Risk Mitigation
Risk Management Standards Australia
- Process
- Scope planning and process
- Determine the scope of the risk assessment
- Identify the assets and processes that may be vulnerable to an attack. Identify cybersecurity risks
- Analyse risks and determine the potential impact
- Determine and prioritise risks.
Document all risks
- Risk owner — the individual or group responsible for ensuring that the residual risks remain within the tolerance level
- Risk scenario
- Identification date
- Existing security controls
- Current risk level
- Treatment plan — the planned activities and timeline to bring the risk within an acceptable risk tolerance level
- Residual risk — the risk level after the treatment plan is implemented
- Progress status — the status of mitigating future risk
Address the cyber security PPT. (People, Process, Technology)
People, process, and technology (PPT) refers to the security methodology in which the balance of people, process, and technology drives action:
People perform a specific type of work for an organisation using processes (and often, technology) to secure and improve these processes.
Document all risks
People, process, and technology (PPT) refers to the security methodology in which the balance of people, process, and technology drives action:
People perform a specific type of work for an organisation using processes (and often, technology) to secure and improve these processes.
Types of risk · Loss· Integrity · Exfiltration
Risk Mitigation
- How to reduce
- What are my biggest threats?
- How to reduce
- What are my biggest threats?
People
- Human Error
- Malicious insider
- External attacks
Vendors
- Insecure vendors
- Vendor access rights
- SLA no sufficient
Technology
- Patching
- System Vulnerabilities
- Unmonitored network
- Insecure account access / MFA§ Privileged users
- Application controls
- Backup Recovery
The steps to reducing the risk of cyber security attacks
Keep your software to date
The software running on businesses’ computers are vulnerable to cyber-attacks and exploits.
All software updates should be applied as soon as possible to prevent your business to be targeted for known vulnerabilities that can lead to unauthorised access and thus data leakage, theft, or compromise.
Protecting your business from threats can be avoided if it is managed.
- Apply updates as soon as they become available.
- Automate updates as much as possible, so you don’t have to monitor systems constantly.
- Use vendor update services rather than accessing them directly to ensure authenticity (they should also update automatically).
Restrict access
Organisations should take security measures to protect privileged access. Access levels should be assigned based on risk exposure and as necessary to maintain operations.
When it comes to privilege management, these risk mitigation strategies can help your organisation:
- Escalated administrative access or one-time passwords/tokens with procedural policies designed to reset credentials, such as password authentication services securely.
- Procedures should also be in place to securely reset passwords or other types of credentials when compromised so that high-value assets are not inadvertently exposed.
Disaster recovery plan
Data loss is a real possibility. It is not just natural disasters or cyber-attacks but also human error and hardware failure and it happens to businesses of all sizes.
Cyber security professionals will have a key part in the risk mitigation strategy The risk mitigation plan should protect critical data and records to ensure continuity of operations in the event of unexpected events.
For added protection, backups should be encrypted and stored offline when possible, support full recovery and reconstitution of systems and devices, perform periodic testing, and evaluate updates to the backup plan as needed to reflect the ever-changing network environment.
Remove outdated hardware
As any system administrator knows, you need to take stock of the devices and software on your network. Remove unwanted or unnecessary hardware as possible. This way, you can take control in the future and reduce the attack. surface even further than before.
As part of the risk mitigation process, your systems must be actively managed, which means they must be able to dynamically adapt to changing threat environments while allowing you to scale and streamline management tasks for optimal operational efficiency.
Ensure signed software policies
To ensure your computer’s security, you must use a modern operating system that enforces signed software execution policies for scripts, executables, and device drivers.
It is recommended that all devices support the use of authorised programs and devices and that their digital signature can identify on specific machine-readable media, e.g. USB drives connected through ports on the front of desktops.
No single-factor authentication
Include multi-factor authentication in your risk mitigation plans. Organisations should abandon single-factor authentication, such as passwords and PINs. Often users will choose passwords that are easy to remember or use security questions that are easy to guess.
With a two-step verification process that includes something you have such as a security token or receiving a text message on an identified work phone will improve your companies online security.
Our cyber security experts are here to help
We work with businesses of all sizes to help them identify, and then manage their cyber security risks.