Cyber Risk Framework – Prioritize Assets

Cyber risk is one of the top business risks today.  Information technology continues to evolve and cyber risk continues to escalate.  It is important that all individuals understand the basics of cyber risk and threats.  In addition, organizations must learn to develop effective cyber risk programs and appropriately measure cyber risk. This course is complementary the other Cyber Risk courses this presenter has prepared.

As discussed in the segment on cyber risk management frameworks, multiple risk management frameworks exist and can be effectively utilized by organizations to establish their cyber programs.  These learning segments utilize the NIST Framework (National Institute of Standards and Technology (NIST) established by executive order in February 2013) as a template for assisting in understanding the various components that should be assessed related to cyber risk. Separate segments delved into the specifics around performing a Cyber Risk Assessment (RA) and the “identify” function. This function assists organizations in knowing what assets may be at risk for a cyber-attack/cyber breach. Once assets are identified, the NIST framework suggests organizations then protect those assets.
 

In order to right-size your cyber security efforts, organizations must develop a process to properly prioritize their assets and apply cost balanced mitigation controls. This segment will evaluate various methods to assign priorities to identified assets.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.