The True Cost of Information Security Breaches and Cyber Crime
By Michael Krausz and Prof. John Walker
()
About this ebook
This pocket guide uses case studies to illustrate the possible security breach scenarios that an organisation can face. It sets out a sensible, realistic assessment of the actual costs of a data or information breach and explains how managers can determine the business damage caused.
Michael Krausz
Michael Krausz studied Physics, Computer Science and Law at the University of Technology, Vienna, Vienna University and Webster University. In order to combine his two main hobbies, computers and investigations, he chose to become a professional investigator and IT expert. Over the course of his career he has investigated over a hundred cases of information security breaches, usually connected with white-collar crime. Michael Krausz is an ISO27001 auditor and has delivered over 5000 hours of professional and academic training. He has provided consulting or investigation services in 12 countries to date.
Read more from Michael Krausz
Managing Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratings
Related to The True Cost of Information Security Breaches and Cyber Crime
Related ebooks
A Practitioner's Guide to Adapting the NIST Cybersecurity Framework Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5ISO 27000 Series A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsInformation Security Architect A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsCyber Hygiene A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsData Privacy Laws A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsISO IEC 27001 A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCyber Security Incident Response A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsInformation Risk Management: A practitioner's guide Rating: 5 out of 5 stars5/5Qualified Security Assessor Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsPhysical Security for IT Rating: 5 out of 5 stars5/5SOC for Cybersecurity A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsResearch Methods for Cyber Security Rating: 0 out of 5 stars0 ratingsAssessing Information Security: Strategies, Tactics, Logic and Framework Rating: 5 out of 5 stars5/5Cybersecurity Risk Management A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for CEOs and Management Rating: 2 out of 5 stars2/5Security Operations A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsInformation Governance and Security: Protecting and Managing Your Company’s Proprietary Information Rating: 0 out of 5 stars0 ratingsSecurity Controls Evaluation, Testing, and Assessment Handbook Rating: 5 out of 5 stars5/5Dictionary of Information Security Rating: 1 out of 5 stars1/5Cybersecurity Jobs & Career Paths: Find Cybersecurity Jobs, #2 Rating: 0 out of 5 stars0 ratingsSecurity And Privacy Governance A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity Operations Handbook Rating: 5 out of 5 stars5/5Certified Information Privacy Professional A Clear and Concise Reference Rating: 0 out of 5 stars0 ratingsNIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsInformation Security Policy A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsCybersecurity 2021 Rating: 0 out of 5 stars0 ratingsTransformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors Rating: 0 out of 5 stars0 ratingsHow Cyber Security Can Protect Your Business: A guide for all stakeholders Rating: 0 out of 5 stars0 ratingsCyber Security Awareness for Corporate Directors and Board Members Rating: 1 out of 5 stars1/5
Security For You
CompTIA Security+ All-in-One Exam Guide, Sixth Edition (Exam SY0-601)) Rating: 3 out of 5 stars3/5CompTIA Security+ Certification Study Guide, Fourth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 4 out of 5 stars4/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5Hacking For Dummies Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5The Pentester BluePrint: Starting a Career as an Ethical Hacker Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Mike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Blockchain Basics: A Non-Technical Introduction in 25 Steps Rating: 5 out of 5 stars5/5Hands on Hacking: Become an Expert at Next Gen Penetration Testing and Purple Teaming Rating: 3 out of 5 stars3/5Security+ Boot Camp Study Guide Rating: 5 out of 5 stars5/5Real-World Cryptography Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsPractical Ethical Hacking from Scratch Rating: 5 out of 5 stars5/5How Not To Use Your Smartphone Rating: 5 out of 5 stars5/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5
Reviews for The True Cost of Information Security Breaches and Cyber Crime
0 ratings0 reviews
Book preview
The True Cost of Information Security Breaches and Cyber Crime - Michael Krausz
The True Cost of
Information
Security Breaches
and Cyber Crime
The True Cost of
Information
Security Breaches
and Cyber Crime
MICHAEL KRAUSZ
PROF. JOHN WALKER
Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader's own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.
Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:
IT Governance Publishing
IT Governance Limited
Unit 3, Clive Court
Bartholomew’s Walk
Cambridgeshire Business Park
Ely, Cambridgeshire
CB7 4EA
United Kingdom
www.itgovernance.co.uk
© Prof. John Walker and Michael Krausz 2013
The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.
First published in the United Kingdom in 2013
by IT Governance Publishing.
ISBN 978-1-84928-497-4
FOREWORD
The year is 2013. Not 1988, when viruses were believed to be an April Fool's joke; not 1995, when companies had to be convinced that firewalls might make sense; and not 2004, when IT forensics started to become topical. It is 2013: companies are forced to protect their data and information, and a market has risen from almost nothing over the past 20 years because of regulatory, statutory or contractual requirements. Only the most stubborn would think that information security can still be avoided altogether. This stubbornness is usually punished by media reports of breaches occurring at such organisations within comparatively little time and the ICO¹ following up with a hefty fine.
Serious, not-so-serious and downright disreputable security companies now crowd the security services (and products) market. They cause incessant noise in the ears and brains of CxOs who have to make informed decisions about their organisation’s information security strategy, individual topics or current issues. They claim that 100 percent security exists, that it can be achieved at no cost if you outsource to the right third-world country, that an ISO27001 audit can be done within one week for an entire corporation and that, of course, you must have the latest security technology (‘toys’) in place to be 100 percent secure. The worst thing, however, is that many security providers still – in raising FUD (Fear-Uncertainty-Doubt) – sell services or products based on exaggerations about what a data or information breach can cost a company. A sale is then usually made rather quickly and the company is served – the security service provider that is, not the customer.
This pocket guide, by two seasoned security practitioners, presents a balanced view based on real-life case studies containing as many hard facts as possible. CxOs can then make informed decisions about their organisation’s information security strategy.
1 ICO: Information Commissioner’s Office
PREFACE
This pocket guide serves two purposes:
Presenting a balanced view of the true cost of data and cyber information breaches, through case studies that illustrate real-world examples, along with the associated real-world impact.
Providing guidance on the cost factors of a breach and how to determine figures in a breach situation.
This guide also explains the relationship between information security risk and business risk. While undoubtedly connected, distinct differences mean that not every information security risk becomes a business risk. This distinction can help CFOs, CSOs/CISOs and CEOs make informed decisions about how to treat a breach or on priorities for