Leanpub Header

Skip to main content
Go to Leanpub.com

Cybersecurity for Non-Technical Board Members and Executives – A Practical Guide to Making Decisions

Søren Jensen

A practical cybersecurity guide for boards and non-technical leaders, written in plain language. Learn how to ask better questions, understand real risk, and support stronger readiness without getting lost in technical detail.

Minimum price

$19.00

$29.00

You pay

$29.00

Author earns

$23.20
$

...Or Buy With Credits!

You can get credits with a paid monthly or annual Reader Membership, or you can buy them here.
PDF
EPUB
WEB
About

About

About the Book

Cybersecurity shows up in leadership meetings more than ever, but the conversation is often either too technical or too abstract to be useful. This book is written for board members, executives, and non-technical leaders who want a clear, practical way to understand what matters, make better decisions, and ask better questions without needing to become security specialists.

You will be guided through the foundations of modern cybersecurity in plain language: how attackers typically get in, what “good security” looks like in practice, and how to connect security work to business priorities such as uptime, customer trust, and regulatory expectations. The focus stays on what leaders can do: set direction, define accountability, interpret reporting, and support the organisation with the right governance and follow-up.

The book also highlights common areas where leadership choices make a real difference: identity and access, cloud risk, third-party exposure, basic hygiene, and incident readiness. It references well-known frameworks and good practice (for example NIST CSF, ISO 27001, CIS Controls and expectations such as NIS2), but the aim is not to turn you into a compliance expert. The aim is to help you lead calmly and credibly in a domain that can otherwise feel opaque.

If you are responsible for outcomes and risk, this book is meant to be a steady, actionable companion you can return to when you need clarity, structure, and a sensible next step.

Share this book

Categories

Computer SecurityManagementLeadershipEnterprise ManagementStrategy

Feedback

Email the Author

Author

About the Author

Søren Jensen

Søren is a cybersecurity specialist with over 20 years of experience from both large consulting environments and dedicated cyber teams. His daily work spans teaching, incident response, vulnerability and exposure management, risk assessment, and the design and implementation of security services for both private and public sector organizations.


He has extensive hands-on experience applying frameworks such as ISO 27001/27002 and the NIST Cybersecurity Framework, as well as adapting to modern regulatory requirements like NIS2. In his work, he focuses on turning abstract best practices into concrete, actionable improvements that fit real-world constraints: legacy systems, limited resources, and constantly evolving threats.


As an author, Søren aims to make cybersecurity architecture and risk management understandable and practical for readers who may have little or no technical background. His writing combines clear explanations with practical examples, checklists, and step-by-step guidance, helping beginners and decision-makers move from “we know we should do something” to “we know what to do – and how to start.”

Contents

Table of Contents

Foreword

Introduction

  1. Cybersecurity as a Leadership Issue, Not a Technical Domain
  2. Why This Book Exists
  3. The Challenge for Non-Technical Leaders
  4. How to Use This Book

Foundations and Security Theory for Non-Technical Leaders

  1. Cybersecurity Is About Risk, Not Technology
  2. Governance as the Foundation of Security
  3. Understanding Cyber Maturity
  4. The Role of Threat Actors and MITRE ATT&CK
  5. Scenario Thinking as a Leadership Skill
  6. Mini Case Study: When Governance Fails

Chapter 1: The Executive’s Role in Cybersecurity: What Leaders Must Own

  1. Cybersecurity Is a Business Decision First
  2. Leadership Responsibilities Defined by Global Standards
  3. “But I Am Not Technical” Is Not an Acceptable Limitation
  4. Example: The Board That Delegated Too Much

Chapter 2: How Board Members Make Cyber Decisions Without Technical Expertise

  1. Principle 1: Anchor All Decisions in Risk
  2. Principle 2: Focus on Trade Offs, Not Technical Mechanics
  3. Principle 3: Demand Clarity in Reporting
  4. Principle 4: Use Scenarios to Drive Clarity
  5. The Role of Risk Appetite in Cyber Decisions
  6. Example: The Power of Defined Appetite
  7. Closing

Chapter 3: Understanding Cyber Risk: A Deep Dive for Non-Technical Leaders

  1. The Structure of Cyber Risk
  2. Likelihood and Impact
  3. The Role of Risk Appetite
  4. Example: The Power of Defined Appetite
  5. Using This Chapter in the Boardroom

