"Regardless of industry - whether it is agriculture, aviation or health care - organizations are all increasingly susceptible to cyberattacks, and businesses need to adapt accordingly. Cybersecurity for Business provides the tools for business and IT leaders alike to successfully navigate this new reality."

Richard Rocca, CISO, Bunge

"It is rare for a new volume to provide such excellent guidance on cyber for the working manager and practitioner. I hope board members and executives everywhere invest the time to absorb this book's fine contents."

Ed Amoroso, Former CISO, AT&T

"As an early advocate of enterprise risk management, I have seen the significant business value from better quantifying and integrating strategic, operational and financial risks. Cybersecurity cannot be managed effectively as a silo given its critical business and risk interdependencies. This practical book will help any organization break down that silo and address cybersecurity as a strategic, enterprise risk issue."

James C. Lam, President, James Lam & Associates; Chair of the Board, Recology; Chair of the Audit Co

"All businesses, large and small, will eventually find themselves the target of sophisticated cyber-attacks. Companies need to account for and adapt to this reality, especially as we all rely more on technology and data to drive our businesses. Cybersecurity for Business provides specific guidance for directors down to the front lines of IT, that, if followed, can place a company in a far better position to be armed and prepared for the inevitable cyber-attack."

Kevin Mandia, CEO, Mandiant

"Cybersecurity is national security. The only way to effectively protect ourselves is through a collective defense model. Cybersecurity for Business describes the roles and responsibilities individuals across an organization must take in this new age to work together to protect their enterprise and, in so doing, contribute to our nation's defense."

GEN (Ret) Keith Alexander, Former head of US Cyber Command Co-CEO, IronNet Cybersecurity, Inc.

"Cybersecurity for Business is a bonfire of wisdom for leaders who desire to be part of the executive decision-making team in their organization. Co-authored by an extraordinary group of global leaders and luminaries with topics as diverse as 'managing' your board of directors, developing key inter-organizational relationships and aligning business goals to cybersecurity, among others, this book will find a home on the desk of leaders and managers across the cybersecurity community."

Mark Weatherford, former Deputy Undersecretary for Cybersecurity at the US Department of Homeland Se

"Cybersecurity for Business is one of those rare practical books for businesses that can help large, medium and small companies manage the ongoing and unavoidable cyber risks now facing all industries. The threats facing manufacturers and all firms compound by the day, so learning these lessons now is crucial."

Jay Timmons, President and CEO, National Association of Manufacturers

"Utilities have been hit hard by hackers during the past few years, creating a need to balance risk with the demands of the new economics of the digital world. I cannot recommend Cybersecurity for Business enough. It helps organizations evaluate security for an enterprise-wide perspective consistent with the economics required to maintain effective service."

Ryan Boulais, Chief Information Security Officer, The AES Corporation

"Cybersecurity for Business takes the complicated and ever-changing world of data security and technology and offers a remarkably cogent collection of guidance from industry experts. The result is a practical and wide-ranging text and a powerful tool for keeping businesses safe."

Preet Bharara, former U.S. Attorney, Distinguished Scholar in Residence at NYU School of Law; CNN Se

"The aspect of Cybersecurity for Business that compelled me to adopt it as my textbook for Columbia's Enterprise Cyber Threats and Defenses course is the holistic approach taken to the defense of complex networks. As demonstrated by the impact of Hurricane Katrina on New Orleans, dis-aligned localized defenses cannot withstand systematic attacks on complex multi-part networks. Even a single point of failure in an otherwise robust entity 'perimeter' renders the entire entity vulnerable. Because there is no security through obscurity, the only sustainable cyber defense is one architected top-down."

Dr. Corey Hirsch, CISO, Teledyne

"Cybersecurity for Business outlines a model any business should consider to align its technical systems with proper management to strengthen its cyber resilience. Besides serving as a guide to better manage cyber attacks, this book provides confirmation of our security program and the approach we've taken. Additionally, it reinforces concepts we routinely share with partners, customers, and other stakeholders across our ecosystems. What I like most is that it offers practical advice with a robust list of references for readers to dive even deeper into the various topics."

Jon Brickey, Senior Vice President Cybersecurity Evangelist, Mastercard

"Cybersecurity for Business is one of the few books that recognizes that cybersecurity is not just a technology issue - it's a strategy issue and a leadership issue. Here you'll find excellent and timely guidance that will help leaders around the company and the world do their part to succeed in an environment of cyber risk."

Daniel Dobrygowski, Head of Governance and Trust, World Economic Forum

"This ISA book on cybersecurity risk management hits the mark on enabling organizations to contextualize cyber risk to financial, operational and business outcomes. These core principles align to the heightened expectations across the regulatory (SEC), investor, risk management and boardroom communities."

Chris Hetner, Former Senior Cybersecurity Advisor to the SEC Chair and Special Advisor for Cyber Ris

"Leadership and management of cyber risk continues to evolve. Beyond just C-Suites and IT departments, this book brings the role of the whole organization - HR, PR, finance, legal compliance, marketing, etc. - into sharp focus. Cybersecurity is a team sport that must address leadership, management and the culture of security throughout the entire business enterprise. Cybersecurity for Business sets the principles and de-facto standard for modern cyber risk management."

Harry D. Raduege, Jr. Lieutenant General, USAF (Ret) Chief Executive Officer, National Cybersecurity

"Cybersecurity for Business tracks the principles we recommend our college and universities follow to enhance their own cyber risk resilience. As such, it's an excellent book for graduate and undergraduate courses in cyber, and its use will help create a more coherent, secure and sustainable digital environment."

Henry Stoever, President and CEO, Association of Governing Boards of Universities and Colleges (AGB)

"The ISA's Cybersecurity for Business is the first comprehensive, practical, strategic and tactical guide to this rapidly evolving and constantly challenging subject that is both practical and academic. Indeed, it is exactly what I have been looking for as someone who both advises boards and management on strategic cyber risk management and governance and as a cyber-professor teaching a course on 'Cyber Leadership, Risk Oversight and Resilience' at NYU, where it will become my core textbook for future semesters. This is an outstanding contribution because it is written by people with direct experience on the front lines - indeed on the bleeding edge - of this ever-evolving threat and opportunity matrix and incorporates some of the groundbreaking risk governance work that Larry and the Internet Security Alliance have been doing for years with the NACD, the World Economic Forum and a number of leading industry associations around the world. And, finally, it goes beyond other publications by looking at the bigger systemic cyber-picture including the role of culture, economics, governance and how all the strategic and tactical dots interconnect. Kudos to Larry and his team - they really made it happen!"

Andrea Bonime-Blanc, Founder & CEO, GEC Risk Advisory

"Despite the deluge of cyber-attack headlines, too often boards of directors remain focused on how they should be preparing for the next inevitable breach, rather than thinking proactively about their cybersecurity oversight responsibilities. Cybersecurity for Business is an invaluable guide for directors and executives at organizations of all sizes to better understand the business, legal and technical dimensions of cybersecurity risk management, and how to optimize corporate governance to meet the challenges posed by multifaceted cyber threats. I consider it required reading for everyone interested in safeguarding their critical systems, supply chains, employees and customers."

Professor Scott J. Shackelford, JD, PhD, Chair, Indiana University Cybersecurity Risk Management Pro