{"id":52453,"date":"2017-07-20t05:00:36","date_gmt":"2017-07-20t09:00:36","guid":{"rendered":"https:\/\/48e130086c.nxcli.net\/?p=52453"},"modified":"2017-10-01t09:51:31","modified_gmt":"2017-10-01t13:51:31","slug":"focus-cyber-risk-not-just-security","status":"publish","type":"post","link":"\/\/www.g005e.com\/2017\/07\/20\/focus-cyber-risk-not-just-security\/","title":{"rendered":"focus on cyber risk, not just security"},"content":{"rendered":"
<\/a>take a comprehensive and holistic approach that includes your business strategy. by donny c. shimamoto<\/em><\/p>\n cybersecurity is a huge buzzword right now. businesses are worried about it, people are worried about it and vendors are trying to sell you cyber protection solutions.<\/p>\n more:<\/strong> making it matter to accountants<\/a> | <\/i>it nerds need budget help<\/a> | <\/i>8 ways to wrestle software subscriptions into submission<\/a> | it hardware gets even more complex (great!)<\/a> | <\/i>how accounting geeks and techie nerds can play nicely together<\/a> attending a cybersecurity webinar or seminar is also not for the faint at heart. even i, an it specialist in the cpa profession, often leave those events scared to put any of my personal data anywhere online. what\u2019s the difference? cybersecurity draws its roots from information security (infosec) and is primarily focused on confidentiality, availability and data integrity. confidentiality and privacy are what people are usually worried about when they think about cyber risks \u2013 whether information they want to keep secret is protected from unauthorized disclosure or a data breach.<\/p>\n ransomware attacks have also brought availability to top of mind \u2013 that systems are available when they need to be used. previously the distributed denial of service (ddos) attacks that brought down many websites, even amazon and ebay, in 2008 were the prime example of an availability threat.<\/p>\n and last, but not least, data integrity is focused on ensuring that data is not destroyed, corrupted or lost, and that it can be recovered if such an adverse event were to occur.<\/p>\n because many of the threats and preventive measures in these areas are technology-based, cybersecurity tends to be primarily technical\/automated controls-focused with some attention to the accompanying administrative and monitoring controls.<\/p><\/blockquote>\n cyber risk management involves a much more comprehensive and holistic approach than cybersecurity. drawing from overall corporate governance and risk management disciplines, cyber risk management takes a much broader approach and requires a much broader skillset to perform effectively.<\/p>\n the diagram below shows the relationship between it governance, it risk management (synonymous with cyber-risk management) and the \u201cit department.\u201d we have the it department in quotes, recognizing that in smaller organizations this is probably an it service provider rather than a unit internal to the organization.<\/p>\n
\n<\/strong><\/p>\n
\nexclusively for pro members. <\/span><\/strong>log in here<\/a> or 2022世界杯足球排名 today<\/a>.<\/span><\/p><\/blockquote>\n
\n
\nyet in today\u2019s interconnected world, we don\u2019t really have a choice anymore. and that\u2019s why you need to pay attention to cyber risk management, not just cybersecurity.<\/p>\n