Assign

Risk Management in CyberSecurity

https://www.youtube.com/watch?v=1aX29t2wBYQ

In the video, the presenter describes steps that businesses and other entities can take to assess, manage and secure their operations from cyber attacks. In the initial section, the presentation asserts that Cyber-attacks have today become more pervasive than ever. Each and every business in the world today, whether small or large, is at a risk of cyber-attack. Some of the issues addressed by the video include the breach lessons learnt in 2014 and the threats that were experienced in 2015. More importantly, it deals with issues of the drivers behind CuberSecurity risk management adoption. In addition, the video talks about the most important impacts that CyberSecurity threats have on businesses all over the world. Furthermore, it deals with the frequency of assessing the risks and the benefits of continuous monitoring of security. Moreover, a tool known as Aegify automated tool is described in details. The tool is used in the management of risk, security and compliance.

Today in the world of technology, there have been numerous inventions such as Machine Learning (ML) and Artificial Intelligence (AI) (Sun, pg. 4). Consequently, these new technologies have come with the capacity to enhance the productivity, user engagement and revenue of a company. Nevertheless, these new technologies also come with an increased risk pertaining to Cyber-attacks which has devastated many businesses. Therefore, it is important for students to gain the knowledge about these new technologies and the risks attached to them. More importantly, the video suggest that students need to gain the knowledge on how to assess, manage and secure important assets from the impending attacks by the technologies. From the video, students are exposed to the factors that drive companies to adopt CyberSecurity risk management strategies. Thus, it exposes them to important source of information which they can employ in their future careers as IT professionals to secure businesses from risks.

https://www.youtube.com/watch?v=Z1w0wCIOHHw

The video is a short presentation of the most fundamental principles that should be considered to ensure formulation of an effective CyberSecurity risk management program. Organizations are today faced with the emergence of new regulations on CyberSecurity risk management. CyberSecurity risk programs incorporates computer hardware, software, algorithms, and programming. Nevertheless, the impact of these programs are only felt upon interaction with humans. For an organization to claim to have an effective risk management program, it is required to have everything, from incidence response plan to program policies as well as breach notification procedures. The video provides an example of the banking and insurance companies that have to prove compliance to their industry regulators. More importantly, however, the video asserts that each and every business needs to understand the importance of approaching CyberSecurity risk management programs in a holistic manner. Furthermore, one ought to know what to do before the real risk occurs. Finally, it is apparent that there are certain important components of modern CyberSecurity programs. Fundamentally, 10 principles of risk management are provided in the presentation. The principles include simplicity, abstraction, least privileged, domain separation, process isolation, resource encapsulation, layering, modularization, minimization and information hiding.

Therefore, it is pivotal for students to understand that there are a set of principles that must be followed in-order to achieve an effective CyberSecurity risk management (Sun, pg. 2). Risk management principles pertain to how people and organizations make decision concerning the use of technology. The 10 principles of risk management helps students to identify the important factors to consider when engaging in the process of risk management. For instance, when handling a less complicated system comes with the advantage that it becomes easier to monitor, troubleshoot and fix. In addition, it becomes less likely to encounter any problems. All these are presented by the principle of simplicity. On the other hand, the principle of abstraction requires that the process comes up with a fancy word that summarizes the events and becomes easier to understand. Finally, the principle of least privileged states that there should be a boundary and limits on access to your information.

https://www.youtube.com/watch?v=9-3UXZhYyMk

The video focuses on CyberSecurity risk assessments. In the video, data and information is presented concerning a study on CyberSecurity risk management by different managers. The vied therefore begins by asking the question “how effective is your IT governance structure and what is your risk appetite?” The presentation examines the IT structure of companies and questions managers concerning IT compliance practices. Among the factors that are considered are whether there is an effective risk governance structure, whether there are effective information risk policies and whether an adequate cyber insurance is present. More importantly, the video provides data on these topics for easier interpretation. For instance, that 12% of the worst breaches in security are as a result of giving less priority to security by managers. In addition, in the past one year, 26% of the IT departments have not presented to their boards reports on CyberSecurity risk management. However, this is taking place in the age when the IT world is full of threats.

