Monday, 08 October 2018 08:25

Book review: The Five Anchors of Cyber Resilience by Phillimon Zongo

By

As the title suggests, The Five Anchors of Cyber Resilience attempts to describe cyber threats, and more importantly corporate responses to them, within a framework of "Five Anchors."

The author, Phil Zongo is Zimbabwean-born, but now resident in Australia. He is a well-regarded cyber security expert, strategic adviser and author.

He has been widely published in a variety of journals and has received numerous awards from ISACA and other professional bodies. In the past 14 years, Zongo has consulted widely with major corporations to assist with their cybersecurity strategies. This is his first book.

The book is meant to be a guide for cyber resilience, aimed at corporate senior executives.

As Zongo explains in the book, a cyber-resilient enterprise will:

  • build a cyber-security strategy centred on high-value assets;
  • put people at the centre of cybers ecurity strategies;
  • bake cyber security into innovative programs;
  • implement a risk-based assurance program over suppliers; and
  • create highly effective, lean and efficient governance structures.

Perhaps Zongo's five anchors are somewhat "motherhood" in their scope, but he provides plenty of examples showing intrusions that would have been defeated if these anchors had been properly implemented.

The five main chapters of the book address the anchors and offer plenty of background and description along with what can go wrong. There is also useful guidance on an extensive implementation of each anchor.

The book's introduction addresses a brief history of cyber crime and very clearly explains how a total defeat of such a scourge is essentially impossible, instead it is important to assess and prioritise, and to be smarter about applying limited resources to the problem. While reading this section, I was reminded time and again of the quote attributed to one of the IRA leaders in reference to the late Margaret Thatcher during "The Troubles". He said, "You have to be lucky all the time, we only have to be lucky once."

It is within this context that Zongo stresses the need to manage a corporation's resources to identify the most important assets (anchor 1); to ensure the entire company is on-board (anchor 2); to seek innovative solutions to current problems, including IoT, Cloud, Blockchain etc. (anchor 3); to recognise that suppliers are a major intrusion channel and to protect that path (anchor 4) and to improve governance structures to remove turf wars and to optimise comprehension at the highest levels of an organisation (anchor 5).

Within the context of anchor 5, Zongo also notes that very few boards have members with cyber skills and worse, the information being passed to them from the C-suite, and below, is either obfuscating, unintelligible or 'baffling them with bulls**t' (as the vernacular goes).

The book is suitable for lay readers as it doesn't delve too deeply into technical language. It is strongly recommended as mandatory reading for any senior corporate manager or board member to assist in an understanding of the broader issues and also to frame the questions to be asked (of the experts within the organisation) and the problems that need to be addressed.

It will also give management a framework for optimising the use of their resources. "Five Anchors" should also be mandatory reading for CISOs to better prepare them for potentially difficult discussions that will be instigated by board members who have take the time to read and digest this book!

Of course no book, this one included, is capable of giving specific advice for an individual organisation, however there is plenty here to cause thought and reflection; and hopefully will lead to greater cyber-resilience. Recommended.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments