Summary

This document is a chapter on identifying and managing Key Risk Indicators (KRIs) for Cybersecurity Technicians. It discusses the importance of KRIs in risk management and provides details on how to effectively use them. The overall goal is to proactively identify risks before they negatively impact an organization.

Full Transcript

Certified Cybersecurity Technician Exam 212-82 Risk Management Key Risk Indicators (KRI) ;EI...

Certified Cybersecurity Technician Exam 212-82 Risk Management Key Risk Indicators (KRI) ;EI ;:D A key risk indicator (KRI) is an important component of an effective risk management process that shows the riskiness of an activity :D ZD Understanding the organizational goals is required to identify KRI jl:l A KRI is a metric showing the risk appetite probability for an organization jCI Key Risk Indicators Define risk for an ‘ objective ’ Identify the Possibility Identifying the Notifying on Rochandt looking of Adverse Effect Backward looking — R. adverse effect of an threshold levels of e PR end early warning event the risk the risk to identifyot a potential adverse event Copyright © byby I EC Ccl. All Rights Reserved. Reserved, Reproduction ReproductionIs Strictly Prohibited Key Risk Indicators (KRI) KRIs are essential components of an effective risk management process, and indicate the riskiness of an activity at an early stage. An understanding of organizational goals is required to properly identify KRIs. It is a metric that can indicate the risk appetite probability of an organization. KRIs are the most important indicators of an organization’s overall health, helping reduce loss and prevent risk exposure. Risk exposure is prevented by measuring the risk profiles and risk situations in advance before the risk event occurs. Role of KRIs =* Identify current risk exposure |dentify and emerging risk trends in order to provide an early warning and proactive action * Event impact identification =* Threshold level notifications = Backward looking view on risk events, enabling learning lessons from the past events = Highlight weaknesses of the existing controls and allow strengthening of poor controls = Facilitate the risk-reporting and escalation process =* Provide an indication that the risk appetite and tolerance are reached = Provide real-time actionable intelligence to decision-makers and risk managers Features of Effective KRIs = Quantifiable Metrics: Should be measurable (number, count, or percentage) *= Predictable: Should provide early warning signals Module 22 Page 2341 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Risk Management = Comparable: Should be able to track over a period of time = Informational: Should measure the status of the risk and control KRIs should accurately measure and reflect any negative impact on an organization’s key performance indicators (KPI). KPI is a metric that assesses the progress of an organization toward its goals, and provides leading indicator information about emerging risks from external events that impact the demand for an organization’s products or services. KRIs represent key ratios that an organization tracks as indicators of evolving risks and potential opportunities, and guide an organization’s responses. KRIs should be reported regularly; proper escalation methods and plans enable timely reporting to the management. KRIs have different escalation levels. Management identifies the KRIs to execute its strategic initiatives by mapping risks. An effective method for developing KRIs is to first identify risk events that could impact an organization’s financial status, and then find the intermediate and root cause for the risk event. The indicator assists management with responding to the risk event in advance. Module 22 Page 2342 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Risk Management Types of Risks Risks from Internal Sources Risks from Legacy Systems z I Internal risks emerge within the organizational A legacy system with unpatched data and outdated I I network during normal business operations, which security measures can allow attackers to gain access can include accidental, technical, or physical asset to the middleware, applications, and databases that failures or deliberate human actions are running on the compromised server platform Risks from External Sources.. Multi-Party Risks N... —— 1) These tema st may ncuce ntura bk o el bl '\“". External risks arise from outside an organization... _— R (L_}J /’ These external threats may include natural @.srihn'msu::l::ec;furs‘ls‘f ::1: d:gigsi:fivi;:ggi"'ztz:'::san “ disasters, man-made threats, and unexpected ¥;y; they v vY i Py. " roviders used by organizations for particular services issues such as fire outbreaks P Y oreorg bP Intellectual Property Theft Software Compliance Risks Organizations often encounter risks from various Software noncompliance risks may arise from sources that include malicious entities in the illegitimate copying of the software, misuse of environment, competitors, illegitimate copiers, and license, or failure to comprehend the newly third parties granted/changed policy terms of the software Copyright © by EC tll. All cll. Al Rights Rights Reserved, Reproduction Reproduction is Strictly Prohibited Prohibited. Types of Risks Risk is the likelihood of the occurrence of an event that can adversely impact the systems or processes running in an organization. A risk is defined as a significant damage or loss due to exposure to vulnerabilities or misuse of technology and technical assets. These risks can be extended beyond the damage and destruction of data; they can cause significant loss in business and damage the reputation. The types of risks may vary for each organization. Various types of risks are discussed below: Risks from Internal Sources Internal risks emerge within the organizational