Students benefit from the information presented in the video by first understanding that the IT world is full of threats and these threats require effective means to mitigate. Furthermore, the most fundamental information from the video is the need to form an effective risk assessment process. In-order to counter the threats of Cyber-crime, it is imperative that companies come up with better strategies. Risk assessment refers to the process of conducting internal security audits which help companies to keep up with the compliance programs (Lavelanet, pg. 1). Apparently, the study carried out shows that most risk occur as a result of negligence. Furthermore, most IT departments fail to report the risk management processes to their boards and this further enhances the risks. Assessing and reporting the risk makes it easier for the company to deal with the risk. Therefore, assessments and reporting of the risks should be conducted on a regular basis.

https://www.youtube.com/watch?v=kOPm7rWm-J4

The video is on risk avoidance and it kicks off by stating that risk avoidance means stopping participating in high risk activities. In other words, risk avoidance is the direct opposite of accepting the risk. Furthermore, the video suggests that risk avoidance is all or nothing kind of undertaking (Bugajenko, pg. 1). The video provides the example of universities and colleges which have access to open internet thus people take advantage by downloading very risky materials. However, the administration acknowledges that the open access to the internet may be good but there is need to avoid the risk. A decision has to be always made on a business perspective on whether it is something worth risking. More importantly, the video suggests that one of the ways to avoid the risk is to transfer it to someone else. For instance, if we expect a hurricane to occur, then we need to insure our assets so that in case it really takes place, the insurance company bears the risk. Acceptance is another way to avoid risks and this entails taking a bold business decision that the company has to take the risk of engaging in a project.

Students benefit from the information since it presents ways in which risks can be avoided and in case it cannot be avoided totally, how it can be transferred or accepted. The information is pivotal for the students in learning about risk management. For instance, in an insurance situation, when you get rid of a risky object from your vicinity before it harms you is a risk avoidance. In this case, the insurance company has avoided the impending risk that the object imposed on an individual. Nevertheless, it is the practice of most of companies to sit back and wait for the harm to be caused thus incurring a lot of costs. The same applies to IT industry where some organizations simply decide that taking part in a project is too risky and cannot be continued anymore.

https://www.youtube.com/watch?v=3SMQ-O1cHWU

The first video presents a reporting framework for CyberSecurity risk management as presented by AICPA. AICPA has developed a new framework for reporting risk pertaining to CyberSecurity to help organizations to communicate and report on CyberSecurity risk management programs (AICPA, pg. 2). Thus, the organization aims at providing pivotal engagements that can assist their clients to strengthen their own programs. In addition, they also offer examination engagement as well as opinion on the entity’s description and effectiveness of controls. The presentation begins by offering an in-depth description of the meaning of the concept of CyberSecurity risk management. According to the video, there are certain core principles of CyberSecurity risk management that organizations ought to learn in-order to formulate better management and mitigation strategies. Furthermore, the principles of risk mitigation and risk assessment should employ the use of both qualitative and quantitative methodologies in-order to become effective. Fundamentally, risk management as a whole forms the foundation of much of IT decisions within a company. As a consequence, these are important in assisting other students to learn about issues of CyberSecurity risk management.

Companies often present CyberSecurity reports to boards, audits and risk management committees on a regular basis. As a consequence, they are required to formulate and evaluate a risk reporting framework which is an essential component of this process. AICPA's CyberSecurity Risk Management Reporting Framework is therefore designed to enable companies gain confidence as well as guidance on how to approach the Board of Directors on issues pertaining to CyberSecurity risk management. Furthermore, the framework is designed to help the compliance and information security teams to better approach issues of CyberSecurity. All the stakeholders of a business are expected to receive actionable and contextualized intelligence on cyber risk which is then used to enhance proper escalation and notification procedures to ensure that any pending issue is effectively resolved. The main advantage of the reporting framework is that it is based on agreed standards for both internal and outsourced data related processes. Furthermore, AICPA's CyberSecurity Risk Management Reporting Framework is based on data confidentiality, policies, availability and integrity of the risk management processes of a business.

Works Cited

AICPA. Risk Reporting Framework. AICPA. 2019.

Bugajenko, Olga. Risk Avoidance vs. Risk Mitigation. Study.com. 2019. Retrieved from https://study.com/academy/lesson/risk-avoidance-vs-risk-mitigation.html

Lavelanet, Natacha. The Importance of Security Audits and Assessments. New Era Technology. 2017. Retrieved from https://www.neweratech.com/2017/08/14/the-importance-of- security-audits-and-assessments/

Sun, Tong. Cybersecurity Risk Management. edX Inc. 2019. Retrieved from https://www.edx.org/course/cybersecurity-risk-management