Basics of Cyber Risk

In sum, there will always be risk. And Cybersecurity at its core is the management of risk related to internet connected businesses

• Internet-based threats
• Vulnerabilities of internet-facing systems

Elements of Risk

Risk Assessment determines threat and likelihood the event will occur, things to consider

Threat Actor - for which motivations can include financial gain, peer recognition, disrupting services, intelligence gathering

Vulnerabilities - databases, workstations, servers and networks. I.e. a flash flood in a basement data centre. Power supply issues affecting network servers.

Controls need to be put in place for each threat scenario.

From my reading of the topic thus far, it has been interest to peel back a layer around risk. Initially, I have come across Cyberattacks such as Wannacry, Stuxnet and Sony Pictures and with this topic I am looking forward to delving deeper into how they took place, which specific vulnerabilities were exploited and lessons learnt I’d apply in my GRC posture.

Once risks are identified through the assessment, there are the following risk treatments

• Risk acceptance
• Risk avoidance
• Risk transfer
• Risk mitigation

Risk Bubble Chart

The CIA Triad