Chain. Lockheed Martin. Retrieved from http://www.lockheedmartin.com/us/what-we-do/aerospace-defense/cyber/cyber-kill-chain.html

M.Brophy. (2015). IT Incident Response Plan. Creative Commons. Retrieved from http://www.iltanet.org/HigherLogic/System/DownloadDocumentFile.ashx?DocumentFileKey=966e76a0-5664-43b6-9f3e-fa0540055508&forceDialog=1

Manuel, J. (2017a). Cybersecurity Framework: Detect Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-detect-function

Manuel, J. (2017b). Cybersecurity Framework: Identify Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-identify-function

Manuel, J. (2017c). Cybersecurity Framework: Protect Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-protect-function

Manuel, J. (2017d). Cybersecurity Framework: Recover Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-recover-function

Manuel, J. (2017e). Cybersecurity Framework: Respond Function. Symantec, (Feb). Retrieved from https://www.symantec.com/connect/blogs/cybersecurity-framework-respond-function

Marcell Gogan. (2016). How To Minimize Insider Threats In Cyber Security. isBuzznews, 0. Retrieved from http://www.informationsecuritybuzz.com/articles/minimize-insider-threats-cyber-security/

McLaughlin, T. (2017a). How to Implement a Security Awareness Program at Your Organization. Threat Stack Blog and Cloud Security News, (Mar). Retrieved from https://blog.threatstack.com/how-to-implement-a-security-awareness-program-at-your-organization

McLaughlin, T. (2017b). The Three Pillars of Continuous Security Improvement. Threat Stack Blog and Cloud Security News, (Mar). Retrieved from https://blog.threatstack.com/the-three-pillars-of-continuous-security-improvement

Miessler, D. (2017). The Difference Between Red, Blue and Purple Teams. Daniel Miessler, 1–10. Retrieved from https://danielmiessler.com/study/red-blue-purple-teams/#gs.X9fDEcM

Moraes, M. (2017). Simplifying 3 Trends That Are Changing the IT Landscape. Continuum, (Apr), 1–5. Retrieved from https://blog.continuum.net/simplifying-3-trends-that-are-changing-the-it-landscape

Murray, R. (2017). How to Educate your Employees about Cybersecurity. Technical Support International, (May), 1–2. Retrieved from http://tsisupport.com/educate-employees-cybersecurity/

Musthaler, L. (2008). 13 best practices for preventing and detecting insider threats. Network Security, (Jun). Retrieved from http://www.networkworld.com/article/2280365/lan-wan/13-best-practices-for-preventing-and-detecting-insider-threats.html

Nather, W. (2017). Stop blaming users for security misses. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/80055/stop-blaming-users-for-security-misses

NCI. (2015). Encryption : The Backbone of Cybersecurity Strategies. National Cybersecurity Institute, (Dec), 2–3. Retrieved from http://www.nationalcybersecurityinstitute.org/general-public-interests/encryption-the-backbone-of-cybersecurity-strategies/

NIST. (2017). Framework for Improving Critical Infrastructure Cybersecurity. National Institute of Standards and Technology. https://doi.org/10.1109/JPROC.2011.2165269

NoticeBored. (2010). ISO/IEC 27033: 2010 - Information technology - Security techniques - Network security. ISO 27001 Security. Retrieved from http://www.iso27001security.com/html/27033.html

NoticeBored. (2011). ISO/IEC 27031:2011 Information technology - Security techniques - Guidelines for information and communications technology readiness for business continuity. ISO 27001 Security. Retrieved from http://www.iso27001security.com/html/27031.html

NoticeBored. (2013). ISO/IEC 27001:2013 Information technology — Information Security Management Systems (ISMS). ISO 27001 Security, 27000–27002. Retrieved from http://www.iso27001security.com/html/27001.html

NoticeBored. (2015). ISO/IEC 27040:2015 - Information technology - Security tecniques - Storage security. ISO 27001 Security. Retrieved from http://www.iso27001security.com/html/27040.html

Ogden, J. von. (2014). CSO vs. CISO. CIMCOR, (Sep). Retrieved from https://www.cimcor.com/blog/cso-vs-ciso

Olsen, B. (2014). The Role of Project and Program Management in Cyber Security. LinkediIn, (Sep). Retrieved from https://www.linkedin.com/pulse/20140924122921-6445912-the-role-of-project-and-program-management-in-cyber-security

PECB. (2016a). Guidelines to Cyber Security with ISO 27032. Information Security Management, 2015–2017. Retrieved from https://pecb.com/article/guidelines-to-cyber-security-with-iso-27032

