Samenvatting
Summary Cyber Security Risk Management 2022
- Instelling
- Tilburg University (UVT)
Lecture slides summarized
[Meer zien]Voorbeeld 3 van de 16 pagina's
Voorbeeld 3 van de 16 pagina's
In winkelwagengesponsord bericht van onze partner
1 beoordeling
Door: chantalverstappen • 1 jaar geleden
Voorbeeld van de inhoud
Cyber security risk managementRecommendations for the market:
1. Integrate cyber security in the company’s risk framework
2. Monitor if management and employees take cybersecurity seriously
3. Develop a data breach action plan
4. Monitor data classification and security policies
5. Terminate or reduce/restructure reward of board members and management in case of
cyber impact
6. Increase board cyber savviness
Cyber security is the protection of cyber systems against cyber threats. A cyber threat is a threat that
exploits a cyberspace. A system does no longer meets its critical functionality and it needs time to
recover and adapt.
There are not always benefits for the costs
invested in cyber security systems. To some
extended there are clear benefits but after a
certain amount there are not as much returns as
investments.
Try to find the cost-effective balance.
The cyber security framework:
There are four opponents:
- Spooks: governments using tools to protect national interest – including the risk of ending
up in the hands of crooks.
- Crooks: Botnet herders, malware writers, spam senders, bulk account compromise, targeted
attackers, and cash-out operators.
- Geeks: Experts and researchers that repot vulnerabilities – to enable fixing the vulnerability
- The swamp: Focus on person rather than on property, e.g., hacktivism and hate campaigns.
,Risk is an uncertain event which may occur in the future. Risk management comprises coordinated
activities to direct and control an organization/set of efforts about risk, based on spending less
resources to achieve more goals.
- Classical viewpoint: risks will be converted into an expected loss
- Modern viewpoint: The effect of uncertainty on an organizations’ ability to meet its
objectives.
Biggest Cyber impacts:
- Operational disruption
- Intellectual property theft
- Drop in share price
- Loss of customer trust
- Regulatory fines
There are all kinds of security management mechanisms
and the organization’s cyber budget needs to be invested
to mitigate risks.
ISO27001 is a protocol for cyber protection. It is updated in 2022 in adaption to new risks. Some new
controls were added. There are four theme clauses: Organizational, people, physical and technology.
Artificial intelligence is also introduced in the field of cyber security. Many techniques can contribute
to early detection of risk mitigation:
Cyber insurance (Yes/No): Cyber insurance allows organizations to transfer some of the financial
risks associated with cyber incidents to an insurer. The financial losses might cost associated with
remediation, investigators, and crisis communication. Most cyber insurance companies are typically
insurance companies offering a broader range of insurance services. Companies are AIG, Chubb,
Hiscox, Liberty Mutual, HSB.
, - First party coverage is on the financial impact on the insured organization. It covers data
breaches and cyberattacks at the insurer’s business.
- Third party coverage provides liability protection in case the insured organization makes a
mistake that results in a client suffering
ISO 31000 for risk management. This standard comprises three main elements:
- The risk management process: Feedback on the performance of the process is used for
monitoring and reviews.
- The risk management framework: Defines the risk management process.
- A set of principles which guide risk management activities: Guide the creation of the
framework.
Risk management process (ISO 31000 standard):
Risk assessment: Risk identification – risk analysis – risk evaluation – risk treatment. before it is
important to establish the context. Define the scope for the risk management process, define
organization’s objectives, establish the risk evaluation criteria. This includes:
- External context: regulatory environment, market conditions, stakeholder expectations/
- Internal context: organization’s governance, culture, standards and rules, capabilities,
existing contracts, worker expectations, information systems etc.
Monitoring and review are also an important aspect: measure the risk management performance
against indicators, which are periodically reviewed for appropriateness. Check for deviations from
the risk management plan. Check if the risk management framework, policy, and plan is still
appropriate.
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper OI9920. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €4,49. Je zit daarna nergens aan vast.
Is Stuvia te vertrouwen?
4,6 sterren op Google & Trustpilot (+1000 reviews)
Afgelopen 30 dagen zijn er 67474 samenvattingen verkocht
Opgericht in 2010, al 14 jaar dé plek om samenvattingen te kopen