Stepping Through Cybersecurity Risk Management: A Systems Think Approach

Page xiv, Bayuk-STCRM-Figure Figure 1 – Implementation spelling corrected.

Page 38, Figure 2.14 deleted “will change to visual” on top, reflecting a missed plan to change the figure.

Page 95, Figure 4.5 corrected, had the activity in the destination IP column and vice versa.

Page 149, New version of NIST used in Figures 5.4 and 5.5. Already cited NIST-CSF v2 and used one of its pre-published figures in anticipation of its imminent publication.

Page 143, They scan enterprise systems for vulnerabilities in public-facing sites and if any are found, exploit the vulnerabilities to gain access to internal systems; that is, to penetrate them.

Page 162, Acronym edited to FMECA after misspelled twice as FMCEA

Page 187, Figures 7.3 and 7.4 relocated. The caption for one appears below the other. Ordinal is a traffic light and interval is temperature.

Page 213, “cybersecurity analysis form” changed to “cybersecurity analysis firm”

Page 240, reference to Figure 4.22 relocated to 4.21

Page 254, reference to Figure 9.9 relocated to Figure 7.13, the example vulnerability metric in chapter 7, Figure 9.9 includes a difference metric