Cyber risk analysis, assessment, and management: an introduction

Information technology brings many benefits to a business, but it also brings risks. Knowing how to assess and manage those cyber risks is essential for success, as well as a a powerful hedge against many of the threats that your business faces, whether you are an established firm or a pioneering startup. In this recorded webinar I introduce the basics of risk analysis and the core concepts involved in assessing your organization’s cybersecurity.

During my research in preparation for this webinar I gathered together links to several free risk assessment resources you might want to check out, particularly if you are exploring this aspect of security for the first time.

Of these, the OCTAVE Allegro methodology from CERT may be the most practical for smaller businesses or organizations that are beginning the risk assessment and management process.

So, I hope you find the webinar helpful. Feel free to leave a comment if you think I missed important stuff, or if you think I got things wrong (or right)..


.
Note: You may be asked to register to watch, but there is no charge, and you only have to register once to see a whole bunch of security webinars recorded by myself and my fellow researchers.

Author Stephen Cobb, ESET

  • CO

    You wont fix anything without good government leadership and internal control systems .Security encryption was put on back burner in 1990’S and America private sector has paid for it. Notice spike in National Debt outsourcing and counterfeit technology since 1990’s ? We know everyone is hacking USA but we keep wanting to keep our defenses down ? Notice 18 trillion in national debt and our private economic system is breaking down ? China and Russia has counterfeited what percent of our technology ?

    • Coyote

      I fail to see how the government is relevant here. Admittedly I didn’t look at the external content but risk assessment is hardly specific to governments.

      In any case, it isn’t like governments haven’t been behind in computers (especially security) for long. They have. But not just two or three years; let’s try decades. It has nothing to do with these variables you suggest, nothing to do with debt, global economy (yes, global) or any such nonsense[1]. Besides, it isn’t like the US is the only government that fails here – sorry but there’s other countries too, you name some, even, and many more exist and have problems. They’ll continue to have problems too, just like the US will. That’s all but expected; that’s the nature of government (but also with security, people in general). But it has nothing to do with what you’re suggesting.

      So to summarise: you can’t fix these problems because it evolves constantly; an example is how antivirus software is in continual competition with new threats of malware. This is how it will always be. There’s no other way. It has nothing to do with government or leadership – nothing at all. Any claim to the contrary is coming from ignorance at best.

      [1] See above. More than governments struggle here. It’s just governments are more obvious targets (as in targeted more), they don’t learn as easily (and even then …) and attacks are publicised more (and that’s when it is known and actually decided it should be public), specifically when they are hunting down those responsible. More attacks – including many failed attempts – happen than is announced, by a lot.

      • CO

        Review parts of the new TPP trade agreement that is public ?
        Why are billionaires afraid of patent reforms in the west ? Warren Buffett made statements he afraid of people on kick starter and in open source they make things that can destroy our profits ?

        • Coyote

          That doesn’t answer the question I asked. Risk assessment isn’t specific to governments and consequently government is irrelevant to risk assessment, hence my original point. No reading necessary. But I’ll bite and respond to something else because it is rather serious and one that really, really bothers me, that is people taking things for granted, including modern technology:

          I have no sympathy for those against open source. Indeed, the fact is much of what allows you (and I refer to you personally as well as everyone else who uses the Internet) to post on websites, send email, buy things online (and encrypted) is the work of open source and collaboration. The world wide web (which is not the same as the Internet) was actually meant to be open, an open way to share information. Says a lot, doesn’t it? I know it must be horrifying to those against openness but that’s the truth.

          The fact of the matter is those against open source are hypocritical, especially if they share their views online, visit websites, or use any modern technology (even going back to what some might not consider modern as of 2015) of today. They’re also incredibly ignorant and should just stop (like go back a few hundred years) because they’re making fools of themselves to those who know otherwise (which I’m sorry to tell you, there are many, many involved with open source and there’s many others who aren’t that also realise this). Incidentally, I’m one of those people that is involved with open source. Furthermore, intellectual property often stifles innovation when taken to the extreme (the fact there are patent trolls means that, yes, it is, and it is profitable to them even though they didn’t accomplish anything at all, see below), and believe it or not, some things shouldn’t be patented: indeed, science (including medical), maths and the like (credit is another issue entirely, and that’s why some are given the honour to name a newly discovered species, for an example, why there are awards for another). I’ll go further and inform you that the very core of the Internet, in particular allowing transferring to/from host to host (and making sure it arrives correctly) uses maths (so do other networking things). Algorithms in general. Now ask yourself if that was patent protected – what would happen? Right, people would be far worse off. It’s a shame those people who are so against these things can’t be forced to not use these advances, because they truthfully do not deserve any of it – at all. Nothing. They leech and then complain about what they also take (at least a bloodsucker makes use of the blood it takes). The most ironic part is that you refer to the west when the west is what seems to be great at preaching that others should have more choices. Yet here are these supposed reforms that would prevent more choices (can’t have ‘our’ profits ‘destroyed’, can we ?) from being made. I don’t buy that, though, but if it was true it would be more hypocrisy.

          Besides this, technology evolves. Apple makes claim to certain ‘innovations’ with their phone and the touch screen. Yet they didn’t invent the touch screen, did they? Maybe they – and others who do similar, of which there are many (both commercial and otherwise.. Apple is an offender but there’s many more that are far worse) – should stop whining about things that they should instead be grateful for? If it wasn’t for the touch screen their entire design of the phone wouldn’t be what it is, would it? Similarly, the modern computer evolved over time and will continue to evolve. This is similar to science and many other things so many take for granted (and again, if they’re so against these things, why do they continue to benefit from them?).

          As for patent trolls:
          They’ll obtain patents for anything they can get their hands on including mathematical standards, as one example. Standards that they didn’t even create. They didn’t do anything except spend money for a patent so they could sue others for a profit. And they have done exactly this. That they sometimes lose is irrelevant; they shouldn’t have the patent in the first place. A most loathsome act.

Follow us

Copyright © 2018 ESET, All Rights Reserved.