6 Foundations of cyber risk

 

This chapter covers

  • Fundamentals of access management
  • Evaluating and prioritizing risks
  • Continuous refinement of security measures

A strong cybersecurity framework starts with a clear understanding of an organization’s assets, possible risks, and how to continuously improve security measures. This chapter explores the critical aspects of asset management, risk evaluation, and security enhancement, providing a structured approach to identifying and mitigating threats before they affect business operations.

Asset management is the backbone of cybersecurity strategy, granting organizations clear visibility into their systems, data, and dependencies. Effective protection is nearly impossible without awareness of existing assets. This includes everything from hardware and software inventories to cloud resources and third-party dependencies.

Risk assessment complements asset management by evaluating the vulnerabilities, threats, and potential business effects of security incidents. Understanding the likeli­hood and consequences of various cyber threats allows organizations to prioritize security investments and allocate resources effectively. A structured risk assessment process ensures that security efforts align with business objectives, regulatory requirements, and evolving threat landscapes.

6.1 Identify

6.2 Asset management

6.2.1 Asset management metrics

6.2.2 Asset management metrics exercise

6.3 Risk assessments

6.3.1 NIST 800-30: Guide for conducting risk assessments

6.3.2 Risk assessment metrics

6.3.3 Risk assessment metrics exercise

6.4 Continuous improvement

6.4.1 Continuous improvement metrics

6.5 Identity metrics exercise

Summary