What Cybersecurity Risk Management Plan Does Your Business Need?
- Post by Janet Gehring
- April 12, 2018
You may know someone who’s been a victim of a cybersecurity attack. Or, maybe you’ve experienced it first-hand. The clean-up is time-consuming and expensive. A cybersecurity risk management plan will help keep your business safer.
Here’s a definition:
“Cybersecurity Risk Management” means technologies, practices, and policies that address threats or vulnerabilities in networks, computers, programs and data, flowing from or enabled by connection to digital infrastructure, information systems, or industrial control systems, including but not limited to, information security, supply chain assurance, information assurance, and hardware and software assurance.
Here’s a more simple approach:
Threats + Vulnerabilities + Likelihood + Impact = Risk
Let’s look at each one of these elements in the context of cybersecurity:
Combined, these elements define your cybersecurity risks.
A cybersecurity risk management plan includes several steps. You’ll need to identify the information you have, determine the level of protection it requires, and then implement and monitor that protection. Seek expertise to help you make informed decisions. Generally, you’ll include legal, insurance, and IT professionals and internal staff.
To learn more and see sample worksheets to help get you started, check out Small Business Information Security: The Fundamentals, a free resource published by NIST.
If you’d like to learn how CRU Solutions can help keep your business safer, contact us.