PECB. (2016b). How to integrate ISO / IEC 27032 Cybersecurity on ISMS. IT Security, (September 2016), 3–6. Retrieved from https://pecb.com/article/how-to-integrate-isoiec-27032-cybersecurity-on-isms

PECB. (2016c). PECB Insights: Risk Resilience. PECB Insights, (1). Retrieved from https://pecb.com/pdf/magazine/PECB-Insights_Issue-01_April-2016.pdf

Pundmann, S., & Juergens, M. (2015). Cybersecurity The role of Internal Audit. Deloitte. Retrieved from https://www2.deloitte.com/us/en/pages/risk/articles/cybersecurity-internal-audit-role.html

PwC. (2011). The Cyber Savvy CEO: Getting to grips with today’s growing cyber-threats. Delusions of Safety? Retrieved from http://www.pwc.com/sg/en/tice/assets/ticenews201112/delusions-of-safety-cyber-savvy-ceo.pdf

Rainey, K. (2017). Are You Using Tabletop Simulations to Improve Your Information Security Program? Redcanary, (May). Retrieved from https://www.redcanary.com/blog/using-tabletop-simulations-to-improve-information-security/

Raja, S. (2017). Security Sessions: Realistic ways to lock down IoT. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/75499/security-sessions-realistic-ways-to-lock-down-iot
Rajani, N. (2017). Applying Lean Methodology for Cyber Security Management. LinkedIn, (Mar). Retrieved from https://www.linkedin.com/pulse/applying-lean-methodology-cyber-security-management-naushad-rajani

Ramanathan, P. (2010). Business Continuity Management Awareness Presentation for MAMPU. LinkediIn Slideshare, (Apr). Retrieved from https://www.slideshare.net/Nostrad/business-continuity-management-awareness-presentation-for-mampu

Redscan. (2017). What is a Penetration Test? Redscan Blog, (Mar). Retrieved from https://www.redscan.com/news/what-is-a-penetration-test/

Rehmen, R. (2016). Core CISO Org Structure. Identity Driven Enterprise (Security) Architecture, (May). Retrieved from http://identity-centric-architecture.blogspot.sg/2016/05/core-ciso-org-structure-to-threat.html

Resilia. (2016). Are your people playing an effective role in your cyber resilience? Axelos, 1–7. Retrieved from https://www.axelos.com/Corporate/media/Files/cyber-awareness.pdf

Richter, L. (2014). What is a Project Charter? Bright Hub Project Management, (Oct), 1–7. Retrieved from http://www.brighthubpm.com/project-planning/5161-what-is-a-project-charter/

Rick, H. (2017). Cybersecurity and the Cloud in 2017. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/74215/cybersecurity-and-the-cloud-in-2017

Rodriguez, N. (2017). 5 Steps GCs Should Take To Increase Cybersecurity Defenses. Law360, 1–6. Retrieved from https://www.law360.com/articles/783391/5-steps-gcs-should-take-to-increase-cybersecurity-defenses

Roos, D. (2014). How Crisis Communication Plans Work. How Stuff Works, 1–2. Retrieved from http://money.howstuffworks.com/business-communications/how-crisis-communication-plans-work.htm%5Cnhttp://money.howstuffworks.com/business-communications/how-crisis-communication-plans-work1.htm

Rouse, M., & Teravainen, T. (2016). Information Security (InfoSec). TechTarget, 1–7. Retrieved from http://searchsecurity.techtarget.com/definition/information-security-infosec

SANS Institute. (2013). Security Best Practices for IT Project Managers. SANS Institute InfoSec Reading Room, (Jun). Retrieved from https://www.sans.org/reading-room/whitepapers/bestprac/security-practices-project-managers-34257

Saunois, L. (2016). Black box, grey box, white box testing: what differences? NBS System, (May). Retrieved from https://www.nbs-system.com/en/blog/black-box-grey-box-white-box-testing-what-differences/

Segovia, A. (2015). ISO 27001 vs. ISO 27032 cybersecurity standard. Advisera, 1–19. Retrieved from https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/

Sekuriti, S. (2016). Guidelines on Management of Cyber Risk. Securities Commission, (Oct). Retrieved from https://www.sc.com.my/wp-content/uploads/eng/html/cyber/31102016_Guidelines_Cyber_Security.pdf

Shortridge, K. (2017). Bringing behavioral game theory to security defenses. Idg TV, 1–6. Retrieved from http://www.idg.tv/video/80116/bringing-behavioral-game-theory-to-security-defenses

