RSA, the security division of EMC has announced a new framework designed for companies to inventory and prioritize cyber risks.
The framework, issued in a report RSA prepared with support from Deloitte Advisory Cyber Risk Services, gives organizations a new way not only to factor cyber risk into their overall risk appetite but to define the level of cyber risk they are willing to accept in the context of their overall business strategy.
As businesses strive to improve performance, many of the fundamental moves they undertake expose them to new cyber risks. Since organizations can’t turn the clock back on globalization, outsourcing, extending their third-party networks and moving to the cloud, they will need to realign their thinking about risk. The report, entitled “Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise,” concludes that organizations need a systematic process for defining and comprehensively categorizing sources of cyber risk, a new accounting of key stakeholders and risk owners, and a new way to calculate cyber risk appetite.
First, organizations need to redefine the term “cyber risk.” The term extends beyond hacks – planned attacks on information systems. While hacks are an important part of the equation, cyber risk encompasses a wider range of events that lead to potential of loss or harm related to technical infrastructure of the use of technology within an organization.
The paper provides a practical framework for inventorying and categorizing cyber risks across two dimensions of intent. Cyber risk events could be the result of deliberately malicious attacks, such as a hacker carrying out an attack with the aim of compromising sensitive information. They could also be unintentional, such as user error that makes a system temporarily unavailable. Risk events may come from sources outside the organization, such as cybercriminals or supply chain partners, or sources inside the organization such as employees or contractors.
To effectively assess their cyber risk appetite, the report recommends that organizations take a comprehensive inventory of these cyber risks, quantify their potential impact and prioritize them. Organizations need to ask the right questions, such as what losses would be catastrophic, and what information absolutely cannot fall into the wrong hands or be made public. They need to prioritize the risk according to impact, ranking mission- and business-critical systems ahead of facets like core infrastructure and extended ecosystem (supply chain management applications and partner portals) and external public facing points of interaction. Prioritization needs to be an ongoing process involving constant evaluation and re-evaluation.
The report concludes that an organization’s ability to quantify cyber risk and make informed decisions about their cyber risk appetite will put them in a position to succeed. Some costs can be easily quantified: costs that include fines, legal fees, lost productivity and mitigation remediation and incident response. Other costs can be more difficult to determine – like diminished brand equity, reduced goodwill and the loss of intellectual property. Organizations need to develop the ability to demonstrate that the investments they are making align with the risks they face.
Emily Mossburg, partner, Deloitte & Touche LLP and Deloitte Advisory Cyber Risk Services Resilient Practice Leader
“The very fundamental things that organizations undertake in order to drive performance and execute on their business strategies happen to also be the things that actually create cyber risk. Cyber risk is an issue that exists at the intersection of business risk, regulation, and technology. Executive decision-makers should understand the nature and magnitude of those risks, consider them against the benefits a strategic shift would deliver, and then make more informed decisions.”
David Walter, RSA GM, Global GRC
“Cyber risk is a critical issue in today’s organizations, touching aspects of business risk, regulation and technology. To effectively deal with these risks, executive decision-makers need to understand their organizations’ cyber risk appetites’ – balancing the nature and magnitude of those risks against the benefits a strategic shift would deliver. Then they can make more informed decisions.”
Win a Poster Heater with Gadget and Takealot.com
This winter Gadget and Takealot.com are giving away three Poster Heaters, which look like posters but become heaters when you plug them in.
Three Gadget readers will each win a unit, valued at R550 each. To enter, follow @GadgetZA and @Takealot on Twitter and tell us on the @GadgetZA account how many Watts the heater consumes.
What’s the big deal about these heaters? Many of us are struggling to keep the balance between soaring electricity costs and the need to keep warm this winter.
However, the recently launched Poster Heater by EasyHeat and distributed in South Africa by Takealot.com is not only one of the most cost effective electric heaters currently on the market, it is also easy to setup and use.
As the name indicates, it is a poster similar to one you would hang on a wall. But, plug it in and it turns into a 300 Watt heater. The Poster Heater isn’t designed to heat hallways or large rooms, but rather smaller ones like a bedroom or a baby’s nursery or a dressing room.
It uses radiant heating, which means that it heats up in a couple of minutes and the heat is directed at the objects or people around it, quickly taking the chill out of the air and providing a comfortable ambient temperature.
The other advantage of radiant heating is that it doesn’t dry out the air like infrared or gas heaters. Users also don’t have to worry about their children or pets getting too close to it because, even though it gets hot, it can be touched.
To enter the competition follow the steps below:
Competition entry details:
3. The competition closes on 31 July 2018.
4. Winners will be notified via Twitter on 1 August and Takealot.com will be in touch to organise delivery.
5. The competition is only open to South African residents.
Happy Emoji Day! Here’s 10 reasons to be cheerful
First created by Shigetaka Kurita in 1999, the emoji has become a huge part of everyday communication. Whether you love them or hate them, flying dollar bills, applauding hands and rolling eyes are here to stay.
Scientist suggest that the use of emojis will help us gain the same satisfaction from digital interactions as we enjoy from personal contact.
Almost two decades later, and we have over 2600 unique emojis to perfectly express what we feel, thank you Mr Kurita! Join HMD, the home of Nokia phones as we celebrate World Emoji Day on the 17th of July with these interesting emoji facts:
The most popular emoji used is “Person Shrugging”
1. The Nokia 3310 was chosen as one of the first 3 “National” emojis for Finland… it represents unbreakable!
2. South Africa’s favourite emoji is the “Kiss and wink”… how sweet SA!
3. French is the only language where a ‘smiley’ does not top the list for its use
4. On average, over 60 billion emojis are sent on Facebook every day
5. For the first time ever, the Oxford Dictionaries Word of the Year was a pictograph! The “Face with Tears of Joy” was crowned word of the year in 2015
6. According to Emojipedia, some of the most requested emoji’s include afro, a bagel and hands making a heart
7. To include all races, a diversity pack was released in 2017
8. It has become so trendy that the Museum of Modern Art displays the original emoji collection on canvas
9. In 2009, Herman Melville’s classic Moby Dick was completely translated into emoji’s