Managing Cyber Risk: Part II- A Framework for Cybersecurity Flashcards
What is US Critical Infrastructure?
System of assets, physical or virtual, so vital to the United States that their incapacity or restructure would debilitate security, national economic security, national public health or safety.
What are the implementation tiers?
1) Tier 1- Risk management: They are informal. Risk is managed as ad hoc and reactive. Don’t know external parties.
2) Tier 2: Risk informed: Management approves risk management. Some awareness of cybersecurity risk. Some sense of external parties.
3) Repeatable- Risk Management process- implemented as policies. Organization wide management wide security risk.
4) Adaptive- Organization adapts its cybersecurity practices based on experience and predictive indicators derived from cybersecurity activities. Engages in a process of continuous improvement. Organization wide approach to managing cyber security. Actively share information with partners and proactive approach.
