3 Ways to Operationalize Cyber-Risk Management

Cybersecurity attacks, network intrusions and data breaches are inevitable. But while investment in innovative technologies can certainly assist organizations in detecting and preventing security incidents, technology alone is not the answer.

Simply put, there is no silver bullet for addressing cyber threats. Successful cyber-risk management focuses on the education, training and awareness of employees, the development of policies that prioritize and address risk and the use of technologies that support organizational policies as implemented by people.

Addressing cybersecurity risk is a dynamic and perpetual process. The National Institute of Standards and Technology (NIST) Cybersecurity Framework, which was developed primarily from industry input to help organizations manage cyber risk, is an invaluable tool for identifying how an organization currently manages cyber risk, whether there are gaps in its current program and how it can improve upon its risk management practices.

“There is no silver bullet for addressing cyber threats.”

Here are three additional activities to help organizations operationalize their cyber-risk management strategies.

1. Avoid legal and IT/security silos. Collaboration between a company’s legal and IT/security departments is essential. Legal personnel must understand the cyber-related regulatory requirements applicable to their organizations, as well as their role in cybersecurity preparedness and incident response. Likewise, IT and security practitioners must be aware of the legal issues and potential ramifications of cyber events, such as network intrusions and data breaches. They must prioritize and work within the framework for attorney-client privilege and work product protection. Communication between these two groups must therefore be bidirectional. The NIST Cybersecurity Framework can be useful for creating a common language within the enterprise on cyber risk.

2. Prioritize cyber risk in vendor negotiations. Service providers and third-party IT/security products can pose significant security vulnerabilities if not appropriately managed. Executives must understand that high-profile breaches have occurred because of issues such as stolen vendor credentials and poorly secured vendor remote access. Organizations must therefore be sure to conduct thorough vendor due diligence, require service providers to comply with specified security requirements and include counsel and security personnel in negotiations. Supply chain vulnerabilities can pose the greatest risk to a company’s security.

3. Understand you will be attacked … and be prepared. Although cyber attacks are inevitable, organizations can develop and implement effective response strategies by managing and containing the incident and ensuring operations are resumed as quickly as possible. It is essential to develop and implement incident response plans and regularly test these plans to ensure they are effective and that personnel involved understand their roles and responsibilities.

Organizations must ensure their response plans are agile, flexible and focused on the current threat landscape. They should report test results to senior management and the board to ensure these executives understand the organization’s level of preparedness for a cyber-event and to ensure the lessons learned from the exercise are incorporated into the enterprise’s incident response plans.

Companies must undertake a comprehensive effort to make cybersecurity an integral part of their cultures and develop cyber-risk management strategies that evolve with changing threats. These strategies include identifying risks and implementing measures that fit with the corporate culture and align with the organization’s priorities.

Although there is no single measure that can prevent cyber attacks, implementing the activities described above will better ensure that your organization has the necessary tools in place to respond to such attacks and mitigate the resulting damage to your organization.


Kimberly (Kim) Kiefer Peretti is a partner in Alston & Bird’s Litigation & Trial Practice Group and co-chair of its Cybersecurity Preparedness and Response Team. Peretti is a former director of PricewaterhouseCoopers’ cyber forensic service practice and a former senior litigator for the Department of Justice’s Computer Crime and Intellectual Property Section. She focuses her practice on managing complex, technical electronic investigations and responses, often resulting from cyber intrusions and data breaches.

Jason R. Wool is an associate in Alston & Bird’s Technology and Privacy Group and Cybersecurity Preparedness and Response Team. His practice focuses on cybersecurity, privacy and critical infrastructure protection, and he provides advice on a range of cybersecurity topics, including compliance with cybersecurity standards, managing cyber risk, cybersecurity governance and responding to security incidents. He participated in all six National Institute of Standards and Technology workshops on the development of the Cybersecurity Framework.

Kiersten Todt is the President and Managing Partner of Liberty Group Ventures, LLC, a cyber risk and crisis management consulting firm in Arlington, Virginia.  She has served in senior positions in the private sector, as well as in the White House and in the U.S. Senate, where she was a primary drafter of the legislation that created the Department of Homeland Security.

Roger Cressey is a Partner with Liberty Group Ventures, LLC.  He most recently served as a Senior Vice President at Booz Allen Hamilton, supporting the firm’s cyber security practice.   He has served in senior cyber security and counterterrorism positions in the Clinton and Bush Administrations, including Chief of Staff of the President’s Critical Infrastructure Protection Board and Deputy for Counterterrorism on the National Security Council staff.  


MORE LIKE THIS

  • Get the CEO Briefing

    Sign up today to get weekly access to the latest issues affecting CEOs in every industry
  • upcoming events

    Roundtable

    Strategic Planning Workshop

    1:00 - 5:00 pm

    Over 70% of Executives Surveyed Agree: Many Strategic Planning Efforts Lack Systematic Approach Tips for Enhancing Your Strategic Planning Process

    Executives expressed frustration with their current strategic planning process. Issues include:

    1. Lack of systematic approach (70%)
    2. Laundry lists without prioritization (68%)
    3. Decisions based on personalities rather than facts and information (65%)

     

    Steve Rutan and Denise Harrison have put together an afternoon workshop that will provide the tools you need to address these concerns.  They have worked with hundreds of executives to develop a systematic approach that will enable your team to make better decisions during strategic planning.  Steve and Denise will walk you through exercises for prioritizing your lists and steps that will reset and reinvigorate your process.  This will be a hands-on workshop that will enable you to think about your business as you use the tools that are being presented.  If you are ready for a Strategic Planning tune-up, select this workshop in your registration form.  The additional fee of $695 will be added to your total.

    To sign up, select this option in your registration form. Additional fee of $695 will be added to your total.

    New York, NY: ​​​Chief Executive's Corporate Citizenship Awards 2017

    Women in Leadership Seminar and Peer Discussion

    2:00 - 5:00 pm

    Female leaders face the same issues all leaders do, but they often face additional challenges too. In this peer session, we will facilitate a discussion of best practices and how to overcome common barriers to help women leaders be more effective within and outside their organizations. 

    Limited space available.

    To sign up, select this option in your registration form. Additional fee of $495 will be added to your total.

    Golf Outing

    10:30 - 5:00 pm
    General’s Retreat at Hermitage Golf Course
    Sponsored by UBS

    General’s Retreat, built in 1986 with architect Gary Roger Baird, has been voted the “Best Golf Course in Nashville” and is a “must play” when visiting the Nashville, Tennessee area. With the beautiful setting along the Cumberland River, golfers of all capabilities will thoroughly enjoy the golf, scenery and hospitality.

    The golf outing fee includes transportation to and from the hotel, greens/cart fees, use of practice facilities, and boxed lunch. The bus will leave the hotel at 10:30 am for a noon shotgun start and return to the hotel after the cocktail reception following the completion of the round.

    To sign up, select this option in your registration form. Additional fee of $295 will be added to your total.