Risk Management: The what, the how, and next steps in advancing your cyber career

When we talk about cybersecurity, for the most part, we are talking about the protection of systems and information from threat vectors such as: cyber espionage, cyber warfare, cyber terrorism, cyber negligence (looking at you Sony). In their most troublesome form, these threats take aim or point at military, secret, political, or infrastructure assets of a country and its people. It is the most vital part of any government or particular organization’s security strategy. In other words, it protects you against the unauthorized use of electronic data. Just for the record, US has allotted $19 billion in 2016 alone and that number is expected to grow annually until at least 2020. It is no secret modern day technological advancement effortlessly outpaces regulatory needs and standards. Cybersecurity risk management is the essential and primary element in the world of preventative countermeasures within cybersecurity to help stave the often-overlooked security risks involved with business at the speed of thought.To be clear, risk a management is not isolated to a single solution that resides next to your firewall. Far from it. Risk management is in fact a mindset and strategy to securing a platform. It is the confidentiality, availability, and integrity of the system’s data along with all applicable IT frameworks, standards, controls, and compliance requirements.The basic aim of cybersecurity risk management is to identify, determine and evaluate cybersecurity risks. By including the control guidance and best practice frameworks, you can quickly find gaps in your platform and determine not only how to prevent them but implement an effective response.Let’s talk about risk management with the help of qualitative and quantitative risk management practices and guidance.Identify: Identify and control the access to information for individuals. Maintain background checks of those individuals and password protected account for each individual. You also need to understand the resources and risks for your organization.Protect: Limit the access to data and information. Use hardware and software firewalls on all your networks.Detect: Timely discovery of the information security incidents, and regularly update the antimalware software on all your devices.Respond: The activities to enable the response at the right time to an information security disturbance.Recover: The activities that allow recovery of regular operations after any security incident. Such activities include an incident response plan from your CSIRT, business continuity plan from management, and a disaster recovery plan that details how to bring the system back online after an event. Personnel: Insider threats are the single most overlooked security vulnerability. While not all are of malicious intent, a lack of proper security training can lead to gross negligence. Pay heed to contractors and employees and watch for uncommon and activities.The Need for Skill in Today's Cyber Job Market: Forbes recently reported that cybersecurity job vacancies in 2016 were over one million and numerous jobs paying far above average salaries. In my local area, Washington DC. Metro, the average CISO salary is $225,000. DC is no outlier. The founder of US-based Indigo Partners Veronica Mollica recently said, “The job market for cyber security is on fire.”In the end, risk management is mission critical in the day-to-day check and balance of business at the speed of thought. We cannot run away from risk, instead of waiting for the attack, we can identify the risk, protect the assets, detect the threat, respond as needed, and ultimately recover. It is not just the responsibility of the CISO, IT Governance, InfoSec team, or CSIRT to identify and mitigate risk. It is the responsibility of all end users. Looking to enhance your risk management skills and resume at the same time? Use coupon code NORISK to take this Risk Management Certification course from team Cybrary.This blog was originally posted on the LinkedIn and has be republished with permission. To access the original version, click here.