Risk Management - Types and strategies

Question 1

what is the risk Assessment process?

Answer 1

Step 1: Prepare for Assessment- understand your risk, talk to C-level, talk to service providers
Step 2: Conduct Assessment
a. Identify threat sources and event
b. Identify vulnerabilities and predisposing conditions
c. Determine likelihood of occurrence
d. Determine magnitude of impact
e. Determine risk
Step 3: Communicate Results
Step 4: Maintain Assessment

Question 2

What are the risk types?

Answer 2

• external: threat sources outside of the organization
• Internal: a threat inside the organization
• Legacy systems: older system that can not be taken down for operations
• Multiparty: could be third party and supply chain vendors
• IP theft: intellectual property, nation states, internal actors
• Software compliance/licensing: having the right amount licenses for services, shadow IT

Question 3

Strategies to risk management

Answer 3

Accepting risk: risk is acceptable
Avoid risk: no risk taken at all
Transfer Risk: buy cybersecurity insurance and transfer risk to that company
Cybersecurity Insurance: The risk is taken on by a company and they have a process to avoid risk
mitigate risk: security controls and other policies to reduce risk