Risk Management Overview
One of the goals of cyber security is to reduce risk to an organization and its data. Risk can never be 100% eliminated, it can however be mitigated and managed. Any risk management strategy must consider the infrastructure, staff, current needs and future planning of the organization. The NIST framework is one of the most popular risk management frameworks in use by organizations.
NIST 800-37, Revision 2 - Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy
Reflections
While risk can never be eliminated, it can be identified and managed. As cyber security professionals, we must help organizations incorporate a robust risk management program. Researching and implementing a solid risk management program shows that we take our responsibilities seriously and aim to protect the organizations we represent. Understanding the ethical implications of not applying the strategies learned here can jeopardize our organization and career prospects Using the guidelines above to design a risk management program will help build confidence in the organizations that engage us.
Protecting the CIA triad for our organizations is paramount. We are entrusted with sensitive data, and our clients expect us to keep that secure. Applying these controls in a careless or haphazard manner can be catastrophic to organizations. There are many examples available of organizations that did not follow the guidelines presented here and suffered the consequences of a breach, data loss, or worse.
References are provided on the Reference Link Library page.