Response Cyber Security and Risk Management

profilespluousp
Module5post1.docx

by Xiaocang Li 

This week, our topic is cybersecurity and risk management. Then, I have been researching online and find four articles that could help me understand this topic. The first one is “Cyber-Security and Risk Management in an Interoperable World: An Examination of Governmental Action in North America.” The internet has been improving the quality of people’s life. It creates a large number of opportunities and innovations. However, its rapid development also brings peoples’ attention to the potential risk.  There are three dimensions of cyber-security challenges, including social, organizational, and political risk management of cyber-security (Quigley & Roy, 2011). The second article is “An Integrated Cyber Security Risk Management Approach for a Cyber-Physical System.” There is a system which is called the cyber-physical system, which has a comprehensive application covering communications, transportations, and healthcare. However, cybersecurity attack has become a major risk for the system. Cybersecurity risk management is significant for the system’s operation. However, risk management also has its inherent limitations that may result in various risks that affect the effectiveness of system operation. Anyway, people should find out different scenarios and fully prepare an approach for cybersecurity (Kure, Islam, & Razzaque, 2018).

The third one is “Information Security and Risk Management.” The article describes what information security risk is and provides some good methods for decision-makers. They also introduced an economic model to evaluate information security activity. The key factor of this model is risk management. All business organizations try to reduce the possibility of information security breaches, but they can’t guarantee 100% all the time. Therefore, risk management is essential for potential information security breaches (Bodin, Gordon, & Loeb, 2008). The last one is “Cyber Security Risk Management: Public Policy Implications of Correlated Risk, Imperfect Ability to Prove Loss, and Observability of Self-Protection.” It talked about some challenges, including the inability to proves loss from a breach to an insurer and external agents, and insurers can not observe a company’s self-protection. These challenges would be brought to cybersecurity risk management (Öğüt, Raghunathan, & Menon, 2011). 

Risk is about the uncertainty of the future. Usually, we recognize it as a potential loss. Therefore, business organizations will apply risk management to control and reduce those risks for a better organizational operation. Regarding technology development rapidly, more companies have been utilizing information systems to collect and deal with data. Information system brings huge benefits for companies, but it also has new challenges for risk management. Cybersecurity risk management specialist needs to figure out potential risks and creates a plan to face these risks.

Cybersecurity becomes a significant aspect of the risk management process. It designs a strategy to prevent an entity from attacking and offer administrative changes for the organization to execute adequate risk management benefits. The breach of secret business information cause high cost for a company or even destroy it. In general, Cybersecurity is a new main threat that people can not ignore. It could put the business and personal information into a risky place. Risk management is a comprehensive procedure containing technology and methods to protect management and reduce the cyber-attack risk. It could provide guidelines to find out risk areas.

Regarding the relationship between cybersecurity and risk management, Information technology managers need to collect data to understand the potential risk that the company will face. Cybersecurity risk management is based on many factors, which contain the company’s culture, information entity collected, and the framework. There are some basic steps to manage cybersecurity risk. Firstly, we need to identify and analyze the risk. The next step evaluating and raking risk, is important. After learning the impact of risk, managers should start to develop a strategy to mitigate it. Otherwise, cybersecurity is not only related to a business entity but also personal information safe and government (Quigley & Roy, 2011). Therefore, these parts must collaborate with each other and support each other to manage risk. Cybersecurity risk management is always helpful for the organizations.

 

Reference

Bodin, L. D., Gordon, L. A., & Loeb, M. P. (2008). Information security and risk management. Communications of the ACM, 51(4), 64-68.

Kure, H. I., Islam, S., & Razzaque, M. A. (2018). An integrated cyber security risk management approach for a cyber-physical system. Applied Sciences, 8(6), 898.

Öğüt, H., Raghunathan, S., & Menon, N. (2011). Cyber security risk management: Public policy implications of correlated risk, imperfect ability to prove loss, and observability of self‐protection. Risk Analysis: An International Journal, 31(3), 497-512.

Quigley, K., & Roy, J. (2011). Cyber-Security and Risk Management in an Interoperable World. Social Science Computer Review, 30(1), 83-94. doi:10.1177/0894439310392197