One of the most challenging aspects of achieving a state of cyber security is exercising prudent cyber risk management. This involves being able to understand the scale and nature of the cyber risks an organisation faces, and then assigning the appropriate budget to the relevant controls that will provide optimal cyber protection.
A cyber security risk assessment, conducted according to globally accepted standards, ensures that time and money are invested in the right areas, and eliminates any wasteful spending of resources where there is no need for it.
Those who undertake a cyber risk assessment for the first time will quickly find that, without a solid database management tool, it can be a cumbersome and very slow process.
Risk assessments involve input from numerous departments in order to include all potential risks and information assets that could potentially be exposed. In addition, it is crucial to apply a standardised approach to make sense of the reporting process. Furthermore, effective risk management requires that the risk data be updated frequently.
According to Gartner, the global cyber security spend was £40 billion last year. But the number of global data breaches is increasing by 20% year, while the cost of those breaches is increasing by 30%, according to HP2.
Implementing the right systems and people to detect and analyse suspicious activity can prove effective in preventing a breach or, at worst, help contain the after-effects of a breach.
vsRisk™ is a cyber security risk assessment tool that is straightforward, quick and easy to use – and can save you a significant amount of time, resources and money.
The tool can be used on a desktop computer or installed on a network server, and comes with an individual or multi-user licence. It allows risk assessors to conduct assessments of the cyber risks across the organisation, regionally or department-wide, following a simple framework with built-in, relevant threats, vulnerabilities and risks. vsRisk also includes three different control sets, based on international standards ISO27001:2005, ISO27001:2013 and ISO27032:2012, and comes with additional options, such as the ability to apply it to multiple information security management systems.
1 Source: SecureWorld Insight Survey 2013 http://www.net-security.org/secworld.php?id=16113
2Art Gilliland, HP GM enterprise security – http://www.smh.com.au/it-pro/security-it/billions-spent-on-cyber-security-and-much-of-it-wasted-20140403-zqprb.html