The Importance Of Cyber Risk Management

2313 Words5 Pages

The phrase ‘cyber risk’ means jeopardizing an organization’s financial status and revenue due to the advancement in technology (IRM, 2014). The concern with the increase growth in technology, it causes a high risk in security and privacy. Cyber risk may not only occur in big or small organizations, but also data breach in high-profile personnel’s or release of government documents. While businesses and society continue to engage in the use of technology, the potential cyber threat is really underestimated. Cyber risk management will help prevent the release of confidential and personal information to the attackers. Some examples of recent cyber attacks are the massive data breach at Target and the leak of confidential information in Panama. …show more content…

Raj Chaudhary and Jared Hamilton from Crowe Horwath, devised five attributes to an effective cyber security risk management that should be implemented in all cyber risk managements. The first attribute should be an effective framework. An effective framework is the centerpiece for any organization that want to achieve something. In this case, it is the vital and most important piece that manages the security of data as well as the infrastructure. One of the widely accepted frameworks is the National Institute of Standards and Technology (NIST) Cybersecurity framework. The purpose of this framework is to provide a basic set of standards and guidelines for organizations to follow to protect against cyber attacks. There are other frameworks such as ISO/IEC Security Control standards, FFIEC Cybersecurity assessment, and FCC Cybersecurity planning guide. These frameworks have varying guidelines and standards but all of these frameworks tackle the five core functions of NIST which are: identify, protect, detect, respond, and recover. The important point here is not choosing what framework is best because all organizations differ but to establish a …show more content…

Hackers who are able to get into the network must be detected quickly, otherwise there is a risk that they will be able to steal keys necessary to decrypt the system and steal important data. All portable devices, servers, and other media where data may be stored should be encrypted. The expansion of encryption could help keep sensitive information protected, even if the information has been stolen. Furthermore, it is important to note, encryption should not be used as the only defense mechanism against a cyber attack.

Cyber Kill Chain
The kill chain was developed by defense giant Lockheed Martin and it describes the different stages of cyber attacks. The cyber kill chain consist of seven steps which amplify visibility into the possibility of being attacked and give analyst a better understanding of an hacker 's tactics, procedures, and expertise. In order for an organization to be successfully hacked an adversary must complete all seven steps. The cyber kill chain is as follows:

Step 1:

More about The Importance Of Cyber Risk Management

Open Document