Chapter 4: Prioritization: How Leaders Decide What Matters Most in Cybersecurity

  1. Why Prioritization Is Difficult
  2. The Role of Critical Assets
  3. Balancing Risk Reduction and Operational Friction
  4. The Power and Limits of Risk Scoring
  5. Example: Misaligned Priorities
  6. Connecting Prioritization to Maturity and Strategy

Chapter 5: Cyber Governance: Building Structures That Enable Security

  1. Governance as a Leadership Function
  2. Components of a Cybersecurity Governance Model
  3. Building Accountability: Clear Lines of Responsibility
  4. Integrating Governance with Enterprise Risk Management
  5. Example: Strong Governance Avoids Tragedy
  6. Using This Chapter in the Boardroom

Chapter 6: Budgeting for Cybersecurity: Making Smart, Risk-Aligned Investments

  1. Why Cybersecurity Budgets Are Complex
  2. Linking Budget to Risk
  3. Understanding Cost Drivers
  4. A Numeric Example: Tool-Heavy Versus Team-Heavy
  5. Finding the Right Budget Level
  6. Example: Underfunding Creates Systemic Vulnerability

Chapter 7: What Boards Should Expect From a Modern CISO

  1. The CISO as a Business Leader
  2. Authority, Reporting Lines, and Independence
  3. What Good CISO Reporting Looks Like
  4. The CISO’s Role in Culture and Behaviour
  5. Example: The CISO Who Elevated a Company

Chapter 8: Cyber Maturity: How Executives Evaluate Progress and Weaknesses

  1. What Maturity Actually Measures
  2. Understanding the Five Classic Maturity Stages
  3. Interpreting Maturity for Decision Making
  4. Using Maturity to Guide Investments
  5. Example: Maturity Drives Resilience
  6. Using This Chapter in the Boardroom

Chapter 9: Scenario Planning: Preparing Leaders for Real-World Cyber Events

  1. Why Scenarios Work
  2. Types of Scenarios Leaders Should Use
  3. How Scenarios Guide Decision Making
  4. Designing and Running Scenario Exercises
  5. Example: The Exercise That Prevented a Disaster
  6. Using This Chapter in the Boardroom

Chapter 10: Cyber Resilience: Ensuring the Business Can Continue During Disruption

  1. Resilience Versus Security
  2. Core Elements of Resilience
  3. Tying Resilience to Critical Assets
  4. Regulatory Expectations for Resilience
  5. How Cyber Resilience Looks in Practice
  6. Example: Resilience Saves a Manufacturer
  7. Assessing Resilience in the Boardroom

Chapter 11: Supply Chain and Third-Party Cyber Risk: What Leaders Must Know

  1. Why Supply Chain Risk Is Rising
  2. Distinguishing Types of Third Parties
  3. Key Components of Third-Party Cyber Oversight
  4. The Role of Frameworks and Standards
  5. Example: Hidden Risk in an Outsourcing Partnership
  6. Closing Perspective

Chapter 12: Incident Response: What Executives Do During a Cyber Crisis

  1. Understanding the Executive Role
  2. The Phases of Incident Response
  3. Communication Under Pressure
  4. Balancing Business and Technical Decisions
  5. Example: Crisis Leadership Prevents Escalation
  6. Using This Chapter in the Boardroom

Chapter 13: Measuring Cybersecurity: Metrics Executives Can Trust

  1. What Makes a Good Cybersecurity Metric?
  2. Activity Metrics Versus Outcome Metrics
  3. Categories of Metrics That Leaders Should Track
  4. Metric Examples That Work for Boards
  5. A Narrative Example: A Quarterly Metrics Page
  6. Avoiding Bad Metrics
  7. Example: Transforming Metrics Into Insight
  8. Using This Chapter in the Boardroom

Chapter 14: Cyber Culture: Why People Shape the Organization’s Security More Than Technology

  1. Understanding Cyber Culture
  2. The Board’s Role in Shaping Culture
  3. Designing Processes That Support Secure Behavior
  4. Training and Awareness That Actually Change Behavior
  5. Encouraging Speak Up and Non Punitive Reporting
  6. Case Example: Culture Prevents Escalation

Chapter 15: Digital Transformation: Integrating Security Into Innovation

  1. Why Digital Transformation Raises Cyber Risk
  2. Embedding Security Into Design
  3. The Executive Role in Enabling Secure Innovation
  4. Managing Cloud and Platform Complexity
  5. Tying NIST SSDF to Executive Decisions
  6. Example: Secure Transformation as a Competitive Advantage

