Risk Management: The what, the how, and next steps in advancing your cyber career

Join Cybrary

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATION
Already a Member Login Here

< Back to Blog Posts

Risk Management: The what, the how, and next steps in advancing your cyber career

Published: January 19, 2017 | By: Olivia | Views: 1853
save

When we talk about cybersecurity, for the most part, we are talking about the protection of systems and information from threat vectors such as: cyber espionage, cyber warfare, cyber terrorism, cyber negligence (looking at you Sony). In their most troublesome form, these threats take aim or point at military, secret, political, or infrastructure assets of a country and its people. It is the most vital part of any government or particular organization’s security strategy. In other words, it protects you against the unauthorized use of electronic data. Just for the record, US has allotted $19 billion in 2016 alone and that number is expected to grow annually until at least 2020.

riskIt is no secret modern day technological advancement effortlessly outpaces regulatory needs and standards. Cybersecurity risk management is the essential and primary element in the world of preventative countermeasures within cybersecurity to help stave the often-overlooked security risks involved with business at the speed of thought.

To be clear, risk a management is not isolated to a single solution that resides next to your firewall. Far from it. Risk management is in fact a mindset and strategy to securing a platform. It is the confidentiality, availability, and integrity of the system’s data along with all applicable IT frameworks, standards, controls, and compliance requirements.

The basic aim of cybersecurity risk management is to identify, determine and evaluate cybersecurity risks. By including the control guidance and best practice frameworks, you can quickly find gaps in your platform and determine not only how to prevent them but implement an effective response.

Let’s talk about risk management with the help of qualitative and quantitative risk management practices and guidance.

Identify: Identify and control the access to information for individuals. Maintain background checks of those individuals and password protected account for each individual. You also need to understand the resources and risks for your organization.

Protect: Limit the access to data and information. Use hardware and software firewalls on all your networks.

Detect: Timely discovery of the information security incidents, and regularly update the antimalware software on all your devices.

Respond: The activities to enable the response at the right time to an information security disturbance.

Recover: The activities that allow recovery of regular operations after any security incident. Such activities include an incident response plan from your CSIRT, business continuity plan from management, and a disaster recovery plan that details how to bring the system back online after an event. risk_management

Personnel: Insider threats are the single most overlooked security vulnerability. While not all are of malicious intent, a lack of proper security training can lead to gross negligence. Pay heed to contractors and employees and watch for uncommon and activities.

The Need for Skill in Today’s Cyber Job Market: 

Forbes recently reported that cybersecurity job vacancies in 2016 were over one million and numerous jobs paying far above average salaries. In my local area, Washington DC. Metro, the average CISO salary is $225,000. DC is no outlier. The founder of US-based Indigo Partners Veronica Mollica recently said, “The job market for cyber security is on fire.

In the end, risk management is mission critical in the day-to-day check and balance of business at the speed of thought. We cannot run away from risk, instead of waiting for the attack, we can identify the risk, protect the assets, detect the threat, respond as needed, and ultimately recover. It is not just the responsibility of the CISO, IT Governance, InfoSec team, or CSIRT to identify and mitigate risk. It is the responsibility of all end users. Looking to enhance your risk management skills and resume at the same time? Use coupon code NORISK to take this Risk Management Certification course from team Cybrary.

This blog was originally posted on the LinkedIn and has be republished with permission. To access the original version, click here.

tommy_digitalAbout the Author: Thomas Callahan is a Software Engineer at Cybrary.

 

 

< Back to Blog Posts
Enjoy this blog post? Want more Cybytes?
Invite a Friend
and share now
Facebook Twitter Google+ LinkedIn Email
Join Cybrary
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel