1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

6/14/2017

0 Comments

7 Steps to Prioritize Cyber Security Threats & Threat Remediation

 
cyber security threats

7 Steps to Prioritize Cyber Security Threats

​Today’s businesses are under constant threat of cyber attacks. The recent WannaCry ransomware attack, which affected major businesses and institutions around the world, showed the importance of prioritizing cyber security threat remediation.     
 
Here are 7 steps on how to prioritize cyber security threat remediation within your organization:
Cyber security threat detection and remediation process

Step 1. Involve Business Stakeholders in the Process

​Cyber security threat remediation is often left to the “IT people”. Business stakeholders, which include those in the senior management positions and those possessing unique perspectives, experiences and skills that IT may not possess, are invaluable in prioritizing cyber security threat remediation.
 
A survey conducted by Info-Tech Research Group showed that organizations that were able to engage business stakeholders in cyber threat identification were 79% more successful in identifying all threats compared to organizations where business stakeholders’ participation was minimal. Another Info-Tech survey found that 97% of organizations that involved business stakeholders in the cyber risk assessment process reported success.
 
It’s beneficial to involve business stakeholders as they can put forward perspectives that IT departments may have overlooked, and they can bolster IT’s knowledge regarding particular risks and their overall effect on the organization.

Step 2: Identify Cyber Security Threats

In identifying cyber security threats, determine the threat categories, threat scenarios and threat events.

Threat Categories

​Threat categories are advanced groupings that label threats relating to major IT functions. The following are some of the identified categories:
  1. Operations risks
  2. Hardware risks
  3. Software risks
  4. Project risks
  5. Personnel risks
  6. Data risks
  7. Vendor risks
  8. Disaster & business continuity risks
  9. Compliance & security risks
Cyber security risk categories

Threat Scenarios

​After identifying the threat categories, identify the threat scenarios or common situations for each category. For instance, in the data risk category, threat scenarios could be data theft, data integrity, data confidentiality and data availability.

Threat Events

​Threat events refer to specific vulnerabilities under a particular threat scenario. An example of threat event under data integrity includes data recovery/loss within system.

Step 3: Determine the Threshold for Acceptable and Unacceptable Risk

​Establish a threshold that sets what comprises as an acceptable and unacceptable risk for the organization. This threshold should be in a concrete dollar value, and should be based on the ability of the organization to absorb financial losses and its tolerance towards risk. For instance, an organization's threshold could be $100,000. A cyber threat costing below $100,000 is acceptable, while above $100,000 is an unacceptable threat.

Step 4: Create a Financial Impact Assessment Scale

Cyber threat has a corresponding financial consequence. It’s difficult for senior management to make intelligent decisions about cyber security threats if they don’t know what their financial impact will be. For each identified threat event, it’s critical to create a scale to assess the financial impact. Typically, financial risk impacts are assessed on a scale of 1 to 5 or low to extreme. Make sure that that the unacceptable risk threshold is reflected in the scale. Let’s say,  
  • Financial loss of $10K to $34K falls under Scale 1 (Negligible)
  • Financial loss of $35K to $59K falls under Scale 2 (Low)
  • Financial loss of $60K to $99K falls under Scale 3 (Moderate)
  • Financial loss of $100K (this being the threshold) to $249K falls under Scale 4 (High)
  • Financial loss of $250K falls under Scale 5 (Extreme)
 
In the financial impact assessment, include project overruns and service outages. For instance, a cyber security project that runs for 20 days, with 8 employees, average cost of $300 per day and a total estimated cost of $48,000, falls under the low impact scale. Another example is a service outage that runs for 4 hours, with $10K loss of revenue per hour and an estimated cost of $40,000, falls under the low impact scale. 

Step 5: Create a Probability Scale

For every threat event, create a scale to assess the probability that the event will happen over a given period of time. Make sure that the probability scale has the same number of levels as the financial impact scale. Let’s say,
  • 1 to 19% probability falls under Scale 1 (Negligible)
  • 20 to 39% probability falls under Scale 2 (Low)
  • 40 to 59% probability falls under Scale 3 (Moderate)
  • 60 to 79% probability falls under Scale 4 (High)
  • 80 to 99% probability falls under Scale 5 (Extreme) 

Step 6: Threat Severity Level Assessment

​For all threat events, assess the severity level. To calculate the severity level of each threat event, multiply the financial impact cost with the probability of occurrence. A threat event with a probable financial impact cost of $250K or "high" multiplied with the probability of occurrence which is 10% or "low" generates a $25K or "medium" threat severity level.

Step 7: Determine the Proximity of the Threat Event

​Over a period of time, the financial impact and probability of occurrence of a threat event often fluctuate. The relationship between threat severity and time is called threat proximity. These fluctuations are every so often unpredictable. Some threat events are, however, predictable. The risk severity of losing key personnel is constant. The risk severity of data breach leading up to new product launch is confined at a particular point in time. The risk of severity of project overrun after staff layoffs either increases or decreases after a particular point in time.
 
In determining the proximity of the risk event, focus on “high” and “extreme” threats. Describe the proximity of these high and extreme threats. For instance, for a particular threat event, the threat proximity can be described in this way: “The probability of this threat event will fall when the new budget for the IT department is released.”
 
So what’s the difference between threat severity and threat proximity? The threat proximity description notifies senior management about the urgency of a cyber threat event and the importance of timely implementation of risk responses, while threat severity notifies senior management about the relative importance of each threat event.

Cyber Security Threat Remediation Equals Cost Effectiveness

Threat identification and prioritizing these threats demand time and money. But the time and money spent on these security risk management tasks can mean the difference between staying on budget and spending too much. 

When your organization needs help with assessing and prioritizing cyber security threats, give us a call and we will be happy to help.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit