When we look at Cybersecurity, we balance risk and reward. How do we plan for risks in our Cybersecurity plan?
A few weeks ago we talked about the formal approach to risk. Turn back to Episodes 15-19 for the full discussion.
In short, you make a list of threats. Score them by probability and impact. And then decide how to handle them.
You generally have four choices:
This approach is a cornerstone of Cybersecurity.
As you develop your risk management plan, you’ll keep an eye on both the systems you manage and the data your firm handles. You may eliminate entire business practices that are unsafe but not critical to your business.
You’ll put controls in place to appropriately handle risks you accept. What’s appropriate for each risk depends on how its likelihood and impact match up to the firm’s risk tolerance.
You may be surprised. There’s some good software out there to help you manage data as it moves around your company. And there are some good service providers that watch for security incidents and can react as they’re happening.
Tomorrow, we’ll talk about some of the frameworks for Cybersecurity.
I’m Carter Edmonds with 20CREEK. We help you build IT you’ll brag about.
Episode #52 – 2/20/2019