Siwicki, B. (2017). Bug bounties: Crowdsourcing hackers to strengthen cybersecurity. Healthcare IT News, (Aug). Retrieved from http://www.healthcareitnews.com/news/bug-bounties-crowdsourcing-hackers-strengthen-cybersecurity

Spiro, S. (2017). 2017 Cybersecurity Trends and How MSPs Can Capitalize. Continuum, 1–6. Retrieved from https://blog.continuum.net/2017-cybersecurity-trends-and-how-msps-can-capitalize

State Office of Cyber Security. (2016). Incident Response Planning The 15 Minute Workgroup Tabletop Exercise. Security Operations, (Feb). Retrieved from http://soc.wa.gov/sites/default/files/documents/2016-02 -Tabletop Exercise.pdf

Stern, M. (2013). What Does Your Cybersecurity “A Team” Look Like? Security Week, (Mar), 1–7. Retrieved from http://www.securityweek.com/what-does-your-cybersecurity-team-look

Stevens Institute of Technology. (2017). Change Management. Stevens Institute of Technology, 7–8. Retrieved from https://www.stevens.edu/directory/information-technology/cyber-security-and-information-security/change-management

Target Postgrad. (2014). IT job roles and responsibilities explained. Target Postgrad, 1–3. Retrieved from https://targetpostgrad.com/subjects/computer-science-and-it/it-job-roles-and-responsibilities-explained

Toivonen, E. (2015). Top-6 Critical Security Issues for a PMO. Thinking Portfolio, (March). Retrieved from https://www.thinkingportfolio.com/top-6-critical-security-issues-for-a-pmo/

Tripwire. (2014). Striking Similarities Between a WoW Raid Team and an Infosec Team. The State of Security, (May). Retrieved from https://www.tripwire.com/state-of-security/security-awareness/striking-similarities-between-a-wow-raid-team-and-an-infosec-team/

US-CERT. (2017). Avoiding Social Engineering and Phishing Attacks. Department of Homeland Security, (Jan), 1–2. Retrieved from https://www.us-cert.gov/ncas/tips/ST04-014

V. Mack, O., & Bloom, K. (2017). The Cybersecurity Dream Team: How to Approach Internal Auditing. Lexology, (Jan). Retrieved from http://www.lexology.com/library/detail.aspx?g=5ffb7b3d-0d81-49fc-b6b0-95436461a7d5

Veltsos, C. (2017). Building a Cybersecurity Culture Around Layer 8. SecurityIntelligence, (Mar). Retrieved from https://securityintelligence.com/building-a-cybersecurity-culture-around-layer-8/

Verizon. (2016). Data Breach Digest. Verizon Business Journal, 6(2). Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest_xg_en.pdf
Verizon. (2017a). Data Breach Digest. Verizon Business Journal. Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-perspective-is-reality_xg_en.pdf

Verizon. (2017b). The Insider Threat : Protecting the Keys to the Kingdom Insider threat scenarios. Data Breach Digest, 1–12. Retrieved from http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-insider-threat_xg_en.pdf

Vigliarolo, B. (2017). NIST Cybersecurity Framework: The smart person’s guide. TechRepublic. Retrieved from http://www.techrepublic.com/article/nist-cybersecurity-framework-the-smart-persons-guide/

Weedin, D. (2017). Responsibilities of Crisis Management Team Members. Chron, 1–2. Retrieved from http://smallbusiness.chron.com/responsibilities-crisis-management-team-members-70910.html

Weinstein, J., & Vasovski, S. (2004). The PDCA Continuous Improvement Cycle. MIT, (Summer). Retrieved from https://ocw.mit.edu/courses/engineering-systems-division/esd-60-lean-six-sigma-processes-summer-2004/lecture-notes/6_3_pdca.pdf

Zanderigo, M. (2017). 10 Best Practices for Cyber Security in 2017. Observeit, 1–5. Retrieved from https://www.observeit.com/blog/10-best-practices-cyber-security-2017/

Zimmer, J. (2017). PR Crisis Communications : Can You Put Yourself in United Airlines’ Shoes? Demand Metric Blog. Retrieved from https://blog.demandmetric.com/2017/04/26/pr-crisis-communications-can-you-put-yourself-united-airlines’-shoes

Zimmerman, J. (2015). Readiness Best Practices : Assembling Your Business Continuity Team. Mission Mode, (Jan). Retrieved from http://www.missionmode.com/readiness-best-practices-assembling-business-continuity-team/

Do You Want to Continue BCM Training onsite or online?

Competency-based Course		Certification Course

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 32 Reference

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.