What do you think?
Rate this book
The Cybersecurity Guide to Governance, Risk, and Compliance
The Cybersecurity Guide to Governance, Risk, and Compliance Understand and respond to a new generation of cybersecurity threats
Cybersecurity has never been a more significant concern of modern businesses, with security breaches and confidential data exposure as potentially existential risks. Managing these risks and maintaining compliance with agreed-upon cybersecurity policies is the focus of Cybersecurity Governance and Risk Management. This field is becoming ever more critical as a result. A wide variety of different roles and categories of business professionals have an urgent need for fluency in the language of cybersecurity risk management.
The Cybersecurity Guide to Governance, Risk, and Compliance meets this need with a comprehensive but accessible resource for professionals in every business area. Filled with cutting-edge analysis of the advanced technologies revolutionizing cybersecurity, increasing key risk factors at the same time, and offering practical strategies for implementing cybersecurity measures, it is a must-own for CISOs, boards of directors, tech professionals, business leaders, regulators, entrepreneurs, researchers, and more.
The Cybersecurity Guide to Governance, Risk, and Compliance also
Over 1300 actionable recommendations found after each section Detailed discussion of topics including AI, cloud, and quantum computing More than 70 ready-to-use KPIs and KRIs “This guide’s coverage of governance, leadership, legal frameworks, and regulatory nuances ensures organizations can establish resilient cybersecurity postures. Each chapter delivers actionable knowledge, making the guide thorough and practical.” —GARY MCALUM, CISO
“This guide represents the wealth of knowledge and practical insights that Jason and Griffin possess. Designed for professionals across the board, from seasoned cybersecurity veterans to business leaders, auditors, and regulators, this guide integrates the latest technological insights with governance, risk, and compliance (GRC)”. —WIL BENNETT, CISO
Cybersecurity has never been a more significant concern of modern businesses, with security breaches and confidential data exposure as potentially existential risks. Managing these risks and maintaining compliance with agreed-upon cybersecurity policies is the focus of Cybersecurity Governance and Risk Management. This field is becoming ever more critical as a result. A wide variety of different roles and categories of business professionals have an urgent need for fluency in the language of cybersecurity risk management.
The Cybersecurity Guide to Governance, Risk, and Compliance meets this need with a comprehensive but accessible resource for professionals in every business area. Filled with cutting-edge analysis of the advanced technologies revolutionizing cybersecurity, increasing key risk factors at the same time, and offering practical strategies for implementing cybersecurity measures, it is a must-own for CISOs, boards of directors, tech professionals, business leaders, regulators, entrepreneurs, researchers, and more.
The Cybersecurity Guide to Governance, Risk, and Compliance also
Over 1300 actionable recommendations found after each section Detailed discussion of topics including AI, cloud, and quantum computing More than 70 ready-to-use KPIs and KRIs “This guide’s coverage of governance, leadership, legal frameworks, and regulatory nuances ensures organizations can establish resilient cybersecurity postures. Each chapter delivers actionable knowledge, making the guide thorough and practical.” —GARY MCALUM, CISO
“This guide represents the wealth of knowledge and practical insights that Jason and Griffin possess. Designed for professionals across the board, from seasoned cybersecurity veterans to business leaders, auditors, and regulators, this guide integrates the latest technological insights with governance, risk, and compliance (GRC)”. —WIL BENNETT, CISO
672 pages, Hardcover
Published May 28, 2024
4 people are currently reading
5 people want to read
About the author
Jason Edwards
90 books11 followersJason Edwards is a Houston native now living in San Antonio. He has been playing guitar
and drawing since the age of 16. As a former electrician of twelve years, Edwards then
moved into the telecommunications industry having spent five years installing new
equipment for all top tier carriers, both on the ground and on the tower. With a passion for
utilizing his imagination from a young age, Edwards decided to write his first children’s
book, Jason’s Imagination: The Rain King, based on his own experiences as a child.
and drawing since the age of 16. As a former electrician of twelve years, Edwards then
moved into the telecommunications industry having spent five years installing new
equipment for all top tier carriers, both on the ground and on the tower. With a passion for
utilizing his imagination from a young age, Edwards decided to write his first children’s
book, Jason’s Imagination: The Rain King, based on his own experiences as a child.
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
June 10, 2025
In The Sixth Sense, Cole Sear says, "I see dead people." When it comes to risk, a cybersecurity professional will see risk everywhere. Risk is built into the very fabric of information technology. In fact, if one does not understand risk, they can’t be a competent information security professional.
