From the course: Cyber Crisis Management with NIST Cybersecurity Framework (CSF) 2.0
Conducting and utilizing risk assessments
From the course: Cyber Crisis Management with NIST Cybersecurity Framework (CSF) 2.0
Conducting and utilizing risk assessments
- Let's talk about conducting and utilizing risk assessments. By the end, you'll know how to check your organization's cyber risks. We're in the Risk Assessment activity underneath the Identify function in the NIST Cybersecurity Framework. The identifier is ID.RA. Think of risk assessment like checking your car before a long trip, you need to know what could go wrong to stay safe on the road. Let's dive into how to do a good risk assessment. First, let's talk about finding vulnerabilities. It's like looking for weak spots in your car. You might use tools like vulnerability scanners. These are like a mechanics checklist for your cyber systems. Next, we need to understand threats. Threats are like bad weather or reckless drivers on the road. They could be hackers, malware, or even careless employees. Knowing your threats helps you prepare better. Then we assess the impact of risks. This is like figuring out what could happen if your car breaks down. You could lose data, face downtime. What about harm to your reputation? Understanding the impact helps you prioritize your defenses. Let's look at a real world example, the 2019 Norsk Hydro ransomware attack. It was caused by an infected email that initiated the LockerGoga malware. The attack began with a phishing email that was opened by an employee allowing the malware to spread throughout the company's network. They failed to mitigate a known threat, an employee error caused by emotional manipulation at a distance, also known as social engineering. It's like ignoring a warning light on your car's dashboard. This led to a massive disruption that shut down the entire company for weeks. When doing your risk assessment, consider these points. Do you really know your top five cyber risks? Have you allocated your budget based on top risks? Are you aware of the latest cyber threats? Do you know how a breach would impact your business? Are you updating your assessment as things change? Remember, risk assessment is ongoing. It's like regular car maintenance, not a one-time checkup. Your task now is to evaluate your current risk assessment process. How often do you do it? What tools do you use? Who's involved? In the cyber world, knowing your risks is half the battle. With good risk assessment, you'll be ready for the cyber road ahead.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.