Skip to Main Content
Stepping Through Cybersecurity Risk Management
book

Stepping Through Cybersecurity Risk Management

by Jennifer L. Bayuk
March 2024
Beginner content levelBeginner
336 pages
10h 10m
English
Wiley
Content preview from Stepping Through Cybersecurity Risk Management

5Assessments

The journey from risk appetite to security operations is complicated and thus often plagued with loose ends that may create gaps in compliance with enterprise policy as well as industry and regulatory standards. Therefore, a CISO should have some kind of a feedback loop to provide assurance that the cybersecurity policies, processes, standards, and procedures (PPSP) actually resulted in the risk appetite reduction that policy is designed to produce. In some organizations, the assurance is achieved with a formal risk assessment led by the CRO wherein each business process owner compares their own operations to enterprise PPSPs. Because it is performed by the organization under review, this is referred to as a Risk and Control Self Assessment (RCSA). Organizations may also conduct or contract regulatory and/or best practice assessments that compare their cybersecurity program to some well‐defined standards like HIPAA or NIST CSF. Another assessment methodology is a “pentest,” an amalgam of the words “penetration” and “test.” It is a test by cybersecurity professionals trained in the tactics of threat actors. They scan enterprise systems for vulnerabilities in public‐facing sites and if any are found, exploit the vulnerable to gain access to internal systems; that is, to penetrate them. A more formal assessment is the one by independent evaluators who analyze risk in the context of PPSPs, and also collect tangible artifacts of the cybersecurity program to identify ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Risk Management for Cybersecurity and IT Managers

Risk Management for Cybersecurity and IT Managers

Jason Dion

Publisher Resources

ISBN: 9781394213955Purchase Link