Cybersecurity Risk Assessment

Chia sẻ

Manage episode 348550609 series 2933231
Thông tin tác giả Dr. Bill Souza được phát hiện bởi Player FM và cộng đồng của chúng tôi - bản quyền thuộc sở hữu của nhà sản xuất (publisher), không thuộc về Player FM, và audio được phát trực tiếp từ máy chủ của họ. Bạn chỉ cần nhấn nút Theo dõi (Subscribe) để nhận thông tin cập nhật từ Player FM, hoặc dán URL feed vào các ứng dụng podcast khác.

Cybersecurity Risk Assessment
Risk assessment is not necessarily scanning your network aimlessly; what should you expect from your team? First and foremost, adopt a risk assessment framework; it will be a helpful guide for determining what is assessed, who needs to be involved, and the criteria for developing risk criteria.
Some of the frameworks you should consider are:
OCTAVE from Carnegie Mellon University
NIST 800-30 Guide for Conducting Risk Assessments
ISO 27005:2011 or the latest version
Identifying vulnerabilities in your organization is a fundamental first step of this process. It aligns with the NIST CSF subcategory ID.RA-1 Asset vulnerabilities are identified and documented. Also, ensure that you have qualified staff managing, operating, and overseeing the vulnerability management program trained in all the automated tools and methodologies to identify vulnerabilities.
The next step will be for your team to identify the threats to your organization, both internal and external. This activity aligns with NIST CSF ID.RA-3 “Threats, both internal and external, are identified and documented.” Your team won’t be able to protect the organization against every threat, so identifying the most critical threats against your organization is crucial for your cybersecurity strategy.
Remember, you may find vulnerabilities without an active or published exploit; therefore, it is up to you and your team to prioritize accordingly, which takes to NIST CSF ID.RA-5 “Threats, vulnerabilities, likelyhoods, and impacts are used to determine risk.” Now that you know the vulnerabilities and threats you face and the likelihood, focus on the vulnerabilities with the highest risk to your critical cyber assets.
*** FREE GUIDE ***
Dr. Bill Souza
CEO | Founder

55 tập