From the course: ISC2 Certified in Cybersecurity (CC) Cert Prep
Understanding risks
From the course: ISC2 Certified in Cybersecurity (CC) Cert Prep
Understanding risks
- The main responsibility of a cybersecurity professional is to manage risk. Our organizations face many different kinds of risk and it's our job to identify, assess and manage those risks to protect our information and assets. As we begin our exploration of risk, let's talk about some different kinds of risk that exist in our everyday world. First, we can divide risks into the categories of internal and external risk. Internal risks are those that arise from within our organization. For example, if the way that you process checks creates an opportunity for employees in the accounting department to commit fraud, that's an example of an internal risk. You can often address internal risks by adding internal controls. In the accounting example, adding two-person control to the issuance of checks might reduce the risk of fraud. External risks are those where the threat originates outside of our organization. For example, the risk of an attacker targeting your organization with a ransomware attack is an external risk. You can't do much to stop the attacker from attempting the attack, but you can build controls that reduce the likelihood that the attack will be successful such as the use of multifactor authentication or social engineering threat awareness campaign. The next type of risk covered on the exam are multi-party risks. These are risks that are shared among many different organizations. For example, if a Software as a Service provider is compromised, that's a multi-party risk, because that compromise poses a risk to all of the customers of the service provider. Legacy systems also pose a unique type of risk to the organization. It's often difficult to secure older systems especially those that are no longer supported by the manufacturer. Any organization using legacy systems should consider replacing them with a modern solution or they should carefully design a set of security controls that will mitigate the legacy risk. In the information age, the value delivered by many businesses resides in their intellectual property. If attackers are able to alter, destroy or steal this information it would cause significant damage to the business. Therefore, intellectual property theft poses a risk to information-based organizations. Finally, make sure that you consider the risk associated with software license compliance issues. Businesses often go to great lengths to protect their intellectual property investment and software including performing audits of organizations and assessing significant fines to those who are violating their license agreements. It's a good idea to use license monitoring software to manage your software license compliance efforts.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.