Sound guidance on design, implementation, and governance of cybersecurity policy

Now in its Second Edition, the Cybersecurity Policy Guidebook delivers an issue-focused treatment of public, private, and individual cybersecurity policy alternatives for treatment of systemic cyber risks. Seven practitioners from government, industry, and academia analyze overlapping perspectives of decision-makers, technology professionals, and critical infrastructure engineers within the recently transformed digital landscape.

The first edition dealt with threats to impersonation, infrastructure access, intellectual property, internet access, nation-state conflict, operational continuity, privacy, and supply chain. New to this edition is coverage of AI's impact on cybersecurity, cyber-physical systems, and custodial issues for technology platforms and other cyber-enabled services. The book addresses threat intelligence across industry sectors, governance frameworks, and risk appetite thresholds. A policy catalog reflects pros and cons of pressing policy positions.

Key topics also include:

• Communication strategies for conveying cybersecurity risk to decision makers across public and private levels of authority
• Policy objectives mapped to technology evolution, connecting operational choices with their broader strategic and regulatory implications
• Guidance on banking and financial services cybersecurity supervision, drawing on interagency regulatory frameworks and examination standards
• Operational technology and control system cybersecurity policy, addressing risks unique to industrial control systems and other cyber-physical systems
• Cross-disciplinary course alignment for programs in public policy, law, business, computer science, engineering, and social sciences

Cybersecurity Policy Guidebook serves leaders of public and private organizations, as well as technology professionals, industry analysts, scholars, and individuals seeking a structured reference on cybersecurity policy issues. Whatever the starting point of perspective, readers will gain the policy knowledge required to act with precision.

Jennifer L. Bayuk, PhD, is an independent cybersecurity consultant, CEO of Decision Framework Systems, and cybersecurity professor. Previously a Wall Street CISO and Bell Labs security software engineer, she has numerous publications on security architecture, risk management, and cybersecurity forensics.

Art Ehuan is Executive Director of Duke University's Master of Engineering in Cybersecurity and CISO Executive Certificate programs. A former FBI Supervisory Special Agent, he served as cyber expert on breaches at Heartland, Sony Pictures, Target, Anthem, Equifax, Capital One, and Marriott.

Jason Healey is a Senior Research Scholar at Columbia University's School for International and Public Affairs. He founded the Atlantic Council's Cyber Statecraft Initiative and was a founding member of the White House Office of the National Cyber Director.

Paul Rohmeyer, PhD, is an IT management consultant and Information Systems faculty member at Stevens Institute of Technology. He serves on the editorial boards of Computers & Security Journal and Cybersecurity & Cybercrime Journal, with expertise spanning banking, finance, healthcare, and life sciences.

Marcus H. Sachs, PE, is Senior Vice President and Chief Engineer at the Center for Internet Security. A retired U.S. Army officer and former White House appointee, he previously served as CSO of the North American Electric Reliability Corporation and VP for National Security Policy at Verizon.

Donald Saxinger is an independent financial sector regulatory policy consultant. As an FDIC banking supervisor for over three decades, he chaired the FFIEC IT Examination Handbook and Cybersecurity and Critical Infrastructure Working Groups, authored banking industry cybersecurity guidance, led interagency cyber rulemaking, and advised central banks internationally.

Joseph Weiss, PE is Managing Partner of Applied Control Solutions, LLC, an independent control system cybersecurity consultant. An ISA Life Fellow and member of Control's Process Automation Hall of Fame, he has published over 100 papers and holds patents on instrumentation, control systems, and OT networks.