Implementing Risk Management

Key Risk Management points include:

  • Identify and manage risk within your business. Encourage your workforce to report threats to your company and maintain the details in one or more risk registers. Audit critical systems and identify compensating control requirements.
  • Evaluate risks in terms of probability and severity. An assessment will allow you to take a risk-based approach to determine the priorities and allocation of financial and human resources to improve your security posture.
  • Decide on the approach to treat identified risks. Reduce the overall risk by reducing the likelihood of an event, reducing the impact, removing the source, or sharing the risk with other parties. If mitigation costs are disproportionate to an event’s consequences, risk acceptance is a viable option for consideration.
  • Mitigate risks with tactical remediation and strategic solutions. Identifying risks and fixing current problems is only part of the solution; it is crucial to have robust systems, policies, and procedures to prevent history from repeating itself during ongoing business as usual activities. Fixing backwards and forwards is essential.
  • Implement governance throughout the business. Establish risk committees in multiple areas of the organisation to discuss the most critical threats, the action plans, stakeholder management, and a robust framework for reporting risks to the directors and board members.

Hardware Asset Management

Essential Hardware Asset Management (HAM) points include:

  • Maintain an accurate inventory of hardware. Having a definitive list of hardware assets belonging to your business will allow you to identify rogue devices connected to the network quickly.
  • Identify new assets connected to the network. Capturing data about new assets helps maintain an accurate inventory and helps identify rogue devices.
  • Maintain ownership and responsibility records for portable hardware assets, including tablets, laptops and mobile telephones.
  • Choose the right hardware asset management product to fit your environment. Ensure that the solution works within your technology ecosystem rather than falling into the trap of purchasing and installing a new platform and technologies.
  • Maintain accurate asset valuations for account purposes. An up to date asset register with purchasing information will allow you to generate a current valuation reporting factoring in asset disposal and depreciation. Quickly identify candidates for any hardware refresh projects.
  • Maintain an active support database. Accurate information about each hardware asset, including software installations, will support any troubleshooting activities.

What keeps you awake at night?

Analysis of notes and emails showed that among readers’ feedback and questions, the following eight were the most prominent risk areas and included both current mitigation activity and activity planned for over the foreseeable future.

  • Infected media
  • Legal Implications of data in the cloud
  • Privileged Access
  • Separation of live and development systems
  • Security patching
  • Are publicised risks genuine or politically motivated
  • Tailgating
  • CEO impersonation fraud

Some of our readers reported that they were more concerned about other threats than any specific cyber threat. These areas included:

  • Terrorism
  • Excessive Regulation
  • Increasing Taxation
  • Climate Change

Software Asset Management

Essential Software Asset Management (SAM) points include:

  • Maintain an accurate inventory of authorised software. Knowing what is allowed makes identifying and removing unauthorised software installations more manageable.
  • Ensure that all your software is correctly licensed. Avoid unnecessary purchasing of software licences by limiting usage based on job roles. Reconcile software purchases with software usage.
  • Maintain control over who can install software packages. Avoid ad hoc software installations and proliferation to reduce licence exposure and cyber threats.
  • Ensure that authorised software is up to date and supported by vendors. Reduce exploitable software vulnerabilities.
  • Segregate business-critical software from other lower priority systems. Avoid less important systems from impacting the business.
  • Keep control of software support costs. Accurate information about software usage contributes to avoiding excessively priced support contracts.
  • Choose the right product to fit your business environment. Ensure the solution works with existing platforms and operating systems, and the software works out of the box or with minimum configuration. Avoid the trap of buying software and then paying expensive project and development costs to make it fit for purpose.