Risk Management and Access Control

 

There was $102.3 million reported in ransomware attacks per month in 2021. According to the US Treasury, $5.2 billion in bitcoin was tied to ransomware payments (Brooks, 2021). Cyber-attacks and information security risks have sky rocketed in the past few years! It is estimated that a ransomware attack will occur every 11 seconds in 2021 (Sobers, 2021). Because of this, organizations must put cyber security as a top priority in order to survive. One thing an organization can put into place to help fight against these and other cyber-risks is an information security plan (ISP).

An ISP identifies the company’s most sensitive information, and then outlines the steps needed to help secure that information (Stealthlabs, 2021). It is a set of the company’s information security policies and standards. This plan defines a strategic roadmap for security management practice and effectively analyzes the risks associated with security breaches, along with a detailed description on the response of such events. The ISP goes even further and identifies and assigns roles and responsibilities for the different aspects of information security (Stealthlabs, 2021).

A risk assessment or analysis evaluates all the potential risks associated with a certain activity or the organizations way of doing business and includes different risks such as: operational risks, project-related risks, process-related risks, and more (Kumar, 2021). Risk assessments are important because they are considered the primary step in effective risk management. Risk management is the process of identifying, assessing, addressing, and eliminating these risks that can cost companies more than just a monetary loss. By using risk management techniques, companies can be prepared for unexpected events and surprises (Kumar, 2021). Both risk assessments and risk management are both key aspects of an ISP. First the potential risks must be identified, then a course of action can be planned for to mitigate the risk.

Another effective tool that can be used to mitigate risks is a vulnerability assessment. This assessment is a process to identify, evaluate, and assess a company’s susceptibility to both natural and technological hazards (Ryan & Islam, 2016). In a vulnerability assessment, both areas of weaknesses and potential remediation’s for these weak areas are identified. These assessments can be either qualitative or quantitative. In many cases, they are qualitative, or at least semi-quantitative, as it is difficult to assign an exact number on every identified vulnerability (Ryan & Islam, 2016).

Due to the ever increasing number and type of security threat, it is imperative that a company not just develop, but also implement an Information Security Plan. Also, it is considered best practice to re-evaluate the risk analysis, risk management, and vulnerability assessment portions of the ISP frequently to not fall behind on the growing threats to information security. Cyber security teams need a solid and up to date ISP to properly secure their organizations sensitive information and data.

 

References

Brooks, C. (2021, October 25). More alarming cybersecurity stats for 2021 ! Forbes. Retrieved December 8, 2021, from https://www.forbes.com/sites/chuckbrooks/2021/10/24/more-alarming-cybersecurity-stats-for-2021-/?sh=7ee976a34a36.

How to create an information security program plan? Stealthlabs. (2021, February 4). Retrieved December 8, 2021, from https://www.stealthlabs.com/blog/how-to-create-an-information-security-program-plan/.

Kumar, A. (2021, April 6). Risk assessment VS risk management: How are they different? Qualityze. Retrieved December 8, 2021, from https://www.qualityze.com/risk-assessment-vs-risk-management/.

Ryan, J., & Islam, T. (2016). Vulnerability analysis. Vulnerability Analysis - an overview | ScienceDirect Topics. Retrieved December 8, 2021, from https://www.sciencedirect.com/topics/economics-econometrics-and-finance/vulnerability-analysis.

Sobers, R. (2021, September 1). Sponsored: 81 ransomware statistics, data, trends and facts for 2021. SIGNAL Magazine. Retrieved December 8, 2021, from https://www.afcea.org/content/sponsored-81-ransomware-statistics-data-trends-and-facts-2021.