Discover millions of ebooks, audiobooks, and so much more with a free trial

Only $11.99/month after trial. Cancel anytime.

The True Cost of Information Security Breaches and Cyber Crime
The True Cost of Information Security Breaches and Cyber Crime
The True Cost of Information Security Breaches and Cyber Crime
Ebook73 pages51 minutes

The True Cost of Information Security Breaches and Cyber Crime

Rating: 0 out of 5 stars

()

Read preview

About this ebook

This pocket guide uses case studies to illustrate the possible security breach scenarios that an organisation can face. It sets out a sensible, realistic assessment of the actual costs of a data or information breach and explains how managers can determine the business damage caused.

LanguageEnglish
Publisheritgovernance
Release dateJul 16, 2013
ISBN9781849284974
The True Cost of Information Security Breaches and Cyber Crime
Author

Michael Krausz

Michael Krausz studied Physics, Computer Science and Law at the University of Technology, Vienna, Vienna University and Webster University. In order to combine his two main hobbies, computers and investigations, he chose to become a professional investigator and IT expert. Over the course of his career he has investigated over a hundred cases of information security breaches, usually connected with white-collar crime. Michael Krausz is an ISO27001 auditor and has delivered over 5000 hours of professional and academic training. He has provided consulting or investigation services in 12 countries to date.

Read more from Michael Krausz

Related to The True Cost of Information Security Breaches and Cyber Crime

Related ebooks

Security For You

View More

Related articles

Reviews for The True Cost of Information Security Breaches and Cyber Crime

Rating: 0 out of 5 stars
0 ratings

0 ratings0 reviews

What did you think?

Tap to rate

Review must be at least 10 words

    Book preview

    The True Cost of Information Security Breaches and Cyber Crime - Michael Krausz

    The True Cost of

    Information

    Security Breaches

    and Cyber Crime

    The True Cost of

    Information

    Security Breaches

    and Cyber Crime

    MICHAEL KRAUSZ

    PROF. JOHN WALKER

    Every possible effort has been made to ensure that the information contained in this book is accurate at the time of going to press, and the publisher and the author cannot accept responsibility for any errors or omissions, however caused. Any opinions expressed in this book are those of the author, not the publisher. Websites identified are for reference only, not endorsement, and any website visits are at the reader's own risk. No responsibility for loss or damage occasioned to any person acting, or refraining from action, as a result of the material in this publication can be accepted by the publisher or the author.

    Apart from any fair dealing for the purposes of research or private study, or criticism or review, as permitted under the Copyright, Designs and Patents Act 1988, this publication may only be reproduced, stored or transmitted, in any form, or by any means, with the prior permission in writing of the publisher or, in the case of reprographic reproduction, in accordance with the terms of licences issued by the Copyright Licensing Agency. Enquiries concerning reproduction outside those terms should be sent to the publisher at the following address:

    IT Governance Publishing

    IT Governance Limited

    Unit 3, Clive Court

    Bartholomew’s Walk

    Cambridgeshire Business Park

    Ely, Cambridgeshire

    CB7 4EA

    United Kingdom

    www.itgovernance.co.uk

    © Prof. John Walker and Michael Krausz 2013

    The author has asserted the rights of the author under the Copyright, Designs and Patents Act, 1988, to be identified as the author of this work.

    First published in the United Kingdom in 2013

    by IT Governance Publishing.

    ISBN 978-1-84928-497-4

    FOREWORD

    The year is 2013. Not 1988, when viruses were believed to be an April Fool's joke; not 1995, when companies had to be convinced that firewalls might make sense; and not 2004, when IT forensics started to become topical. It is 2013: companies are forced to protect their data and information, and a market has risen from almost nothing over the past 20 years because of regulatory, statutory or contractual requirements. Only the most stubborn would think that information security can still be avoided altogether. This stubbornness is usually punished by media reports of breaches occurring at such organisations within comparatively little time and the ICO¹ following up with a hefty fine.

    Serious, not-so-serious and downright disreputable security companies now crowd the security services (and products) market. They cause incessant noise in the ears and brains of CxOs who have to make informed decisions about their organisation’s information security strategy, individual topics or current issues. They claim that 100 percent security exists, that it can be achieved at no cost if you outsource to the right third-world country, that an ISO27001 audit can be done within one week for an entire corporation and that, of course, you must have the latest security technology (‘toys’) in place to be 100 percent secure. The worst thing, however, is that many security providers still – in raising FUD (Fear-Uncertainty-Doubt) – sell services or products based on exaggerations about what a data or information breach can cost a company. A sale is then usually made rather quickly and the company is served – the security service provider that is, not the customer.

    This pocket guide, by two seasoned security practitioners, presents a balanced view based on real-life case studies containing as many hard facts as possible. CxOs can then make informed decisions about their organisation’s information security strategy.

    1   ICO: Information Commissioner’s Office

    PREFACE

    This pocket guide serves two purposes:

    Presenting a balanced view of the true cost of data and cyber information breaches, through case studies that illustrate real-world examples, along with the associated real-world impact.

    Providing guidance on the cost factors of a breach and how to determine figures in a breach situation.

    This guide also explains the relationship between information security risk and business risk. While undoubtedly connected, distinct differences mean that not every information security risk becomes a business risk. This distinction can help CFOs, CSOs/CISOs and CEOs make informed decisions about how to treat a breach or on priorities for

    Enjoying the preview?
    Page 1 of 1