Blog

It’s Finally Time to Perform! — RockCyber

- by Your Trusted Cybersecurity Partners - Leave a Comment

[ad_1]

In the latest issue of videos, I discussed the creation of the Cyber ​​Risk Management Foundation using the first two leadership principles of Coso– Management and culture and strategy & Objective setting. This week I will discuss the 3rd guidance principle – ImplementationS

Again Coso has 5 leading principles:

  1. Management and culture

  2. Strategy and objective determination

  3. Implementation

  4. Review and review

  5. Information, communication and reporting

Implementation It concentrates on how an organization considers the risk while fulfilling the strategy and achieving business goals.

In the context of Coso, Implementation Isn’t it something you don’t know anymore. Business increases its dependence on technology; And digital transformation will increase this dependency. As such, the landscape of digital threats continues to grow. This means that the likelihood of an organization having a cyber incident also continues to grow.

From practically the first day we start learning to become a cybersecurity professional, we are taught that:

Exposure to risk = impact x probability

The key to minimizing the risk is to attract the two levers of “probability and impact” by identifying and prioritizing risk events and measuring the way of implementing plans to treat risk.

This is interested in C-Suite. They are not interested in the specific technological solution (s) used to minimize risk.

An organization will never be able to “provide all things all the time.” More importantly, it should not, because it would be inefficient use of capital.

Ultimately, leadership must evaluate the risk and determine the best course of action after factoring business goals, criticality of specific assets, risk appetite and risk tolerance.

It is crucial to raise the awareness of cyber risks to the ERM team (or the higher management in a smaller company) in a way, so that any risk can easily be brought in line with other risks of the enterprise. This will give the leadership a composure to the risks that will help them to:

  • · Determine conflicting risks.

  • Emphasize, correlate and summarize common risks in business units. and

  • Create a risk taxonomy followed by the whole organization.

C-Suite Leadership may neglect talking about CVSS result that measures the weight of vulnerability; However, they will surely listen to a picture of how this vulnerability, along with the likelihood of it being exploited, can lead to a significant impact on the company’s financial and reputation.

Presenting cybersecurity risks thus allows the risks to be more easily recognized and evaluated with other organizational risks that C-Suite understands more easily.

In the coming weeks I will discuss how to do this as I appreciate each of the five coso Principles of implementation:

  1. Identifies the risk

  2. Evaluates the weight of the risk

  3. Prioritize the risk

  4. Realizes risky answers

  5. Develops portfolio views

In my next video I will discuss the first principle Identifies the risk.

As always, I love your comments and if you want to have a direct conversation, please shoot me a message and we will set up something.

Have a nice week!

[ad_2]

Related Posts

The Only Constant is Change. Can You Keep Up? — RockCyber

How Hungry Are You For Risk?

Strategy, Frameworks and More Frameworks — RockCyber

About Your Trusted Cybersecurity Partners

View all posts by Your Trusted Cybersecurity Partners →

Leave a Reply

Your email address will not be published. Required fields are marked *