A Systematic Approach for Cybersecurity Risk Management
In the last few years, the concern over cybersecurity has grown dramatically. With all the existing, and sometimes competing, guidelines and frameworks intended to inform cyber risk strategies, organizations face the problem of deciding which is right for them. To resolve the confusion, this researc...
Main Author: | |
---|---|
Other Authors: | |
Format: | Thesis |
Published: |
Massachusetts Institute of Technology
2022
|
Online Access: | https://hdl.handle.net/1721.1/139995 https://orcid.org/0000-0001-7708-3746 |
Summary: | In the last few years, the concern over cybersecurity has grown dramatically. With all the existing, and sometimes competing, guidelines and frameworks intended to inform cyber risk strategies, organizations face the problem of deciding which is right for them. To resolve the confusion, this research proposes a practical and effective model that can be used by organizations of any size or in any industry for cyber risk management. We propose a Cyber Risk Cube (CRC) tool designed to be practical for all parts of an organization, which examines three fundamental pairings for looking at cyber risk: Internal/External, Measurement/Management, and Qualitative/Quantitative. The CRC tool can be used as a common language for sharing ideas and solutions to cyber risk management. Ultimately, the CRC provides details for implementing solutions to managing cyber risks in a concise and standardized manner. |
---|