Cyber Risk or IT Risk
Information Technology Risk is any risk related to information. Information is a valuable & important asset since organizations are dependent on their information and information processing.
Compromised IT or IT incidents can cause impacts on the organization's business processes, ranging from inconsequential to catastrophic in scale.
IT Risk Framework by ISACA
A Risk IT Framework provides an end-to-end, comprehensive view of all risks related to the use of IT, such as business risks associated with the use, ownership, operation, involvement, influence and adoption of IT within an enterprise.
IT Risk encompasses the
a) negative impacts of operations and service delivery which can bring destruction or reduction of the value of the organization, but also the
b) benefit risk\value enabling risk associated to missing opportunities to use technology to enable or enhance business or the IT project management for aspects like overspending or late delivery with adverse business impact.
Assessing & Measuring IT Risk R = L x I
Assessing IT risks means measuring the probability of likelihood of such events or incident (threats, vulnerabilities, exposures) with their predicted impacts or consequences should they occur.
The Risk 'R' is the product of the Likelihood 'L' of a security incident occurring times the Impact 'I' that will be incurred to the organization due to the incident.
R = L x I
The likelihood of a security incident occurrence is a function of the likelihood that a threat appears and the likelihood that the threat can successfully exploit the relevant system vulnerabilities.
The consequence of the occurrence of a security incident are a function of likely impact that the incident will have on the organization as a result of the harm the organization assets will sustain.
Harm is related to the value of the assets to the organization; the same asset can have different values to different organizations.
So Risk 'R' can be function of four factors:
A = Value of the assets
T = the Likelihood of the threat
V = the Nature of Vulnerability i.e. the likelihood that can be exploited
I = the likely Impact/Extent of the harm.
Cyber Security and Ethical Hacking
To find out, how well your data is actually protected, you really need to hack into your own protected data environment and improve on your lessons learned to protect yourself against other hackers and Black Hat Hackers.
Use Ethical Hacking to try to get access ! Use Network Penetration Testing 'Pen Test', understand devices interaction, methods to crack WEP/WPA/WPA2 encryption, Man-In-The-Middle, ARP Spoofing/Poisonning, Backdooring, Sniffing open ports, read/write/upload/execute files, exploit buffer overflows, extract passwords, cookies, urls, emails, images, pictures, videos, domains, sub-domains, accounts, social media accounts and friends. Bypassing. Social engineering. Pretend fake updates, gain control over computer systems and do Post Exploitation.
If you did well around the topics Data Quality & Data Management, your data quality is good and you do not want everyone on this planet to access and exploit it.
So, make sure, your data is well protected and your data is available only to the people who need to access it.
Personal Data and General Data Protection Regulations
GDPR or General Data Protection Regulations emphasize the principles of Governance & Accountability for processing Personal Data.
As GDPR is regulated & governed by the government, it is key for organizations to demonstrate compliance with GDPR.
In case of questions, don't hesitate to contact us from www.digiGeek.ch !