Risk Assessment / Management Case Study

How has a leading manufacturer established a watertight risk management process to augment cyber security practices?

In recent years, cyber attacks have become major front page issues to companies, businesses and nation states alike. The need for more accurate and reliable risk management models is therefore imperative.
Today, cybersecurity risk management is often carried out on a qualitative basis, where risks are evaluated to a predefined set of categories such as low, medium or high.

This case study aims to challenge that practice, by presenting a pragmatic approach that quantitatively assesses risks as a way for guiding priorities and identifying gaps. The ultimate goal is primarily to identify, quantify and control the key threats that are detrimental to achieving business objectives.

Lernziele

• Discuss how to quantify the risks in terms of business impact, and establish cyber resilience
• How to raise awareness amongst information security and cyber security managers on how to communicate with the management board
• Establishing which risk management metrics needed to be communicated, what needed to be articulated and what those risks means to the board
• How was the risk management/assessment profile presented to the board to strengthen the case for budget approval
• Understand the impact of regulation on risk management activities