Cyber Risk Management Terminologies
ฝัง
- เผยแพร่เมื่อ 17 ก.ย. 2024
- "In this video, I will discuss certain terminologies relating to managing cybersecurity risks. The first one is confidentiality, which is also a cornerstone of cybersecurity. It aims to prevent unauthorized disclosure of your data or information.
The second cornerstone is integrity, which seeks to prevent unauthorized modification to your data and ensures that the data is complete and accurate.
The third cornerstone is availability, which ensures that information is available when required. Confidentiality, integrity, and availability are collectively known as CIA triad in cybersecurity. When designing any IT system, you ensure all these three cornerstones.
A threat is any negative occurrence, and a vulnerability is a weakness in your IT system. A threat may or may not be relevant to your IT system, while a vulnerability is always a weakness in your IT systems. When a threat exploits a vulnerability, there are chances of such exploitation leading to a risk. Every threat is not relevant, but when a relevant threat exploits a weakness in your system, it becomes a risk.
Once such risks occur over a period of one year and incur certain costs, this cost over the period of one year is called Annualized Loss Expectancy (ALE). To prevent this, you deploy a safeguard. A safeguard is a measure taken to reduce the risk. There is a cost associated with deploying and operating this safeguard, known as Total Cost of Ownership (TCO).
Lastly, you have ROI (Return on Investment) because any risk can cause damage to you in terms of investment, hacking of your IT system, damage to your reputation, or legal penalties. The cost incurred due to these risks will likely be greater than the cost of your safeguard. Therefore, ROI is the money saved by deploying a safeguard that provides protection against risks
