Blog

You are currently viewing Risk mitigation in Cyber Security

Risk mitigation in Cyber Security

  • Post author:
  • Post category:Risk

Introduction

Risk mitigation planning is the process of developing options and actions to enhance opportunities and reduce threats to project objectives. Risk mitigation implementation is the process of executing risk mitigation actions. Risk mitigation progress monitoring includes tracking identified risks, identifying new risks, and evaluating risk process effectiveness throughout the project.

Risks to IT resources

  • Malware continues to increase in sophistication and has more avenues for execution (e.g. mobile devices and traditional computing).
  • Corporate espionage resulting in loss of corporate data
  • Denial of service
  • Failure to comply with corporate IT policies and controls
  • Loss or theft of hardware

Risk mitigation Procedure

  1. Risk identification – risk events and their relationships are defined
  2. Risk impact assessment – probabilities and consequences of risk events are assessed
  3. Risk prioritization analysis – decision analytic rules applied to rank order identified risk events from “most to least” critical
  4. Risk mitigation planning, implementation, and progress monitoring risk events assessed as medium or high criticality might go into risk mitigation planning and implementation; low critical risks might be tracked/ monitored on a watch list.

Risk mitigation Strategies

Risk mitigation is all about preparing to face a potential threat or tackle a possible vulnerability. It requires the organization to take many steps, either on its own, in collaboration with the IT infrastructure providers or with the aid of IT security organizations.

  • Assume/accept – acknowledge the existence of a particular risk and make a deliberate decision to accept it without engaging in special efforts to control it. Approval of project or program leaders is required.
  • Avoid – adjust program requirements or constraints or eliminate or reduce the risk. This adjustment could be accommodated by a change in funding, schedule, or technical requirements.
  • Control – implement actions to minimize the impact or likelihood of the risk.
  • Transfer – reassign organizational accountability, responsibility, and authority to another stakeholder willing to accept the risk.
  • Watch/monitor –monitor the environment for changes that affect the nature and/or the impact of the risk.

Reference


https://www.happiestminds.com/whitepapers/IT-risk-assessment.pdf
https://chapters.theiia.org/san-diego/Documents/Seminars/SD_IIA___ISACA_Event_041112_Deloitte_IA_Top_Ten_Risks.pdf