Risk assessments can be performed on any application, function, or process within your
organization. But no organization can realistically perform a risk assessment on everything. That’s
why the first step is to develop an operational framework that fits the size, scope, and complexity
of your organization. This involves identifying internal and external systems that are either
critical to your operations, and / or that process, store, or transmit legally protected or
sensitive data (such as financial, healthcare, or credit card).
Once you determine your framework, you’re ready to embark on your individual risk
assessments. When going through the process it’s important to keep in mind that there are different
categories of risk that may affect your organization. These include.
a) Strategic risk : related to adverse business decisions, or the failure to implement
appropriate business decisions in a manner that is consistent with the institution’s strategic
b) Transactional risk is related to problems with service or product delivery.
c) Compliance risk is related to violations of laws, rules, or regulations, or from
noncompliance with internal policies or procedures or business standards.
Are the Board, Executives, Internal Audit and Human Resources leaders engaged with the
business risks of a breach?
Is our level of investment tied to the organisation's top risks, cybersecurity goals and
Organizational Risk Management Controls,Administration and User Controls
Is the CISO role included in the Board's regular management succession review
Are Management and Directors fostering a culture of security awareness?
Good threat intelligence starts with conducting an inventory of all the devices on a
company’s network. This includes listing manufacturers, devices, OS versions, patch levels, etc.
This data will help companies identify devices that are vulnerable to exploits, as well as decide
what threat intelligence is most likely to help their network.
Once companies are tracking all the physical and virtual devices on their network, they
need to begin to gather and correlate threat intelligence from log files and management consoles.
This data needs to include endpoint and IoT devices, virtualized data centers, and SaaS and IaaS
multi-cloud devices and traffic. This will require a centralized collection and analysis system.
Next, organizations need to evaluate and update logging and analytics platforms to make
sure that local data can be combined with external intelligence. Correlating local and global
intelligence provides critical insights, but because of the speed of today’s attacks, this needs to
be done quickly. This means threat intelligence must provide actionable information rather than just
raw data, because that will require a lot of manual processing. Companies must use open standards to
efficiently combine and correlate different data sets. This will help to efficiently identify
indicators of compromise and prioritize the response to potential threats.
Increasingly Complex Vendor Networks
Today, companies deal with hundreds or even thousands of vendors who, in turn, have their own
sub-contractors, agents, and partners. Vendor risks can arise at any point in this large network.
The challenge is that vendors may provide the business expertise required, but often do not assume
ultimate responsibility for the risks and compliance violations involving the products or services
offered by them.
Heightened Regulatory Pressure
Company policies dealing with vendors need to be aligned to regulatory rules and requirements. If
not, companies could end up facing significant non-compliance issues,Security Breaches, fines, and
Cyber resilience is the ability to prepare for, respond to and recover from cyber
attacks. It helps an organisation protect against cyber risks, defend against and limit the severity
attacks, and ensure its continued survival despite an attack.
The first element of a cyber resilience programme involves being able to identify,
assess and manage the risks associated with network and information systems, including those across
the supply chain.
The second element of a cyber resilience programme depends on continual monitoring of
network and information systems to detect anomalies and potential cyber security incidents before
they can cause any significant damage.
Implementing an incident response management programme and measures to ensure business
continuity will help you continue to operate even if you have been hit by a cyber attack, and get
back to business as usual as quickly and efficiently as possible.
The final element is to ensure that your programme is overseen from the top of the
organisation and built into business as usual. Over time, it should align more and more closely with
your wider business objectives.
With effective information sharing, we can :
Analyze the risks in a more relevant way by considering the context
improve knowledge of threats
enrich the bases for detecting infections
Information to be shared can vary widely in nature: all information on IT and OT
security, the flaws, vulnerabilities and elements that could help a company tackle a similar
problem, the tactics, techniques and procedures (TTP) used by attackers, zero-day reports, security
alerts from defense software as well as threat reports.
Social engineering involves the manipulation of individuals to get them to unwittingly
perform actions that cause harm or increase the probability of causing future harm, which we call
"unintentional insider threat
Attacker uses human interaction (social skills) to obtain or compromise information
about an organization or its computer systems. An attacker may seem unassuming and respectable,
possibly claiming to be a new employee, repair person, or researcher and even offering credentials
to support that identity. However, by asking questions, he or she may be able to piece together
enough information to infiltrate an organization's network.
Organizations must continue to develop and deploy effective training and
awareness programs so that staff members are aware of social engineering scams and can identify
deceptive practices and phishing cues. Training plans should also teach effective coping and
incident management behaviors to respond to social engineering.
EndPoint Data Protection
Increased Visibility and Control
Discover, Inventory, and Classify Data
Increase Speed Of Breach Detection and Response
Universal Cloud Protection, from Server to Cloud Services
Easily extend data policies to the cloud
Centralised Incident Management and Reporting
Fingerprinting for Structured Data
Unified Data Protection
In order to protect data and comply with data protection and privacy requirements such
as the European General Data Protection Regulation (GDPR), you need visibility into the data you’re
collecting and storing in order to determine what’s important, and what isn’t. Identify where
sensitive data resides, set policies for handling it, implement appropriate technical controls, and
educate users about current threats to the data they work with and best practices for keeping it
Information is divided into predefined groups that share a common risk, and the
corresponding security controls required to secure each group type are identified. Classification
tools can be used to improve the treatment and handling of sensitive data, and promote a culture of
security that increases awareness of data sensitivity to prevent inadvertent disclosure, and the
storing of sensitive content on removable media or third-party web portals. Just as products with
warning labels in eye-catching colors can change our behavior by making us aware of hazards that can
lead to injury, visual labels and watermarks such as “Confidential” can remind users to think twice
and behave more cautiously with digital data and physical copies.