IT Security: A Literature Review of Cyber Risk Management & Control

Verified

Added on 2023/04/24

AI Summary

This literature review provides an overview of cyber risk management and control strategies in the context of IT security. It begins by defining cyber risks, including common types like malware, phishing, and DDoS attacks. The review then discusses the importance of risk management and control programs for minimizing and monitoring these risks. It outlines the five key steps of a risk management program: identification, analysis and prioritization, evaluation, tracking and reporting, control and treatment, and monitoring. The review emphasizes the significance of establishing internal and external risk contexts, selecting appropriate risk management frameworks, and implementing cybersecurity measures such as antivirus software and firewalls. The paper concludes by referencing several works that contribute to the understanding of cyber risk management.

Running head: RISK MANAGEMENT/ RISK CONTROL
Risk Management/ Risk Control
Name of the Student
Name of the University
Author’s Note:

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

1
RISK MANAGEMENT/ RISK CONTROL
Table of Contents
Introduction................................................................................................................................2
Literature Review.......................................................................................................................2
Cyber Risks............................................................................................................................2
Risk Management or Risk Control for Cyber Risks..............................................................3
References..................................................................................................................................5
Bibliography...............................................................................................................................6

2
RISK MANAGEMENT/ RISK CONTROL
Introduction
Cyber attacks have extremely common in present cyber world. These attacks can be
referred to as malicious and deliberate attempts by any individual and organization to
eventually breach an information system of any other organization or individual (Von Solms
and Van Niekerk 2013). The most common types of cyber risks are botnets, hacking, ransom
ware, phishing, malware, DDoS or distributed denial of service attacks, man in the middle
attacks, pharming, spamming, spoofing, spyware and many more. Cyber risk assessment is
stated as the proper identification, evaluation and analysis of several cyber threats. The entire
IT infrastructure of any organization is being analysed for successful identification of every
possible vulnerability for technology, processes and people and also threats in various
systems.
After a successful assessment of cyber risks, risk management and control program is
required. This type of program prioritizes the assessed risks in respect to their occurrence
likelihood. With the help of a successful risk management, the cyber risks could be easily
minimized and monitored and hence the impact of such unfortunate events is being controlled
(Wang and Lu 2013). The following literature review outlines a brief discussion on cyber risk
management and control. Proper details would be provided regarding cyber risks and process
of managing them with a specific risk management plan.
Literature Review
Cyber Risks
According to Hahn et al. 2013, cyber risk is the possibility of a malicious attempt for
damaging or disrupting a system or computer network. It is a malignant and destructive
activity that tries to access network via data communication pathway without authorization
from owners. These types of risks can either be deliberate or unintentional. Malware and

3
RISK MANAGEMENT/ RISK CONTROL
phishing are termed as the most common forms of cyber risk and these are used for extracting
sensitive data or information of the victim (Cherdantseva et al. 2016). The man objectives of
cyber risk include gaining authority, control, profit, reprisal and exploitation.
Risk Management or Risk Control for Cyber Risks
Dandurand and Serrano 2013 stated that, although, cyber risks are extremely
vulnerable and could become major threats to the information systems and organizational
resources, they could be managed or control with the help of a proper risk management or
risk control program. IT governance of an organization is responsible for dealing with the
data breaches, disruption of operations, reputational damages and financial losses that are
being caused by the failure of technological processes and systems.
The five steps of a proper risk management program are as follows:
i) Identification: The first and the foremost step of risk management program is to
identify the cyber risks and threats (Ben-Asher and Gonzalez 2015). This is also the first step
of cyber risk assessment that allows the risk assessor to know about various risks prevailing
in the information system.
ii) Analysis and Prioritisation: The second step of this program is to analyse and then
prioritize the identified risks. It is an extremely important and significant step since risk
prioritization helps the risk assessor to learn about the impacts of those risks.
iii) Evaluation: After prioritization, it is required to evaluate these risks for
understanding their impacts.
iv) Tracking and Reporting: The fourth step is to track and report the cyber risks so
that proper measures could be undertaken (Dandurand and Serrano 2013).

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

4
RISK MANAGEMENT/ RISK CONTROL
v) Control and Treatment: As soon as the risks are tracked, they can be controlled by
implementation of various mitigation strategies.
vi) Monitoring: The final step is to monitor them for successful utilization of
information systems and resources in future.
As per Von Solms and Van Niekerk 2013, a proper establishment of internal and
external risk contexts and selection of risk management framework is extremely important for
managing cyber risks in any organization or individual systems. Moreover, risk monitoring
and review process are also effective for risk management. Implementation of cyber security
measures like antivirus software, firewalls and encryption are also considered as significant
for cyber risks.

5
RISK MANAGEMENT/ RISK CONTROL
References
Ben-Asher, N. and Gonzalez, C., 2015. Effects of cyber security knowledge on attack
detection. Computers in Human Behavior, 48, pp.51-61.
Cherdantseva, Y., Burnap, P., Blyth, A., Eden, P., Jones, K., Soulsby, H. and Stoddart, K.,
2016. A review of cyber security risk assessment methods for SCADA systems. Computers
& security, 56, pp.1-27.
Dandurand, L. and Serrano, O.S., 2013, June. Towards improved cyber security information
sharing. In 2013 5th International Conference on Cyber Conflict (CYCON 2013)(pp. 1-16).
IEEE.
Hahn, A., Ashok, A., Sridhar, S. and Govindarasu, M., 2013. Cyber-physical security
testbeds: Architecture, application, and evaluation for smart grid. IEEE Transactions on
Smart Grid, 4(2), pp.847-855.
Von Solms, R. and Van Niekerk, J., 2013. From information security to cyber
security. computers & security, 38, pp.97-102.
Wang, W. and Lu, Z., 2013. Cyber security in the smart grid: Survey and
challenges. Computer Networks, 57(5), pp.1344-1371.

6
RISK MANAGEMENT/ RISK CONTROL
Bibliography
Habash, R.W., Groza, V. and Burr, K., 2013. Risk management framework for the power grid
cyber-physical security. British journal of applied science & technology, 3(4), p.1070.
Henrie, M., 2013. Cyber security risk management in the SCADA critical infrastructure
environment. Engineering Management Journal, 25(2), pp.38-45.
Kosub, T., 2015. Components and challenges of integrated cyber risk
management. Zeitschrift für die gesamte Versicherungswissenschaft, 104(5), pp.615-634.
Wallner, J., 2014. Cyber Risk Management. Wiley StatsRef: Statistics Reference Online.