Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
Mark Clancy
Introduction: The Next Frontier of Risk Management: Cyber Risk
A Proposed Business-Oriented Approach to Cyber
A Practical Approach to Developing a Cybersecurity Programme
Regulations, Compliance and Cyber Risk Management
The Role of Cyber Risk in the Organisation
The Evolution of the Cyber Risk Role within the Three Lines of Defence
Quantifying Cyber Risk
Leadership and Culture: The Foundations of Cyber-Risk Management
Understanding the Cyber Risk Landscape: An Integrated Framework
The Transformation of Information Security: New Threats and Vulnerabilities
Cybersecurity Metrics: The Good, the Bad and the Ugly
Third-Party Risk Management
Cybersecurity’s Neighbourhood Watch: The Strength of Information Sharing
Cyber Risks in Business Continuity Management and Supply Chain Resilience for Financial Institutions
Cybersecurity Threats to the Critical Infrastructure
The True Meaning of Cyber Incident Response
Cyber Risk: Where We Have Been, Where We Are and Where We Are Going
INTRODUCTION
Cyber risk management is a young discipline in every possible way. The terminology is not very old, the hazards are still evolving, the metrics and models are maturing. Cyber risk management is a subset of technology risk management practices that have evolved since information technology (IT) systems started performing functions that had outcomes that actually mattered to a non-technologist.
We will examine how cyber risk management has evolved as the nature of the threats and the consequences of impacts have changed over time, as well as how risk management frameworks came into existence. There are three intertwined notions that have driven the development of cyber risk management approaches. The first is evolution of adversary motivations, from curiosity, to profit, to exercising might. The second is the adversary motivation, stressing the three legs of the confidentiality, integrity, availability triangle. Third is the perspective shift in the focal subject of the cyber risk management assessment, moving from systems, to networks, to business outcomes. The past and present of cyber risk management has been a lagging indicator in that the discipline has evolved
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Printing this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. Copying this content is for the sole use of the Authorised User (named subscriber), as outlined in our terms and conditions - https://www.infopro-insight.com/terms-conditions/insight-subscriptions/
If you would like to purchase additional rights please email info@risk.net