The MBA Guide to IT

Episode 52 – How does risk planning affect Cybersecurity?

When we look at Cybersecurity, we balance risk and reward.  How do we plan for risks in our Cybersecurity plan?

A few weeks ago we talked about the formal approach to risk.  Turn back to Episodes 15-19 for the full discussion.

In short, you make a list of threats.  Score them by probability and impact.  And then decide how to handle them.

You generally have four choices:

  • You can accept the risk – The risk/return is strong enough to move forward.
  • You can avoid the risk – The risk/return isn’t worth it.
  • You can mitigate the risk – If we take these steps, the risk/reward looks better.
  • You can transfer the risk – We’ll buy insurance or a warranty or a service contract.
  • This approach is a cornerstone of Cybersecurity.

    As you develop your risk management plan, you’ll keep an eye on both the systems you manage and the data your firm handles.  You may eliminate entire business practices that are unsafe but not critical to your business.

    You’ll put controls in place to appropriately handle risks you accept.  What’s appropriate for each risk depends on how its likelihood and impact match up to the firm’s risk tolerance.

    You may be surprised.  There’s some good software out there to help you manage data as it moves around your company.  And there are some good service providers that watch for security incidents and can react as they’re happening.

    Tomorrow, we’ll talk about some of the frameworks for Cybersecurity.

    I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

    Episode #52 – 2/20/2019

    We use cookies to operate the site, improve your experience, and personalize our interactions with you.
    By continuing to use our site, you accept our use of cookies.
    Please see our Privacy Policy, Terms of Use, Disclaimer, and Cookie Policy.