Abstract
In a highly volatile scenario such as the current one, current cyber risk management practices, based on standards and best practices, begin to lose ground in their effectiveness, given that their scope and proposals are restricted to known and certain scenarios, while the concrete reality of the company is configured in a new abnormality, in uncertain and unknown conditions, which increases tensions in its supply chain, generates instability in geopolitical conditions, warns of disruption with the incorporation of new technologies and implies new conditions to ensure regulatory compliance required by regulators. In this sense, this paper introduces a conceptual and practical model of cyber risk management called RAFA (Resilience, Antifragility, Flexibility and Anticipation) that allows developing a vigilant and active position of organizations as a way to propose alternatives to mobilize the efforts of the organization before the inevitability of failure, making it more resistant to attacks, creating incomplete maps of the reality and challenges of adversaries, and ways to move forward even before the materialization of adverse events.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Sieber S, Zamora J (2018) The cybersecurity challenge in a high digital density world. Eur Bus Rev. https://www.europeanbusinessreview.com/the-cybersecurity-challenge-in-a-high-digital-density-world/
Sheffi Y (2020) The new (ab)normal. Reshaping business and supply chain strategy beyond Covid-19. MIT CTL Media, Cambridge, MA, USA
Spitz R (2022) The definitive guide to thriving on disruption. Essential frameworks for disruption and uncertainty, vol 2. Disruptive Future Institute LLC, USA
Cascio J (2020) Facing the age of chaos. Medium. https://medium.com/@cascio/facing-the-age-of-chaos-b00687b1f51d
Colomina et al (2022) The world in 2023: ten issues that will set the international agenda. CIDOB Notes Internationals. No. 238. https://bit.ly/3YHt7uK
Prevezianou M (2021) Beyond ones and zeros: conceptualizing cyber crises. Risks Hazards Crisis Public Policy 12(1):51–72. https://doi.org/10.1002/rhc3.12204
Renn O (2020) New challenges for risk analysis: systemic risks. J Risk Res 24(1):127–133. https://doi.org/10.1080/13669877.2020.1779787
Renn O, Lucas K, Haas A, Jaeger C (2019) Things are different today: the challenge of global systemic risks. J Risk Res 22(4):401–415. https://doi.org/10.1080/13669877.2017.1409252
Ray A (2022) Liquid risks. The new challenges to global security. Kindle Direct Publishing, Tampa, Florida, USA
Zeijlemaker S (2022) Managing the dynamic nature of cyber security. A future-proof strategy, this is how it works. Netherlands. Disem Institute
Saydjari O (2018) Engineering trustworthy systems: get cybersecurity design right the first time. McGraw Hill, New York, USA
Zukis B, Ferrillo P, Veltos C (2022) The great reboot. Succeeding in a complex digital Word under attack from systemic risk, 2nd edn. DDN Press, USA
Cano J (2023) The illusion of control and the challenge of an adaptable digital enterprise. ISACA J 3. https://www.isaca.org/resources/isaca-journal/issues/2023/volume-3/the-illusion-of-control-and-the-challenge-of-an-adaptable-digital-enterprise
Luhmann N (1998) Complexity and modernity. From unity to difference. Trotta, Madrid, Spain
Brown S (1979) Laws of form. E.P. Dutton, New York, USA
Capra F (2003) The hidden connections: social, environmental, economic and biological implications of a new vision of the world. Anagrama, Barcelona, Spain
Perrow C (1999) Normal accidents. Living with High-Risk Technologies. Princeton University Press, Princeton, NJ. USA
Cano J (2021) Business cybersecurity. Reflections and challenges for 21st century executives. Bogotá, Colombia: Lemoine Editores
Mckinsey-IIF (2020) Cyber resilience survey. Cybersecurity posture of the financial services industry. https://www.iif.com/Portals/0/Files/content/cyber_resilience_survey_3.20.2020_print.pdf
Abraham C, Sims R, Gregorio T (2020) Develop your cyber resilience plan. Sloan Manage Rev. https://sloanreview.mit.edu/article/develop-your-cyber-resilience-plan/
Duane M, Brandenburg R, Gruber M (2018) When the going gets tough, the tough get going. Overcoming the cyber risk appetite challenge. Oliver Wyman. https://www.oliverwyman.com/our-expertise/insights/2018/apr/overcoming-the-cyber-risk-appetite-challenge.html
Institute of Risk Management IRM (n.d.) Risk appetite and tolerance. https://www.theirm.org/what-we-say/thought-leadership/risk-appetite-and-tolerance/
Institute of Risk Management-IRM (2011) Risk appetite and tolerance. Guidance paper. https://www.theirm.org/media/7239/64355_riskapp_a4_web.pdf
Australian Goverment–AG (2016) Defining risk appetite and tolerance. Department of Finance. https://www.finance.gov.au/sites/default/files/2019-11/comcover-information-sheet-defining-risk-appetite-and-tolerance.pdf
Lum R (2016) 4 Steps to the future: a quick and clean guide to create foresight. Vision Foresight Strategy, USA, Honolulu, HI
Lam J (2017) Implementing enterprise risk management: from methods to applications. John Wiley & Sons, Hoboken, NJ, USA
Lipton M, Rosenblum S, Cain K, Clark H (2022) Thoughts for boards: key issues in corporate governance for 2023. Harvard Law School Forum on Corporate Governance. https://corpgov.law.harvard.edu/2022/12/01/thoughts-for-boards-key-issues-in-corporate-governance-for-2023/
European Systemic Risk Board ESRB (2020) Systemic cyber risk. https://www.esrb.europa.eu/pub/pdf/reports/esrb.report200219_systemiccyberrisk~101a09685e.en.pdf
Boehm J, Kaplan J, Sportman N (2020) Cybersecurity’s dual mission during the corona virus crisis. Mckinsey Insights. https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/cybersecuritys-dual-mission-during-the-coronavirus-crisis
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Cano M, J.J. (2024). RAFA Model. Rethinking Cyber Risk Management in Organizations. In: Jahankhani, H. (eds) Cybersecurity Challenges in the Age of AI, Space Communications and Cyborgs. ICGS3 2023. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-47594-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-031-47594-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47593-1
Online ISBN: 978-3-031-47594-8
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)