Cyber-Security Risk Assessments and You.

Another day, another data breach. Millions affected. NPI, PHI, PI. What if it’s your company? Are you subject to breach disclosure laws? If so, do you know where to start and what your timeline for disclosure is? Even still, an unknown risk level can impact cyber insurance prices, and if you’re in the market for cyber insurance, you’ll need to have one performed.

Risk assessments are nothing new, and there’s a decent chance you already have one or more in place, and hopefully are returning to them with some regularity. Cyber-security represents the new addition to your risk assessment arsenal.

So what is a cyber-security risk assessment, and what can you hope to accomplish having done it? According to the NIST, “Risk assessments are used to identify, estimate, and prioritize risk to organizational operations (i.e., mission, functions, image, and reputation), organizational assets, individuals, other organizations, and the Nation, resulting from the operation and use of information systems.”

Quite the mouthful. Also, it’s unlikely that a data breach within your organization represents a national security risk. But the point here is to identify risk points for decision makers, and to provide actionable items in response to those risks.

In that vein, what you should seek to identify in your assessment is:

The relevant threats your company faces;
Current internal and external vulnerabilites;
Business impact of successful exploitation;
Likelihood of that exploitation;

With that information in hand, you can begin to implement or modify technologies and processes to mitigate your cyber-security risk, and then you can revisit the assessment annually (or more often) as an operational baseline for your business’s overall security posture.

By identifying and analyzing business risk and vulnerability based on industry, business process, and other factors, a cyber-security risk assessment from Envision Technology can: