One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 872624 |
| Date de publication | 2018-10-31 13:00:00 (vue: 2018-10-31 15:03:17) |
| Titre | It\'s the Season of Lists - Time for a Meaningful Risk List |
| Texte |
I attended the Cybersecurity Summit in Phoenix recently and presented on the topic of minimizing risk. There were some great conversations around the value of risk management within the cyber threat landscape. Here are some of my musings from the event.
We are now at the forefront of a world of digital transformation. Beyond being a buzz word digital is part and parcel of our daily lives today. According to the World Economic Forum report earlier this year, cyber-attacks and date theft/fraud bubbled up to number two and three of the top five threats in terms of likelihood of occurrence and cyber risks intensified. With the scale of attacks today, along with the ingrained expectation that you’re either an organization that has been breached or you’re going to be, there is a lot of chatter about investments being made in cybersecurity technologies and how breaches still happen. Prevention is now being balanced with detection and response. Given this, the focus has turned to the need for cyber to be addressed as a business challenge and measurement of risk is key.
Before you go ahead with a cybersecurity investment plan for 2019, consider answering the questions below.
• What are your top 5 cyber risks based on priority?
• Can you describe the actual loss impact in business terms for each of your top 5 risks?
• How are these cyber risk impacts aligned to your risk appetite?
•Are you truly reporting on cyber risks or is it compliance driven with reporting on control effectiveness?
• Have you considered how you plan to deal with the current risks, emerging risks and treat these risks on an ongoing basis?
A common business edict is: “If we can measure it, we can manage it.” In the security space, the term GRC (Governance, Risk and Compliance) is common, but typically most organizations have been driven by the compliance focus. Spending has been primarily compliance driven, and along the way, too many risk assessments have been conducted with a checklist approach. As you plan for the 2019 cybersecurity budget, here are four handy tips to consider that can help cut to the core of cyber risk management.
1. Risk counts, but don’t just be counting
Counting all the risks – as an end – is just a part of thorough risk identification. The question is not, in any case, how many risks you can think up, but what is relevant to your business, i.e. what exactly the key vulnerabilities are in achieving your business objectives.
2. Ongoing debate of Qualitative versus Quantitative
The key here is structured versus abstract. You must be able to measure the risk and quantify it. However, if your organization is going the qualitative route, keep in mind you must back the risk with data to differentiate the levels of risk. After you have conducted a meaningful risk assessment to identify the inherent risks faced because of the business you do, the next step will be to understand what Risk Mitigation strategies are required, with what priority, invoking what resources.
3. Continuous Cyber Risk Monitoring
Cyber risk presents a moving target as organizations undergo major transformations by accelerating cloud adoption, increasing digital transformation investments, and advancing data analytics sophistication. As these transformations continuously grow the digital footprint, they outpace the security protections companies have in place.
|
| Envoyé | Oui |
| Condensat | •are “if according 2019 able about abstract accelerating acceptable achieving actual address addressed adoption advancing after ahead aligned all along also analytics answering any appetite approach are around assess assessment assessments attacks attended back balance balanced based basis because become been before being below best beyond breach breached breaches bubbled budget build business businesses but buzz can case challenge changing; chatter checklist close cloud common companies compliance conclusion conducted consider considered continuous continuously control controls conversations core cost counting counts current cut cyber cybersecurity daily data date deal debate defensive defining deliver describe detection different differentiate difficult digital don’t driven each earlier economic edict effective effectiveness either eliminate elusive emerging end essential even event ever evolution exactly expands expectation faced fascinating finance financial finite five focus footprint forefront forum four from function fundamental future getting given goals going governance grc great grow handy happen harm has have hear help here how however idea identification identify impact impacts impossible inadequate increasing inevitably ingrained inherent insights intensified investment investments invoking is: its just keep key know landscape level levels likelihood list lists lives loss lot love made major manage management many may meaningful measure measurement measures mind minimizing mitigation monitoring more most move moving musings must need new next not now number objectives occurrence occurring ongoing only operations organization organizations outpace parcel part partnership phoenix place plan point potential presented presents prevention primarily priority privacy profiles proportionate protections qualitative quantify quantitative question questions quickly realize recently recognized reduce reducing regulatory relevant report reporting require required requirements resources response review reward risk risks roadmap route scale season secure security should some sooner sophistication space specific spending stability step strategies strategy structured successful suffered summit target techniques technologies term terms than theft/fraud them these think thorough threat threats three through time tips today tolerance too top topic transformation transformations treat truism truly turned two types typically undergo understand value versus vulnerabilities want way what where will within word world would year you’re your |
| Tags | Data Breach Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.