CyberSecurity Risk Assessment

3 71
Avatar for Secure
Written by
4 years ago

In this tutorial, we will understand about the six steps to a cybersecurity risk assessment.

1.Characterize the system (Process, Function or Application)

Characterizing the system will help you determine viable threats. This should include among other factors

  • Whats is it?

  • What kind of data does it use?

  • Who is the vendor?

  • What are the internal and external interfaces that may be present?

  • Who uses the system

  • What is the data flow where does the information go?


2. Identify threats ;

there are some threats that are going to be in every risk assessment, however, depending on the system, additional threats could be included. Common threats types include :


  •     Unauthorised access

malicious or accidental this cloud be from a direct tacking attack, compromised, Malware infection or internal threat.

  • Misuse of information or Privilege by an authorised  user : 

This could be a result of unapproved use of data or changes made without approval.

  • Data leakage or unintentional exposure of information 

This Include permitting the use of unencrypted USB and or CD-ROM without restrictions, Deficient paper Retention and destruction practices, transmitting non-public personal Information and PPI over unsecured channels or accidentally sending sensitive information to the wrong recipient. 

  • Loss of data :

this can be the result of poor replication and backup processes.

Distribution to Service or Productivity


3.Determine inherent risk and impact:

This is done without considering your control environment factoring in how you characterize the system, you determine the impact on your organization if the threat was exercised.

EX. High Impact could be substantial

Medium Impact would be damaging but recoverable.

The low impact would be minimal or non-existent

4. Analyze the control Environment:

you typically need to look at several categories of information to adequately assess your control environment. Ultimately you want to identify threat prevention, mitigation detection or compensation controls and the relationship to identify threats. A few examples include: 

  • Organisation Risk Management controls

  • User provisioning controls 

  • Administration Controls

  • User Authentication Controls

  • Infrastructure data protection Control

  • Data Center Physical &  Environmental  Security Controls

  • Continuity of Operations Controls

Article publication in Progress ; 

8
$ 0.12
$ 0.12 from @TheRandomRewarder
Sponsors of Secure
empty
empty
empty
Avatar for Secure
Written by
4 years ago

Comments

You are highly extolled for this lesson. The issue of cyber security is getting out of hands these days and must be taken seriously.

$ 0.00
4 years ago

Nice

$ 0.00
4 years ago

Thank you so much for this information

$ 0.01
4 years ago