Chapter 16: Executive Oversight: How Boards Challenge, Validate, and Direct Cybersecurity

  1. The Purpose of Oversight
  2. Structures That Support Oversight in Practice
  3. Oversight Through Strategic Questions
  4. Oversight of Resources and Capabilities
  5. Oversight Cadence: What Happens When
  6. Example: Oversight That Prevented a Crisis
  7. Using This Chapter in the Boardroom

Chapter 17: Compliance, Regulation, and Legal Exposure: What Executives Must Understand

  1. Why Cyber Regulation Matters
  2. NIS2: Board Accountability for Cyber Risk
  3. ISO 27001: Management Systems and Leadership Commitment
  4. GDPR: Data Protection and Incident Handling
  5. DORA and Sector-Specific Financial Regulations
  6. Non-EU Example: SEC Cyber Disclosure Rules and NYDFS
  7. Legal Liability and Executive Responsibility
  8. Example: Compliance Failure Leads to Systemic Impact
  9. Using This Chapter in the Boardroom

Chapter 18: Cyber Insurance: What Leaders Need to Know About Transferring Cyber Risk

  1. The Purpose of Cyber Insurance
  2. The Changing Nature of Underwriting
  3. Understanding Coverage Types
  4. Common Exclusions and Conditions Executives Should Know
  5. Integrating Insurance With Cyber Governance and Controls
  6. Insurance and Incident Response
  7. Example: Insurance Reduces Financial Impact, Not Risk
  8. Closing Perspective

Chapter 19: Building a Cybersecurity Strategy: A Practical Framework for Executives

  1. Why a Cybersecurity Strategy Matters
  2. Foundations of a Strong Cyber Strategy
  3. Connecting Strategy to Risk Appetite
  4. Integrating Risk, Prioritization, Budget, and Maturity
  5. Prioritizing Strategic Initiatives
  6. A Three Year Strategic Horizon
  7. Example: Strategic Direction Enables Predictable Progress
  8. Using This Chapter in the Boardroom

Chapter 20: Technology Fundamentals for Non-Technical Leaders: What You Actually Need to Know

  1. Why Leaders Need Technology Awareness, Not Technical Skills
  2. Identity and Access: The Modern Security Perimeter
  3. Networks and Segmentation: Containing the Blast Radius
  4. Logging and Monitoring: Visibility Enables Response
  5. Backups and Recovery: The Last Line of Defence
  6. Cloud and Shared Responsibility
  7. Example: Conceptual Understanding Prevents Disaster

Chapter 21: Executive Decision Models: How Leaders Make Strong Cyber Choices Under Uncertainty

  1. Why Cyber Decisions Are Difficult
  2. The Risk - Impact - Cost Model
  3. The Minimum Viable Security Model
  4. The Scenario Readiness Model
  5. The Strategic Alignment Model
  6. Example: Decision Models Prevent Poor Investment
  7. Closing Perspective

Chapter 22: Implementation Roadmap: How Executives Turn Strategy Into Action

  1. Why Implementation Fails in Many Organizations
  2. Principles of an Effective Roadmap
  3. A Three Phase Model for Executives
  4. Governance and Accountability Within the Roadmap
  5. Example: A Roadmap That Transformed an Organization
  6. Closing Perspective

Chapter 23: Case Studies: Cybersecurity Decisions in Organizations

  1. Case Study 1: The Ransomware Crisis That Exposed Governance Gaps
  2. Case Study 2: The Financial Firm That Turned Cybersecurity Into a Competitive Advantage
  3. Case Study 3: The Manufacturer Saved by Scenario Planning

Chapter 24: Conclusion: Cybersecurity as a Permanent Leadership Discipline

  1. Cybersecurity Is Leadership, Not Technology
  2. Decision Making Requires Clarity, Not Technical Detail
  3. Governance, Risk Appetite, and Culture: The Core Levers
  4. Resilience, Scenarios, and Supply Chains: Preparing for the Inevitable
  5. Strategy, Roadmaps, and Technology Fundamentals
  6. The Future of Executive Cyber Governance
  7. Final Reflection: Leadership Creates Cyber Resilience

Appendix: Glossary, Framework Mappings, and Executive Checklists

  1. Glossary of Key Terms
  2. Executive Reference Tables
  3. Executive Checklists
  4. Framework Mapping: Executive Summary
  5. Final Executive Reflection

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub