Abstract
Risk Management is an important security measure that organizations take to protect current assets. Since hackers are always looking for new and more practical methods to obtain access to you or your company’s most sensitive data, the practice of risk management is perpetual and evolving. The process of developing a risk management strategy occurs in a four-step process: identifying risks, assessing the danger, prioritizing the risk, and appropriately addressing the risk. It is important to note that each of these steps in the four-step process occurs independently of one another, but it is not impossible for any of these steps to coincide with one another. For example, it is possible for a company to assess the danger of a potential risk while also prioritizing the risk in a situation. This is seen in situations in which companies must protect themselves against threats such as viruses (where the risk is known), forcing organizations to prioritize the risk so that they can protect against potential risks associated with the organization.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kim, D., Solomon, M. (2018). Fundamentals of information systems security. Information systems security & assurance series. https://online.vitalsource.com/#/books/9781284128567/cfi/6/26!/4/2/6/2/32/6/2@0:56.5.
Jararweh, Y., Al-Sharqawi. O., Abdulla, N., Lo’ai, T., & Mohammad, A. (2014). High-throughput encryption for cloud computing storage system. International Journal of Cloud Applications and Computing (IJCAC), 4(2), 1–14.
Agrafiotis, I., Eggenschwiler, J., Nurse, J. R. C. (2016). Insider threat response and recovery strategies in financial services firms. Computer Fraud & Security, 2016(11), 12–19. https://doi.org/10.1016/S1361-3723(16)30091-4.
Schultz, E. E. (2002) A framework for understanding and predicting insider attacks. Computers & Security, 21(6), 526–531. https://www.sciencedirect.com/science/article/pii/S016740480201009.
Al-Haija, Q. A. (2019). Autoregressive modeling and prediction of annual worldwide cybercrimes for cloud environments. In 2019 10th International Conference on Information and Communication Systems (ICICS) (pp. 47–51). IEEE.
Verizon (2017) Data breach digest: Perspective is reality. https://enterprise.verizon.com/resources/reports/data-breach-digest-2017-perspective-is-reality.pdf.
Ambre, A., Narendra, S. (2015). Insider threat detection using log analysis and event correlation. https://doi.org/10.1016/j.procs.2015.03.175.
Verizon (2019) Data breach investigations report. https://enterprise.verizon.com/resources/reports/dbir/.
Sarkar, K. R. (2010). Assessing insider threats to information security using technical, behavioural and organizational measures. Information Security Technical Report, 15(2010), 112–133. https://doi.org/10.1016/j.istr.2010.11.002.
Miller, D. (2011). Security information and event management (SIEM) implementation. McGraw-Hill.
Maher, D. (2017) Can artificial intelligence help in the war on cybercrime? Computer Fraud & Security 2017(8), 7–9. https://doi.org/10.1016/S1361-3723(17)30069-6.
Shashanka, M., Shen, M.-Y., Wang, J. (2016). User and entity behavior analytics for enterprise security. In 2016 IEEE International Conference on Big Data (Big Data) (pp. 1867–1874). IEEE.
Mayhew, M., Atighetchi, M., Adler, A., & Greenstadt, R. (2015). Use of machine learning in big data analytics for insider threat detection. In MILCOM 2015–2015 IEEE Military Communications Conference (pp. 915–922). IEEE.
Härle, P., Havas, A., Kremer, A., Rona, D., & Samandari, H. (2016). The future of bank risk management. McKinsey & Company.
Möckel, C., & Abdallah, A. E. (2010). Threat modeling approaches and tools for securing architectural designs of an e-banking application. In 2010 Sixth International Conference on Information Assurance and Security, (pp. 149–154). IEEE.
Harris, E., & Younggren, J. N. (2011). Risk management in the digital world. Professional Psychology: Research and Practice, 42(6), 412.
Lo’ai, A. T., & Saldamli, G. (2019). Reconsidering big data security and privacy in cloud and mobile cloud systems. Journal of King Saud University-Computer and Information Sciences.
Spooner, D., Silowash, G., Costa, D., & Albrethsen, M. (2018). Navigating the insider threat tool landscape: Low cost technical solutions to jump start an insider threat program 2018 IEEE security and privacy workshops (SPW) (pp. 247–257). San Francisco, CA. https://ieeexplore.ieee.org/abstract/document/8424656.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2020 The Editor(s) (if applicable) and The Author(s), under exclusive license to Springer Nature Switzerland AG
About this chapter
Cite this chapter
Tawalbeh, L. (2020). Risk Management. In: The NICE Cyber Security Framework. Springer, Cham. https://doi.org/10.1007/978-3-030-41987-5_6
Download citation
DOI: https://doi.org/10.1007/978-3-030-41987-5_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-41986-8
Online ISBN: 978-3-030-41987-5
eBook Packages: EngineeringEngineering (R0)