W 5 Response 1 (MS)

smnjiaq8.w
W5Response1MS.docx
Home>Information Systems homework help>W 5 Response 1 (MS)

Cyber Security and Risk Management

Decisions on cyber-security should be driven by a shared understanding of the assets, threats and vulnerabilities of your organization to address the most significant risks in security investments. A company invests in self-protection and insurance less than the socially optimal levels when risks are correlated and the ability to prove loss is imperfect. Whether the insurance market is perfectly competitive or not, the results of our analysis hold, implying that reforming the currently imperfect insurance market alone is not enough to achieve the effective outcome of cyber security risk management.

Security countermeasures help to ensure the confidentiality, availability and integrity of information systems by preventing or mitigating losses of assets caused by cyber security attacks. The financial impact of threats attacking assets is often difficult to measure quantitatively due to uncertainty, and it is therefore difficult to prescribe which countermeasures to use. Data collected from manufacturing companies provide an example of results under realistic conditions of input.

Cyber Supply Chain Risk Management (CSCRM) is a new discipline designed to help IT managers address the challenges of rapid globalization and outsourced hardware and software systems dissemination. CSCRM is an integrative discipline that combines elements of cyber-security, supply chain management and corporate risk management into a new and powerful concept for strategic control of the focal organization's end-to-end processes and its expanded business partners.

While security professionals have spoken about risk for a long time, moving an organization from a "safe" mindset to one that considers information risk carefully is a challenge. Managing information risk means constructing risk analysis for each business decision. Large companies' Chief Information Security Officers (CISOs) are working to shift the conversation from security to information risk. CISOs face many organizational challenges, but broadly agree that action plans must include risk classification, communication and measurement.

 

References

Öğüt, H., Raghunathan, S., & Menon, N. (2010). Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self-Protection. Risk Analysis, 31(3), 497-512. doi:10.1111/j.1539-6924.2010.01478.x

Rees, L. P., Deane, J. K., Rakes, T. R., & Baker, W. H. (2011). Decision support for Cybersecurity risk planning. Decision Support Systems, 51(3), 493-505. doi:10.1016/j.dss.2011.02.013

Boyson, S. (2014). Cyber supply chain risk management: Revolutionizing the strategic control of critical IT systems. Technovation, 34(7), 342-353. doi:10.1016/j.technovation.2014.02.001

Johnson, M. E., Goetz, E., & Pfleeger, S. L. (2009). Security through Information Risk Management. IEEE Security & Privacy Magazine, 7(3), 45-52. doi:10.1109/msp.2009.77