network during normal business operations, which can include accidental, technical, or physical asset failure or deliberate human actions. They can be predicted in advance and mitigated by taking necessary actions. However, it is difficult to identify these risks occasionally, especially when they are caused by disgruntled employees; in such cases, it is mandatory to verify whether aa risk is caused by malicious intention or accidental outbreak. An employee of an organization can be responsible for the breach of confidential organizational data, intentionally or unintentionally, depending on their internet usage. This encourages external attackers to penetrate the target system and cause more damage to the organizational data. Risks from External Sources External risks arise from outside an organization. These external threats may include natural disasters, man-made threats, and unexpected issues such as fire outbreaks. A malicious user or attacker who gains access to an organizational system or server by exploiting the existing vulnerabilities or bugs can perform attacks such as malware Module 22 Page 2343 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Risk Management injection from remote systems, manipulating the services, and stealing confidential information to disrupt operations, which can eventually lead to loss of productivity. Sometimes, attackers can also hide their presence on compromised systems for numerous days. In such cases, it becomes difficult for authorized users or organizations to identify their presence until the damage occurs. = Intellectual Property Theft Intellectual property theft is the process of stealing the idea of an organization or individual by an entity and promoting it as their property. Intellectual property is a type of property that is created by human intelligence and it is legally protected and owned by an organization or individual. These properties include business secrets, authorized signatures, copyrights, and patents. Organizations often face risks from various sources including malicious entities in the environment, competitors, illegitimate copiers, and third parties. Intellectual property theft in a smaller organization or start-ups can cause significant damage in terms of economy, business growth, and competitive withstand. To protect businesses and assets in the long term, product owners must have proper knowledge about the techniques implemented by intellectual property theft actors. = Risks from Legacy Systems A legacy system is a computing device or software running an outdated version. Because they do not receive any patches or updates, they can cause potential harm to the organizational network. These systems can be incompatible with the upgraded technology, lack security support, have high maintenance costs, and involve complicated modification and patching techniques. However, some legacy systems are still in use for specific purposes. Sometimes, installing critical updates on legacy systems may invite several risks because they can break the system functionalities. Although upgraded services and capabilities such as data integration and cloud computing are widely deployed in the market, most of the small and moderate businesses that use legacy systems do not have proper modern data disaster recovery, backup, and other security-related services. Such organizations might face various risks that can destroy their businesses. A legacy system with unpatched data and outdated security measures can also enable attackers to obtain access to the middleware, applications, and databases that run on the compromised server platform. = Multi-Party Risks This type of risk can damage several organizations simultaneously. They are usually caused by third-party providers that organizations rely on for particular services. If an event occurs at the provider end, it can impact the organizational business or risk the organizational data. To address these issues, multiparty computation or secure Module 22 Page 2344 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Risk Management multiparty computation can be employed, which is a cryptographic primitive that shares the computational process over the network of several parties and maintains data privacy by restricting one party to view the data related to other parties. It performs joint analysis on the data of an individual without exposing their data to other individuals. = Software Compliance Risks The word compliance in software defines a state of following the guidelines or standards while developing or installing an application or software. Organizations are provided with a publisher licensing contract or agreement when an application or software is deployed at their end. Software noncompliance risks may arise from the illegitimate copying of the software, inadequate asset management systems, misuse of license, inefficient software audits, failure to keep the contract record, over budgeting for server licensing, under budgeting for client licenses, and failure to comprehend the newly granted/changed policy terms of the software. Therefore, network administrators must be trained considering appropriate terms and conditions to install specific applications or software along with the legal risks associated with them. The risks associated with software compliances are discussed below: o Legal Risk: It represents non-compliance to the software license agreement and inability to meet the corporate standard requirements. o Operational Risk: It represents the inadequate and inappropriate usage of licenses that leads to poor business decision-making. o Financial Risk: It represents the over expenditure, inaccurate budgeting, and undisclosed liabilities on software licenses. Module 22 Page 2345 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Use Quizgecko on...
Browser
Browser