Organizing Cyber Security Risks in a Company

Digitally Connected World

Looking Back 5 Years, Looking Forward 5 Years in our Digitally Connected World

In the past five years, we have functioned in a fully digital age, where data is mainly exchanged electronically, and the “cloud” systems are relied on to store so much of our information both in the workplace and at home. The most important system updates made in organizations, both long-established and just starting, are cyber updates. It is easy to see that in the next five years, our developed world’s standard means of information exchange and storage will be functioning in an entirely digital way. Hence it has become a necessity to have Information and Communication Technology (ICT) support so that we may communicate and store all our different types of information, while avoiding or addressing the pitfalls that occur in doing so.

Just like the common cold virus, cyber security risks are constantly spreading and evolving, often in uncertain and unpredictable ways. So, we must constantly keep up with such evolving and multiplying dangers by keeping up strong immune systems, developing vaccines for the known viruses, and creating treatments for infections. All are basic measures that we embed in our regular lives, so that we can function as we mean to function without much hindrance throughout the course of the year. Given the ever-changing nature of Information Communication Technology in its hardware, software, and network systems & storage, the lasting and maintainable solutions requires basic human measures, for organizations to inhabit their own appropriate culture and habits of healthy, maintainable cyber security.

The high reliance on technology and lack of understanding of cyber security is a primary reason for information security breaches. Organizations must become aware of the range of cyber risks inherent in their systems.

To be aware of an organization’s risks, as well as understand and address them, we can first compile a list of risks and organize them into types. After we do so, we can better see our vulnerabilities and their extent, and contemplate the appropriate action for a good solution and the right level of its application. One established way of collecting and organizing the risks is through using the “Parkerian hexad,” where any information security breach can be categorized in one of six ways. Chapter 1 of “Operational Risk Perspectives: Cyber, Big Data, and Emerging Risks” provides the following six intuitive attributes any company would have as part of a connected world, and with digitally managing information, a company risks a loss of one of those attributes. The Parkerian hexad attributes and descriptions for categorizing cyber security risks in the Chapter are as follows:

1. Availability: Loss of access to information, whether due to technical failure (ie. disk failure) or deliberate attack (ie. a denial of service attack).

2. Utility: A loss in the usefulness of data, such as secure but unusable data due to a loss of encryption password or data that is stored in an obsolete format.

3. Integrity: A change to the accuracy and soundness of the information held, which could be an accidental or unauthorized change such as data corruption.

4. Authenticity: Attempts to modify the origin or authorship of information, such as the theft of a digital signature

5. Confidentiality: Unauthorized access or use of sensitive information (ie. customer data)

6. Possession:A loss of possession or control over information, but not necessarily a breach of confidentiality, such as the loss of an encrypted data device.

This is one useful way of starting to systematically and robustly think about managing cyber security risk for your company. To come up with a practical, sustainable system within your company’s capacity, it is always best practice to seek professional advisement from a cyber security company, as they can provide tailored prescriptions and procedures right for your organization.

Credit:
Ashby, Simon and Phippen, Andy. “Cyber Security.” Operational Risk Perspectives: Cyber, Big Data, and Emerging Risks, Risk Books, 2016, pp. 3-23