This chapter covers:
- Management of Risk
- Assets, threats, vulnerabilities and risks
- Actions to address risks and opportunities
2 Risk management
Management of cyber resilience is largely about managing risks: identifying things that might happen, assessing how likely they are to happen and what impact they might have, and deciding what action to take. This action typically includes implementing balanced controls to prevent incidents where possible, detect incidents that couldn’t be prevented and take corrective action to protect the business where needed. People usually think of risks as being possible negative outcomes, ...