But risk is not limited to information systems; it's part of every part of our lives, from the water we brush our teeth with in the morning to the transportation we take to work, the food we eat at lunch, and the mattress we sleep in at night. It’s an inevitable part of life.
Sometimes, people think they can have a zero-tolerance approach to risk, but that is a fundamentally flawed idea. Jack Jones notes that the notion of zero risk tolerance is fundamentally logically flawed because it can never be achieved.
Jack Jones knows a thing or two about risk. He's chairman of the FAIR Institute, one of the foremost authorities in information risk management, and a co-author of Measuring and Managing Information Risk: A FAIR Approach, a seminal book about risk management. And
For example, if an organization handles even one sensitive customer record, there will always be some potential for that record to become compromised. In fact, he's argued that setting a policy to have zero risk tolerance may increase liability because an organization is automatically and inevitably out of compliance with that policy.
Jones said if he were involved in prosecuting that organization after a breach, he would use the existence of that policy against them, both from a noncompliance perspective and as evidence that they don't know what they're talking about.
Authors Jason Edwards and Griffin Weaver have written The Cybersecurity Guide to Governance, Risk, and Compliance (Wiley), a single-volume guide that provides a comprehensive overview of not just information security risk, but also GRC (governance, risk, and compliance).
While information security has existed for generations, GRC is a relatively new concept. Scott Mitchell of OCEG defines GRC as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty, and act with integrity." Those 19 words create a significant amount of work, which is why many enterprise organizations have large information security teams.
Edwards is a principal security director at Amazon Web Services (AWS), and Weaver is a legal director at Dell. Together, they have written a book that is a good mix of technical, business, and legal information.
A background in security is not required here. The good news is that after finishing the book, the reader will have a very solid understanding of all of the major concepts around GRC.
While not an official CISSP study guide, the book is a good reference for those studying for the CISSP exam.
There is no filler in the 31 chapters here, leaving no topic unearthed. Each chapter comes with a case study, and there are real-world scenarios throughout the book. The amount of information covered here is significant, and this is far from a single-seat book.
While the book contains a lot of theory, the authors provide plenty of actionable advice that the reader can implement.
For those looking for a robust and serious guide on GRC, The Cybersecurity Guide to Governance, Risk, and Compliance may have an underwhelming title, but it certainly makes up for it with excellent content.
But risk is not limited to information systems; it's part of every part of our lives, from the water we brush our teeth with in the morning to the transportation we take to work, the food we eat at lunch, and the mattress we sleep in at night. It’s an inevitable part of life.
Sometimes, people think they can have a zero-tolerance approach to risk, but that is a fundamentally flawed idea. Jack Jones notes that the notion of zero risk tolerance is fundamentally logically flawed because it can never be achieved.
Jack Jones knows a thing or two about risk. He's chairman of the FAIR Institute, one of the foremost authorities in information risk management, and a co-author of Measuring and Managing Information Risk: A FAIR Approach, a seminal book about risk management. And
For example, if an organization handles even one sensitive customer record, there will always be some potential for that record to become compromised. In fact, he's argued that setting a policy to have zero risk tolerance may increase liability because an organization is automatically and inevitably out of compliance with that policy.
Jones said if he were involved in prosecuting that organization after a breach, he would use the existence of that policy against them, both from a noncompliance perspective and as evidence that they don't know what they're talking about.
Authors Jason Edwards and Griffin Weaver have written The Cybersecurity Guide to Governance, Risk, and Compliance (Wiley), a single-volume guide that provides a comprehensive overview of not just information security risk, but also GRC (governance, risk, and compliance).
While information security has existed for generations, GRC is a relatively new concept. Scott Mitchell of OCEG defines GRC as "the integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty, and act with integrity." Those 19 words create a significant amount of work, which is why many enterprise organizations have large information security teams.
Edwards is a principal security director at Amazon Web Services (AWS), and Weaver is a legal director at Dell. Together, they have written a book that is a good mix of technical, business, and legal information.
A background in security is not required here. The good news is that after finishing the book, the reader will have a very solid understanding of all of the major concepts around GRC.
While not an official CISSP study guide, the book is a good reference for those studying for the CISSP exam.
There is no filler in the 31 chapters here, leaving no topic unearthed. Each chapter comes with a case study, and there are real-world scenarios throughout the book. The amount of information covered here is significant, and this is far from a single-seat book.
While the book contains a lot of theory, the authors provide plenty of actionable advice that the reader can implement.
For those looking for a robust and serious guide on GRC, The Cybersecurity Guide to Governance, Risk, and Compliance may have an underwhelming title, but it certainly makes up for it with excellent content.
Displaying 1 of 1 review