• About Talenttalks   |
  • FAQ   |
  • Events   |
  • Contact Us
Cart / R0.00

No products in the basket.

My account
Talenttalks
No Result
View All Result
Login
  • Culture & Engagement
  • Diversity
  • Hybrid World
  • Inspire
  • Learning & Performance
  • Magazine
  • Tools
  • Wellbeing
  • Culture & Engagement
  • Diversity
  • Hybrid World
  • Inspire
  • Learning & Performance
  • Magazine
  • Tools
  • Wellbeing
Login
Talenttalks
No Result
View All Result
Home Learning and Performance

Labour Highlights : How to manage information security risk

Alison Lee by Alison Lee
May 18, 2022
in Learning and Performance
Reading Time: 5 mins read
0
Labour Highlights : How to manage information security risk
0
SHARES
0
VIEWS

Cyber Risk Management Must Be Part Of Enterprise Risk Management

Every organization should have a comprehensive enterprise risk management in place that addresses four categories:

  1. Strategy: High-level goals aligning and supporting the organization’s mission;
  2. Operations: Effective and efficient use of resources;
  3. Financial reporting: Reliability of operational and financial reporting;
  4. Compliance: Compliance with applicable laws and regulations.

Cyber risk transverses all four categories and must be managed in the framework of information security risk management, regardless of your organization’s risk appetite and risk sensitivity.

HOW TO THINK ABOUT CYBER RISK

Cyber risk is tied to uncertainty like any form of risk.

As such, we should use decision theory to make rational choices about which risks to minimize and which risks to accept under uncertainty. 

In general, risk is the product of likelihood times impact giving us a general risk equation of: risk = likelihood x impact. 

IT risk specifically can be defined as the product of threat, vulnerability and asset value: risk = threat x vulnerability x asset value.

What is a threat? A threat is the possible danger an exploited vulnerability can cause, such as breaches or other reputational harm. Threats can either be intentional (i.e. hacking) or accidental (e.g. a poorly configured S3 bucket, or possibility of a natural disaster).Think of the threat as the likelihood that a cyber-attack will occur.

What is a vulnerability? A vulnerability is a threat that can be exploited by an attacker to perform unauthorized actions. To exploit a vulnerability, an attacker must have a tool or technique that can connect to a system’s weakness. This is known as the attack surface.It’s not enough to understand what the vulnerabilities are, and continuously monitor your business for data exposures, leaked credentials and other cyber threats. The more vulnerabilities your organization has, the higher the risk.

What is asset value? Arguably, the most important element of managing cyber risk is understanding the value of the information you are protecting. The asset value is the value of the information and it can vary tremendously. Information like your customer’s personally identifying information (PII) likely has the highest asset value and most extreme consequences.PII is valuable for attackers and there are legal requirements for protecting this data. Not to mention the reputational damage that comes from leaking personal information.

HOW TO MANAGE INFORMATION SECURITY RISK

 Good news, knowing what information risk management is (as we outlined above) is the first step to improving your organization’s cybersecurity.

The next step is to establish a clear risk management program, typically set by an organization’s leadership. That said, it is important for all levels of an organization to manage information security, as vulnerabilities can come from any employee and it is fundamental to your organization’s IT security to continually educate employees to avoid poor security practices that lead to data breaches.

This usually means installing intrusion detection, antivirus software, two-factor authentication processes, firewalls, continuous security monitoring of data exposures and leaked credentials, as well as third-party vendor security questionnaires.

CONCLUSION

Cybersecurity risk management is an important part of the lifecycle of any project. Organizations need to think through IT risk, perform risk analysis, and have strong security controls to ensure business objectives are being met.

However Risk avoidance isn’t enough. Organizations with information security policies but no security programs to protect their IT systems have insufficient security management practices.

Previous Post

5 Tips to Developing Good Relationships – It’s Worth the Effort!

Next Post

Saying thank you in 2020

Alison Lee

Alison Lee

Alison Lee is an admitted attorney and a member of the South African Law Society. Alison practices under a fidelity certificate for the law firm Lee Attorneys. Alison Lee runs a successful legal regulatory and compliance consultancy company, known as Lee’s Compliance. Lee’s Compliance provides advice and opinion on regulatory and compliance related issues, compliance training for lawyers and business people as well as a compliance related software solution, marketed under the name and style, The Legal Team. The Legal Team is a dedicated legal compliance and contract software management tool, which houses a wide range of compliance and contract related material and information, which tool is customized to suit an organization’s particular purpose.

Related Posts

Diversity, Equity and Inclusion (DEI) and belonging require leaders who will move beyond awareness
Article

Diversity, Equity and Inclusion (DEI) and belonging require leaders who will move beyond awareness

February 28, 2023
Addressing the gender gap requires effort on both sides of the equation
Article

Addressing the gender gap requires effort on both sides of the equation

February 28, 2023
Why it’s important for more men to join the fight for gender parity
Article

Why it’s important for more men to join the fight for gender parity

February 28, 2023
Discussing disconnected syndrome Podcast
Culture and Engagement

Dare to see us interview with Rikky Minyuku

February 28, 2023
To get to the Boardroom you need a career village
Article

To get to the Boardroom you need a career village

February 28, 2023
Women are better leaders than men
Article

Women are better leaders than men

February 28, 2023
Next Post
Saying thank you in 2020

Saying thank you in 2020

Topics

  • Culture and Engagement
  • Diversity
  • Employee Wellbeing
  • Events
  • Inspire
  • Learning and Performance
  • Reflection point
  • Sponsored Article
  • The Hybrid World of Work
  • Tools & Tips

Important Links

About Talenttalks

FAQ

Contact Us

Recent articles

Quick Menu

  • About
  • Culture and Engagement
  • Learning and Performance
  • The Hybrid World of Work
  • Employee Wellbeing
  • Podcasts
  • Events
  • FAQ

Newsletter Signup Form

Select list(s) to subscribe to


By submitting this form, you are consenting to receive marketing emails from: . You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact

© Talenttalks Evolve Thinking  |   Privacy Policy   |   Terms and Conditions   |   HTML Sitemap

  • Culture & Engagement
  • Diversity
  • Hybrid World
  • Inspire
  • Learning & Performance
  • Magazine
  • Tools
  • Wellbeing

© Talenttalks Evolve Thinking  |   Privacy Policy   |   Terms and Conditions   |   HTML Sitemap

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.