This is the summary of the book titled “The Cybersecurity playbook – How every leader and Employee can contribute to a culture of security.” written by Allison Cerra and published by Wiley in 2019. The author draws upon years of fighting hacking and cybercrimes to produce a practical checklist for employees at all levels and disciplines such that the mindset for cybersecurity becomes part of the culture. These good habits can thwart attacks and boost preparedness. She calls on product designers to build security into network connected products from the ground up. She calls on human resources to increase awareness, capabilities, and resilience. Security breaches must be clearly communicated, and the response plan must be detailed. Since risk management is part of the cybersecurity initiatives, the finance office must also be involved. CISOs or the Chief Information Security Officer can co-ordinate and maintain the ultimate responsibility.

Corporate cybersecurity relies heavily on employee good habits, as one in five security breaches involves a negligent employee's mistake. Key practices include creating strong passwords, changing them frequently, and not reusing them. Employees should be familiar with common hacker tactics, such as phishing emails, and should check with IT security before using cloud services and tools. Encrypted thumb drives, reporting suspicious emails, and never leaving sensitive information unattended are essential.

Convincing employees to adopt these practices is challenging, as those responsible for cybersecurity often operate in the shadows. CISOs and their teams must weave safe practices and habits into the organization's culture to prepare for attacks and minimize damage. Cybersecurity preparedness requires the combined efforts of all parts of the organization, led by a CISO. The talent market for cybersecurity professionals is also struggling, with new techniques appearing daily.

Cybercriminals organize online communities on the Dark Web, sharing information and strategies. CEOs and board members must recognize that cybersecurity is a continuous escalating battle with measures and countermeasures, and no single tool can solve the problem.

Cybersecurity is a crucial investment for businesses, and it should be prioritized in every board meeting. The CISO should present and update the board on strategic risk management, explaining how the firm is protecting its most important assets. Regular updates from the CISO can help earmark security budgets for protecting these assets. Product designers must build security into network-connected products and devices from the ground up, as recent hacker attacks have highlighted the need for greater risk in every adoption of technology. Developers should make security a priority in product design, building security features as requirements and assigning accountability for continuous security monitoring and upkeep throughout the product life cycle.

Human resources play a crucial role in building cybersecurity awareness, capabilities, and resilience. A talent shortage in IT security talent is prevalent, with HR professionals sourcing candidates from atypical places and with less obvious credentials, such as women. HR should lead the charge in training employees in good cybersecurity practices, adjust reward programs, review personnel access to sensitive data, add questions to job interviews, and ensure every executive has at least one cybersecurity-related metric in their performance plan.

Developing and practicing a detailed communications and response plan to major security breaches is essential. Hacker stealth is a frightening aspect of cybersecurity, and firms should report breaches immediately to reduce damage and serve customers ethically. Preparing ahead of a breach involves scenario planning, developing a full communications plan, and preparing responses for tough questions.

CISOs must reframe their conversations with CFOs from a focus on ROI to one of risk management, estimating financial damage and potential avoidance of losses. CFOs should hold CISOs accountable for their past resource use and training.

CFOs and CISOs must ensure the corporate supply chain adheres to IT security standards, including outsourcing partners, suppliers, and new products or platforms. CISOs must balance policing employees with preventing a free-for-all that puts the firm at risk. They must translate threats to strategy and risks, ensuring that potential attacks put revenue and strategic objectives at risk. CISOs should also share phishing test results and maintain basic security best practices. AI is a weapon in both the company's cybersecurity arsenal and its enemies' arsenals. They must work closely with CIOs, agreeing on metrics, penetration testing schedules, and planned purchases. AI can automate threat detection but also results in more false positives, requiring resources to investigate. Organizations must develop a "sixth sense" for detecting threats and breaches, which can only be achieved when cybersecurity infuses the culture.

Previous book summary: BookSummary94.docx

Summarizing Software: SummarizerCodeSnippets.docx 

#codingexercise

Given a string of digits, count the number of subwords (consistent subsequences) that are anagrams of any palindrome.

Public class solution {

Public static int getSubWords(String digits) {

    Int count = 0;

    for (int k = 1; k < digits.length; k++) {

           for (int I = 0; I <digits.length; I++) {

                Int end = I + k;

                If (end < digits.length) {

                     String word = digits.substring(words, I, end);

                      If (isAnagram(word)) { 

                          count++;

                      }

                }

           }

    }

    return count;

}

Public boolean isAnagram(String word) {

        Map<Char, Integer> charMap = new HashMap<>();

        for (int I = 0; I < word.length; I++) {

               If (charMap.containsKey(word.charAt(I))) {

                    charMap[word.charAt(i)] = charMap.get(word.charAt(I)) + 1;

               } else {

                    charMap.put(word.charAt(I), 1);

               }

        }

        If (charMap.size() %2 == 1) {

            // count of only one element must be odd 

            return charMap.values().stream().filter(x-> x%2 == 1).count() == 1;

        }

        Else { 

             // count of all elements must be even

             return charMap.values().stream().filter(x -> x%2 == 0).count() == charMaps.size();

        }

}

}

test:

14641

2