Table of Contents
Exam Objectives 📚
Candidates must be able to understand the key concepts related to risk management. Students will be able to:
5.3 Given a scenario, assess cybersecurity risk and recommend risk mitigations
Identify threats to an organization
Identify vulnerabilities to an organization
Identify risks to an organization
Recommend specific risk mitigations
Determine benefits of a particular risk mitigation
Determine the trade-offs of a particular risk mitigation
Evaluate the effectiveness of a particular risk mitigation
Develop a risk management plan
Develop a cybersecurity strategy
Case Study: Meeting Our Client 🤝
AKYLADE Learning Company (ALC), is a leading provider of online asynchronous training programs, that specializes in helping students prepare for certification exams across various industries.
As an e-learning platform, ALC relies heavily on technology infrastructure, data storage, and online communication channels to deliver its training content to students worldwide.
With a vast amount of sensitive student data, including personal information and exam results, the company must prioritize cybersecurity and safeguard its systems and data’s confidentiality, integrity, and availability.
Like many organizations operating in the digital space, ALS faces numerous cybersecurity risks.
Threats such as data breaches, ransomware attacks, and unauthorized access pose significant challenges to the company’s operations and reputation.
Additionally, vulnerabilities in their technology infrastructure, employee awareness, and third-party dependencies create potential entry points for cyberattacks.
It is crucial for Akylade to conduct a thorough assessment of these threats and vulnerabilities, identify the associated risks, and implement effective risk mitigations to ensure the security and resilience of their operations.
Identifying Threats ⚠
Malware and ransomware attacks
Social engineering attacks
Attacks by insider threats
Identifying Vulnerabilities 🐞
Inadequate patch management
Weak access controls
Insecure third-party dependencies
Identifying Risks 📊
Risk = Threat x Vulnerability
Risk = (Malware attack) x (Inadequate patching)
Likelihood
Potential impact
Risk prioritization
Risk Mitigation Recommendations 🛡️
Benefits and Trade-offs of Risk Mitigations ⚖
Benefits:
Can reduce the risk of exploitation
Trade-offs
Increased costs?
Additional resource requirements?
Changes in user experience?
Potential disruptions to existing workflows?
Evaluating Effectiveness 🔍
Post-implementation assessments
Make informed decisions
Risk Management Plan 📍
Structured approach to managing risks
Outline processes and procedures for:
Regularly monitoring risks
Reviewing control effectiveness
Assessing the organization's overall risk posture
Cybersecurity Strategy ♟
Provides a roadmap
Conclusion and Touchpoints ✅
Case studies help explore the process of assessing cybersecurity risks and recommending risk mitigations
Begin by identifying threats and vulnerabilities specific to the organization and thoroughly examining their risks.
With a clear understanding of the risks, proceeded to propose targeted risk mitigation strategies tailored to the organization’s unique circumstances
Taking a systematic and tailored approach to manage risks is key
To comprehensively understand their risk landscape, combine:
Threat identification
Vulnerability assessment
Risk analysis
This enables prioritization of risks based on their potential impact and likelihood, to direct efforts and resources toward the most critical areas
Risk management is ongoing
Cybersecurity risks evolve continuously, making it essential for organizations to establish a continuous monitoring and adaptation culture
Recommended risk mitigation strategies after a CSF assessment should be regularly assessed for their effectiveness, with adjustments made as necessary to ensure optimal protection
Following the case study process outlined in this lesson, organizations can strengthen their cybersecurity posture and effectively safeguard their assets
A systematic approach to risk management and tailored risk mitigations enables organizations like ALS to mitigate threats, reduce vulnerabilities, and create a more resilient cybersecurity foundation
