{"id":106485,"date":"2020-02-27T06:00:09","date_gmt":"2020-02-27T14:00:09","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=106485"},"modified":"2020-04-21T14:15:36","modified_gmt":"2020-04-21T21:15:36","slug":"cyber-canon-digital-resilience","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2020\/02\/cyber-canon-digital-resilience\/","title":{"rendered":"Book Review: \"Digital Resilience\""},"content":{"rendered":"

Cyber Canon Book Review:<\/strong> \u201cDigital Resilience: Is Your Company Ready for the Next Cyber Threat?\u201d\u00a0by Ray Rothrock (published April 18, 2018)<\/p>\n

Book Reviewed by:<\/strong> Ron Gula, President Gula Tech Adventures & Co-Founder Tenable Network Security, December 20, 2018<\/p>\n

Bottom Line:<\/strong> I don't recommend this book for the Cybersecurity Canon Hall of Fame, but if you are interested in the topic, this is a good one to read.<\/em><\/p>\n

Review:<\/strong><\/p>\n

I got into cybersecurity because I read books like Winn Schwartau\u2019s \u201cInformation Warfare,\u201d William Gibson\u2019s \u201cNeuromancer\u201d and Cliff Stoll\u2019s \u201cCuckoo's Egg.\u201d These books gave me a very balanced view of what cybersecurity could be, even though no one called them cyber in the 90s. Until I got Ray Rothrock\u2019s book, \u201cDigital Resilience,\u201d I didn\u2019t have a book I was comfortable with suggesting as a great first read to the next generation of cyber professionals.\u00a0<\/span><\/p>\n

If you\u2019ve recently been put in charge of IT or IT operations and didn\u2019t grow up in cyber over the past 20 years, \u201cDigital Resilience\u201d is for you. This book is also equally useful for new CEOs, CFOs or board members who need to understand cyber risk without getting overwhelmed with IT technology or the defeatism of \u201chackers and nation-states will always get in, so why bother.\u201d\u00a0<\/span><\/p>\n

The book does a great job of giving some context to the rich history of cyber events and the evolution of IT technology over the past few decades. It answers many of the \u201chow did we get here?\u201d types of questions, and more importantly, the \u201cwhere are we going?\u201d questions.\u00a0<\/span><\/p>\n

It also does an equally good job of offering some prescriptive actions organizations should take to measure and strengthen their overall cybersecurity defenses. It does all of this with what I would consider basic common sense and a focus on resilience, rather than relying on compliance or security frameworks, which can be very off-putting to first time cyber readers.\u00a0<\/span><\/p>\n

The eight chapters take the reader on a walk through cyber with very good prescriptions. Chapters one through three makes the case for why resilience is the best strategy. As an engineer, this really resonates with me. Unless you design security into things from the start, you are always patching and adding to your problem. The scope of how much we\u2019re already connected, even for on-premises networks and applications, is also discussed. The complexity of modern networks, including their dependency on each other and a large amount of cloud services and SaaS applications, is discussed. More importantly, Ray suggests a variety of strategies in these chapters to help the reader get up to speed and be proactive.\u00a0<\/span><\/p>\n

The remaining chapters focus on building resilience and take the reader into some crucial concepts. These include measuring resilience. I am a fan of the approach the book describes. It talks about what types of key metrics make good metrics, but stops short of claiming a grand, unified theory of modeling cyber risk. The two hardest things for cyber professionals to do well are to speak to their management team effectively and to keep track of all of their assets. To help, Ray does an excellent job of giving a variety of ideas for how executives should be briefed on cyber issues, as well as guidelines for presenting to boards. Ray also does a great job of explaining why keeping track of your digital assets, both on-premises and in the cloud, is step one. You can\u2019t protect what you don\u2019t know.\u00a0<\/span><\/p>\n

Ultimately, I found this book very welcoming and inviting to new cyber professionals. There is a very even-handed approach to understanding that cybersecurity is about balancing your people, processes and technologies \u2013 and communicating this to your management. These approaches will be valid for the next generation of technologies, and this book will still feel very fresh and modern even 10 years from now.<\/span><\/p>\n

We modeled the\u00a0<\/i>Cybersecurity Canon<\/i><\/a>\u00a0after the Baseball or Rock & Roll Hall-of-Fame, except for cybersecurity books. We have more than 25 books on the initial candidate list, but we are soliciting help from the cybersecurity community to increase the number to be much more than that.\u00a0Please write a review and nominate your favorite.\u00a0<\/i><\/p>\n

The Cybersecurity Canon is a real thing for our community. We have designed it so that you can\u00a0<\/i>directly participate in the process<\/i><\/a>. Please do so!<\/i><\/p>\n","protected":false},"excerpt":{"rendered":"

\u201cDigital Resilience\u201d explains how cybersecurity professionals must balance people, processes and technologies \u2013 and communicate with management.<\/p>\n","protected":false},"author":641,"featured_media":32398,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4521,6724],"tags":[251,4270],"coauthors":[6780],"class_list":["post-106485","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-canon","category-points-of-view","tag-cybersecurity-canon","tag-cybersecurity-canon-review"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2017\/06\/cybersecuity-canon-blog-600x260.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/106485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/641"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=106485"}],"version-history":[{"count":4,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/106485\/revisions"}],"predecessor-version":[{"id":106489,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/106485\/revisions\/106489"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/32398"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=106485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=106485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=106485"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=106485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}