Risk Management for IT and Cybersecurity Managers
Title of the activity: Risk Management for IT and Cybersecurity Managers
Term of the activity: Spring 2023
Name of sponsoring organization: LinkedIn Learning
What I learned: I deepened by understanding of Risk Management’s importance in IT and Cybersecurity. A risk is the probability of a threat exploiting a vulnerability and it is the risk managers’ responsibility to assess these threats, vulnerabilities, and risks to decide whether or not the organization should mitigate, transfer, avoid or accept the risk. Likewise, there are risk controls that a company can use, such as Technical and Operational Controls, to enforce CIA requirements, confidentiality, and advanced security. Technical Controls include using firewalls, IDS, and IPS, and installing antivirus and endpoint security. While, Operational Controls include conducting ethical hacking or penetration tests and standard operating procedures (SOP). It is important that risk managers calculate and measure each risk response because there is always a possibility that the decision they make is wrong and harmful. Their errors can seriously damage the company’s reputation, credibility, profits, and customer loyalty costing a company millions of dollars to repair the damages. For example, Equifax spent up to $425 million as a result of the data breach that exposed 142-147 million consumers’ personal information in 2017.
How the activity relates to my coursework/career goals: Risk Management has always been an interesting topic to me because it affects all companies/industries and it is a serious job that can make or break an entire company. These risk control decisions can be more detrimental than beneficial even after calculating and measuring the risks if not corrected quickly. Therefore, those who go into Risk Management should be extremely attentive to detail, knowledgeable, detail-oriented, logical, persistent, and assertive to ensure that the best decisions are being made.