Steve Durbin, Managing Director, Information Security Forum Ltd.

The chief risk officer, Nathan, put it plainly to CEO Tom: “To say that
cybersecurity presents complex challenges is an understatement. The
scope of risk to sensitive information has grown exponentially during
the twenty-first century. Those risks not only involve technical factors,
but human, cultural, and legal factors, as well as economics. Of course,
the profession of cybersecurity has struggled to grow in tandem with these
challenges. But nobody has the resources to ensure complete data security.
Figuring out where security investments are justified requires a sophisticated
understanding of the risk landscape.”

THE LANDSCAPE OF RISK
Hardly a day goes by when the evening news does not include a report
about a major institution reluctantly announcing that its files have been
hacked. The stories tend to follow a familiar pattern: expressions of official
regret, attempts at reassurance, and pledges to do whatever is required to
prevent its future recurrence.
Attacks on institutional and corporate databases have become the new
normal. A generation of workers comfortable with information sharing has
also grown accustomed to its negative consequences. The capabilities of
cybercriminals continue advancing at an alarming pace. And the losses associated
with major data attacks, which run into the millions, are increasingly
seen as just another cost of doing business.

At the same time, however, there is a growing understanding of those
consequences. A movement in the leadership ranks of both business and government
agencies to manage cyber risks more effectively and to improve the
resilience of security tools already in place, has followed. This is a welcome
development because, until fairly recently, most senior managers and board
members regarded cybersecurity as essentially a technical problem for their IT
departments—not as an existential issue requiring greater investment as well as
the engagement of personnel throughout the organization. That said, however,
some of the issues really do involve the organization’s network technology.
Technology flaws—whether in design, encryption, event logging or software
malfunction—create opportunities for attackers to infiltrate an organization’s
technical infrastructure. Understanding and realistically assessing
the vulnerabilities of an organization’s system components is essential. But it
is people, far more than technology, that present the greatest risks.

(Extract from Chapter 7: Identifying, Analyzing, and Evaluating Cyber Risks, by Steve Durbin, Managing Director ISF).

To purchase the full Cyber Risk Handbook, click here.

 

PDF of ISF Chapter 7

Cyber Risk Handbook: CH7 ISF: Identifying, Analyzing, and Evaluating Cyber Risks

Please fill out the form below to download a complimentary PDF of ISF Chapter 7.

Please provide your details to download this document:

The Information Security Forum (ISF) is a data controller for the personal data collected on this website.

For information on how we collect and use your personal data, please read our Privacy Notice.

Please read and agree with our Terms Of Use.

From time to time, the ISF would like to contact you regarding our latest products, services and events.

By ticking the relevant boxes below, please indicate your preferences on how you want to be contacted:

You can update your preferences at any time, or withdraw consent after submission by going to the ‘Already Registered’ tab.

Please enter the email address you previously registered with to access the download:

You have previously downloaded from our website. For more information on how we use your personal information, please see our Privacy Notice.

Please refamiliarise yourself with our Terms Of Use.

To update your preferences on how you would like to be contacted by the ISF, please indicate below:

To unsubscribe from all ISF communications. Click here: