Today, Prevention and Detection are not 100% effective. Some attacks are not stopped by Prevention measures and go undetected. These attacks succeed; they steal data and disrupt organizations. The fact that attacks succeed makes Response the most business-critical discipline. Prevention and Detection also play crucial roles; you want the best measures you can afford. But you need to operate with the assumption that Prevention and Detection will eventually fail. And when they fail, your organization needs a Response plan.
There are hundreds of Cybersecurity vendors with thousands of competing solutions. This book is not about selecting any particular solution. Instead, it explains the three Core Cybersecurity Disciplines (Prevention, Detection, and Response) and shows how they apply to each information asset type without incomprehensible jargon and unexplained acronyms. It then provides questions and talking points for conversations with Cybersecurity leaders that will provide clarity into how they direct your organization’s Cybersecurity budget.