Menu
CYBERSECURITY FOR BUSINESS
Chapter 1 – Cybersecurity is (Not) an IT Issue
Chapter 2 – Effective Cybersecurity Principles for Boards of Directors
Chapter 3 – Structuring for the Digital Age
Chapter 4 – A Modern Approach to Assessing Cyber Risk
Chapter 5 – The Role of HR Functions in Scaling Cybersecurity and Building Trust
Chapter 6 – Cybersecurity and the Office of the General Counsel
Chapter 7 – Cybersecurity Audit and Compliance Considerations
Chapter 8 – Cyber Supply Chain and Third-Party Risk Management
Chapter 9 – Technical Operations
Chapter 10 – Crisis Management
Chapter 11 – Cybersecurity Considerations During M&A Phases
Chapter 12 – Developing Relationships with the Cybersecurity Team
Chapter 4 - A Modern Approach to Assessing Cyber Risk
summary
At an enterprise-wide level, business leaders have to decide which risks to remediate. This decision generally comes down to risk tolerance and budget. Since budget is finite, business leaders need a way to compare all risks. This comparison provides a means to prioritize the most critical risks. The key risk register (KRR) is an enterprise-wide, top-level report that organizes the cluster of all KRI’s into one view for comparison purposes.
WHen CoMPareD to traDItIonaL CYBer rIsK MetHoDs…
Traditional cyber risk methods seldom integrate well with other business risks. from heatmaps to compliance checklists, these methods fail to articulate cyber risk in financial detail. Hence, the results have limited use and cannot easily be incorporated into enterprise-wide reporting.
As an example, a risk heatmap would indicate that a certain risk is red. red indicates high risk. But what does this actually mean? Does it mean that the forecast of cyber risk is greater than all other business risks? Without this context, business leaders cannot compare cyber risk with all other business risks and set enterprise-wide strategy.
Previous
Next
Key Ideas
- There are flaws with the traditional qualitative cyber risk assessment methods and a modern approach is needed.
- Cyber risk must be defined in relation to enterprise-wide risk management.
- Modern cyber risk assessment plays an important role in translating cybersecurity metrics into financial details.
- Modern cyber risk assessment provides a means for cyber risk evaluation and forecasting financial exposure due to cyber risk.
- Modern cyber risk assessment provides a set of prioritized remediation and transfer guidance and aligning cyber risk with enterprise-wide risk management reporting.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
CONTACT
| 703-907-7090
| admin@isalliance.org
| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
USA
HELPFUL LINKS
ABOUT
ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.
