Home Books Book review: The Five Anchors of Cyber Resilience by Phillimon Zongo

As the title suggests, The Five Anchors of Cyber Resilience attempts to describe cyber threats, and more importantly corporate responses to them, within a framework of "Five Anchors."

The author, Phil Zongo is Zimbabwean-born, but now resident in Australia. He is a well-regarded cyber security expert, strategic adviser and author.

He has been widely published in a variety of journals and has received numerous awards from ISACA and other professional bodies. In the past 14 years, Zongo has consulted widely with major corporations to assist with their cybersecurity strategies. This is his first book.

The book is meant to be a guide for cyber resilience, aimed at corporate senior executives.

As Zongo explains in the book, a cyber-resilient enterprise will:

  • build a cyber-security strategy centred on high-value assets;
  • put people at the centre of cybers ecurity strategies;
  • bake cyber security into innovative programs;
  • implement a risk-based assurance program over suppliers; and
  • create highly effective, lean and efficient governance structures.

Perhaps Zongo's five anchors are somewhat "motherhood" in their scope, but he provides plenty of examples showing intrusions that would have been defeated if these anchors had been properly implemented.

The five main chapters of the book address the anchors and offer plenty of background and description along with what can go wrong. There is also useful guidance on an extensive implementation of each anchor.

The book's introduction addresses a brief history of cyber crime and very clearly explains how a total defeat of such a scourge is essentially impossible, instead it is important to assess and prioritise, and to be smarter about applying limited resources to the problem. While reading this section, I was reminded time and again of the quote attributed to one of the IRA leaders in reference to the late Margaret Thatcher during "The Troubles". He said, "You have to be lucky all the time, we only have to be lucky once."

It is within this context that Zongo stresses the need to manage a corporation's resources to identify the most important assets (anchor 1); to ensure the entire company is on-board (anchor 2); to seek innovative solutions to current problems, including IoT, Cloud, Blockchain etc. (anchor 3); to recognise that suppliers are a major intrusion channel and to protect that path (anchor 4) and to improve governance structures to remove turf wars and to optimise comprehension at the highest levels of an organisation (anchor 5).

Within the context of anchor 5, Zongo also notes that very few boards have members with cyber skills and worse, the information being passed to them from the C-suite, and below, is either obfuscating, unintelligible or 'baffling them with bulls**t' (as the vernacular goes).

The book is suitable for lay readers as it doesn't delve too deeply into technical language. It is strongly recommended as mandatory reading for any senior corporate manager or board member to assist in an understanding of the broader issues and also to frame the questions to be asked (of the experts within the organisation) and the problems that need to be addressed.

It will also give management a framework for optimising the use of their resources. "Five Anchors" should also be mandatory reading for CISOs to better prepare them for potentially difficult discussions that will be instigated by board members who have take the time to read and digest this book!

Of course no book, this one included, is capable of giving specific advice for an individual organisation, however there is plenty here to cause thought and reflection; and hopefully will lead to greater cyber-resilience. Recommended.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect