Skip to main content

Key to Cyber Security: Analyzing Risk

Text to include: As technology continues to develop, so will cyber security trends

Cyber security entails protecting vulnerable information from threats to steal, corrupt or block the transmission of that information. Whether the information originates from a national security source, the military, a financial institution, a corporation, a healthcare provider or an individual citizen, a crucial factor in protecting critical information is recognizing the potential threats to the security of that information. Risk analysis in cyber security is the first step in protecting information from external or internal threats.

Risk analysis in cyber security seeks to help an organization, corporation or individual understand its vulnerabilities to cyber attacks on private information. Cyber attacks take the form of threats to an organization’s or individual’s assets (whether financial, material or otherwise), mission, daily operations or reputation. When organizations and individuals understand the potential cyber threats they face, they can protect their information and assets accordingly.

NIST Cyber Security Framework

The National Institute of Standards and Technology (NIST) has established a Cyber Security Framework for improving the critical infrastructure involved in national, corporate and individual cyber security. A key aspect of the NIST framework is the use of risk analysis in cyber security. The NIST framework strongly encourages organizations to conduct risk assessment as the first proactive measure in protecting vital information assets.

The NIST framework recommends six steps in a typical risk assessment:

  1. Identify and document asset vulnerabilities.
  2. Identify and document internal and external threats.
  3. Acquire threat and vulnerability information from external sources.
  4. Identify potential business impacts and likelihoods.
  5. Determine enterprise risk by reviewing threats, vulnerabilities, likelihoods and impacts.
  6. Identify and prioritize risk responses.

Each of these risk analysis in cyber security steps should lead an organization to a more thorough understanding of the specific risks involved in its daily operations. With millions of daily opportunities for information breach, organizations should understand not only the general threats in the cyber world at large but also the threats specific to their industries and organizations. They need to assess who has potential access to their assets and could cause harm, which assets are at risk, what types of harm malicious players could cause, and what types of consequences could result.

Practical Steps for Conducting Risk Analysis

Organizations can take practical steps to conduct risk analysis of cyber threats to their vital information assets. These assets could include financial details, network passwords and security measures, personal information of employees and customers, or intellectual property critical to a business’s operations. Following asset identification, organizations must inventory every storage location for these assets, including file servers, databases, computer drives, mobile devices or the cloud.

After organizations clearly identify information assets and their locations, they can begin developing and testing protective measures. An organization’s internal information security department — trained in cyber security — can conduct this risk analysis, or they can enlist the services of a cyber security consulting firm.

Conducting a risk analysis of cyber security threats is an essential component of any organization’s overall cyber security program. Without the initial risk assessment, the remainder of the cyber security program has no ground to stand on. An MBA in Cyber Security offers graduate students a business management foundation and the methodology to evaluate cyber security vulnerabilities.

Learn about the UT Tyler online MBA with a concentration in Cyber Security program.


Sources:

SecurityMagazine.com: Best Practices for Conducting a Cyber Risk Assessment

Illusive Blog: 5 Steps to Cyber Security Risk Assessment

Related Articles

Our Commitment to Content Publishing Accuracy

Articles that appear on this website are for information purposes only. The nature of the information in all of the articles is intended to provide accurate and authoritative information in regard to the subject matter covered.

The information contained within this site has been sourced and presented with reasonable care. If there are errors, please contact us by completing the form below.

Timeliness: Note that most articles published on this website remain on the website indefinitely. Only those articles that have been published within the most recent months may be considered timely. We do not remove articles regardless of the date of publication, as many, but not all, of our earlier articles may still have important relevance to some of our visitors. Use appropriate caution in acting on the information of any article.

Report inaccurate article content:

Request More Information

Submit this form, and an Enrollment Specialist will contact you to answer your questions.

  • This field is for validation purposes and should be left unchanged.

Or call 877-588-3286

Begin Application Process

Start your application today!

or call 877-588-3286 877-588-3286

for help with any questions you may have.