This book offers readers essential orientation on cybersecurity safeguards, and first and foremost helps them find the right balance between financial expenditures and risk mitigation. This is achieved by pursuing a multi-disciplinary approach that combines well-founded methods from economics and the computer sciences. Established decision making techniques are embedded into a walk-through for the complete lifecycle of cybersecurity investments. Insights into the economic aspect of the costs and benefits of cybersecurity are supplemented by established and innovative economic indicators. Readers will find practical tools and techniques to support reasonable decision making in cybersecurity investments. Further, they will be equipped to encourage a common understanding using economic aspects, and to provide cost transparency for the senior management.

Breaches in cybersecurity are on the rise. Between 1998 and 2003, reported cybersecurity incidents increased over thirty-fold. Well-publicized information security breaches have made cybersecurity a critical and timely topic for the general public, as well as for corporations, not-for-profit organizations and the government. As a result, organizations need to be able to make the business case for spending the right amount on cybersecurity. They also need to know how to efficiently allocate these funds to specific cybersecurity activities. Managing Cybersecurity Resources is the first book to specifically focus on providing a framework for understanding how to use economic and financial management tools in helping to address these important issues. The McGraw-Hill Homeland Security Series draws on frontline government, military, and business experts to detail what individuals and businesses can and must do to understand and move forward in this challenging new environment. Books in this timely and noteworthy series will cover everything from the balance between freedom and safety to strategies for protection of intellectual, business, and personal property to structures and goals of terrorist groups including Al-Qaeda.

This book provides a unique perspective into the mindset of psychology and cybersecurity. It presents a view of incorporating the latest research in cybersecurity and behavior. The newest cybersecurity challenge is not just understanding cybercriminals’ behavior, but our behavior as well, and to realize that some of behaviors could lead us in making bad cybersecurity decisions. By using models and literature rooted in psychology and comparing those to cybersecurity attacks, this book will help those who make crucial cybersecurity decisions to protect their organization, even better decisions. Dr. Brown also presents even a possible theory of cybersecurity. Key areas include: behaviorism; learning models; cybersecurity vulnerabilities; stereotypes; cybersecurity traits; conditioned response; social engineering; deep fakes.

This book "Industrial Cybersecurity", offers an in-depth exploration of essential strategies for safeguarding industrial operations. It includes insights about: - The Purdue Model for industrial control systems. - IT Operational Technology security in accordance with NIST SP 800-82. - Risk management, cybersecurity architecture, and indispensable security tools. - OT systems, OT cybersecurity architecture, essential security capabilities, tools, and critical infrastructure. This meticulously crafted guide will be an indispensable reference for professionals and organizations protecting critical infrastructure. "Industrial Cybersecurity" is ideal for cybersecurity professionals, OT specialists, IT security managers, industrial engineers, and students. It is also a useful asset for security practitioners, policymakers and regulators, consultants and advisors, and academic institutions focused on cybersecurity and industrial engineering.

The prevalence of cyber-dependent crimes and illegal activities that can only be performed using a computer, computer networks, or other forms of information communication technology has significantly increased during the last two decades in the USA and worldwide. As a result, cybersecurity scholars and practitioners have developed various tools and policies to reduce individuals' and organizations' risk of experiencing cyber-dependent crimes. However, although cybersecurity research and tools production efforts have increased substantially, very little attention has been devoted to identifying potential comprehensive interventions that consider both human and technical aspects of the local ecology within which these crimes emerge and persist. Moreover, it appears that rigorous scientific assessments of these technologies and policies "in the wild" have been dismissed in the process of encouraging innovation and marketing. Consequently, governmental organizations, public, and private companies allocate a considerable portion of their operations budgets to protecting their computer and internet infrastructures without understanding the effectiveness of various tools and policies in reducing the myriad of risks they face. Unfortunately, this practice may complicate organizational workflows and increase costs for government entities, businesses, and consumers. The success of the evidence-based approach in improving performance in a wide range of professions (for example, medicine, policing, and education) leads us to believe that an evidence-based cybersecurity approach is critical for improving cybersecurity efforts. This book seeks to explain the foundation of the evidence-based cybersecurity approach, review its relevance in the context of existing security tools and policies, and provide concrete examples of how adopting this approach could improve cybersecurity operations and guide policymakers' decision-making process. The evidence-based cybersecurity approach explained aims to support security professionals', policymakers', and individual computer users' decision-making regarding the deployment of security policies and tools by calling for rigorous scientific investigations of the effectiveness of these policies and mechanisms in achieving their goals to protect critical assets. This book illustrates how this approach provides an ideal framework for conceptualizing an interdisciplinary problem like cybersecurity because it stresses moving beyond decision-makers' political, financial, social, and personal experience backgrounds when adopting cybersecurity tools and policies. This approach is also a model in which policy decisions are made based on scientific research findings.