Cyber threats are constantly evolving, thus requiring an adaptive approach developed by De Morgan Cyber Security Risk Management to cyber security, where risks and are regularly reviewed, and the appropriateness of your current measures are determined, adapting to this approach is the most effective way of protecting your organisation. Risk management is a key requirement of many information security standards and frameworks, as well as laws
The cyber security measures you implement are based on your organisation’s unique risk profile, using this risk-based approach meaning that you will not waste time, effort or expense addressing irrelevant or unlikely threats.
De Morgan Intelligence can help you develop a security risk management strategy, enabling you to take an adaptive and systematic approach to managing your risks. De Morgan Intelligence Cyber Risk Management takes the idea of real world risk management and applies it to the cyberworld.
Adaptive cyber risk approach
The De Morgan adaptive approach follows the process of identifying, analysing, evaluating and addressing your organisation’s cyber risks. The first stage of this cyber risk management process is a cyber risk assessment. The assessment gives a snapshot of the threats that might compromise your company’s/organisation’s cyber security and an estimate of their severity. The organisation needs to determine what assets it needs to protect and prioritise.
Cyber risk = Consequence of attack x Likelihood of attack
Your organisation’s risk appetite, will influence your cyber risk management programme. Our assessment of your risk acceptable level of risk will then determine how to prioritise, and how you should respond to those risks.
Cyber risk management process
Our Cyber Risk Management Approach will follow the process below:
- We will identify the risks that might compromise your cyber security. This will involve identifying cyber security vulnerabilities in your system and the threats that might exploit them.
- The severity of each risk will be analysed by assessing the likelihood of occurrence, and the significance of its impact should it occur.
- Make an evaluation of how each risk fits within your risk your level of acceptable risk.
- Prioritise the risks.
Decide on the response to each risk, using one of the four options below:
- Treat: by modifying the likelihood and/or impact of the risk, usually by implementing security controls.
- Tolerate: by making a decision to keep the risk, this will be because it falls within your level of risk acceptance.
- Terminate: by completely avoiding the risk, by ending or changing the activity causing the risk.
- Transfer: by sharing the risk with others, this could be by outsourcing or taking out insurance against the risk.
As cyber risk management is a continual process, your risks must be continually monitored to make sure they are still acceptable, and controls must be reviewed to make sure they are still fit for purpose, with changes made as and when required. The De Morgan Risk Management approach and service can be applied to organisations of any size, and any combinations or types of IT infrastructure.
Have a question? We’re here to help.
You can reach us through our contact form, by email, or by phone. We will get back to you within 1 business day.
Contact De Morgan Intelligence Cyber & Risk Management