Skip to main content
SpringerLink
Log in

RAFA Model. Rethinking Cyber Risk Management in Organizations

  • Conference paper
  • First Online:
Cybersecurity Challenges in the Age of AI, Space Communications and Cyborgs (ICGS3 2023)

  • 138 Accesses

Abstract

In a highly volatile scenario such as the current one, current cyber risk management practices, based on standards and best practices, begin to lose ground in their effectiveness, given that their scope and proposals are restricted to known and certain scenarios, while the concrete reality of the company is configured in a new abnormality, in uncertain and unknown conditions, which increases tensions in its supply chain, generates instability in geopolitical conditions, warns of disruption with the incorporation of new technologies and implies new conditions to ensure regulatory compliance required by regulators. In this sense, this paper introduces a conceptual and practical model of cyber risk management called RAFA (Resilience, Antifragility, Flexibility and Anticipation) that allows developing a vigilant and active position of organizations as a way to propose alternatives to mobilize the efforts of the organization before the inevitability of failure, making it more resistant to attacks, creating incomplete maps of the reality and challenges of adversaries, and ways to move forward even before the materialization of adverse events.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 129.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Hardcover Book
USD 169.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Sieber S, Zamora J (2018) The cybersecurity challenge in a high digital density world. Eur Bus Rev. https://www.europeanbusinessreview.com/the-cybersecurity-challenge-in-a-high-digital-density-world/

  2. Sheffi Y (2020) The new (ab)normal. Reshaping business and supply chain strategy beyond Covid-19. MIT CTL Media, Cambridge, MA, USA

    Google Scholar 

  3. Spitz R (2022) The definitive guide to thriving on disruption. Essential frameworks for disruption and uncertainty, vol 2. Disruptive Future Institute LLC, USA

    Google Scholar 

  4. Cascio J (2020) Facing the age of chaos. Medium. https://medium.com/@cascio/facing-the-age-of-chaos-b00687b1f51d

  5. Colomina et al (2022) The world in 2023: ten issues that will set the international agenda. CIDOB Notes Internationals. No. 238. https://bit.ly/3YHt7uK

  6. Prevezianou M (2021) Beyond ones and zeros: conceptualizing cyber crises. Risks Hazards Crisis Public Policy 12(1):51–72. https://doi.org/10.1002/rhc3.12204

    Article  Google Scholar 

  7. Renn O (2020) New challenges for risk analysis: systemic risks. J Risk Res 24(1):127–133. https://doi.org/10.1080/13669877.2020.1779787

    Article  Google Scholar 

  8. Renn O, Lucas K, Haas A, Jaeger C (2019) Things are different today: the challenge of global systemic risks. J Risk Res 22(4):401–415. https://doi.org/10.1080/13669877.2017.1409252

    Article  Google Scholar 

  9. Ray A (2022) Liquid risks. The new challenges to global security. Kindle Direct Publishing, Tampa, Florida, USA

    Google Scholar 

  10. Zeijlemaker S (2022) Managing the dynamic nature of cyber security. A future-proof strategy, this is how it works. Netherlands. Disem Institute

    Google Scholar 

  11. Saydjari O (2018) Engineering trustworthy systems: get cybersecurity design right the first time. McGraw Hill, New York, USA

    Google Scholar 

  12. Zukis B, Ferrillo P, Veltos C (2022) The great reboot. Succeeding in a complex digital Word under attack from systemic risk, 2nd edn. DDN Press, USA

    Google Scholar 

  13. Cano J (2023) The illusion of control and the challenge of an adaptable digital enterprise. ISACA J 3. https://www.isaca.org/resources/isaca-journal/issues/2023/volume-3/the-illusion-of-control-and-the-challenge-of-an-adaptable-digital-enterprise

  14. Luhmann N (1998) Complexity and modernity. From unity to difference. Trotta, Madrid, Spain

    Google Scholar 

  15. Brown S (1979) Laws of form. E.P. Dutton, New York, USA

    Google Scholar 

  16. Capra F (2003) The hidden connections: social, environmental, economic and biological implications of a new vision of the world. Anagrama, Barcelona, Spain

    Google Scholar 

  17. Perrow C (1999) Normal accidents. Living with High-Risk Technologies. Princeton University Press, Princeton, NJ. USA

    Google Scholar 

  18. Cano J (2021) Business cybersecurity. Reflections and challenges for 21st century executives. Bogotá, Colombia: Lemoine Editores

    Google Scholar 

  19. Mckinsey-IIF (2020) Cyber resilience survey. Cybersecurity posture of the financial services industry. https://www.iif.com/Portals/0/Files/content/cyber_resilience_survey_3.20.2020_print.pdf

  20. Abraham C, Sims R, Gregorio T (2020) Develop your cyber resilience plan. Sloan Manage Rev. https://sloanreview.mit.edu/article/develop-your-cyber-resilience-plan/

  21. Duane M, Brandenburg R, Gruber M (2018) When the going gets tough, the tough get going. Overcoming the cyber risk appetite challenge. Oliver Wyman. https://www.oliverwyman.com/our-expertise/insights/2018/apr/overcoming-the-cyber-risk-appetite-challenge.html

  22. Institute of Risk Management IRM (n.d.) Risk appetite and tolerance. https://www.theirm.org/what-we-say/thought-leadership/risk-appetite-and-tolerance/

  23. Institute of Risk Management-IRM (2011) Risk appetite and tolerance. Guidance paper. https://www.theirm.org/media/7239/64355_riskapp_a4_web.pdf

  24. Australian Goverment–AG (2016) Defining risk appetite and tolerance. Department of Finance. https://www.finance.gov.au/sites/default/files/2019-11/comcover-information-sheet-defining-risk-appetite-and-tolerance.pdf

  25. Lum R (2016) 4 Steps to the future: a quick and clean guide to create foresight. Vision Foresight Strategy, USA, Honolulu, HI

    Google Scholar 

  26. Lam J (2017) Implementing enterprise risk management: from methods to applications. John Wiley & Sons, Hoboken, NJ, USA

    Google Scholar 

  27. Lipton M, Rosenblum S, Cain K, Clark H (2022) Thoughts for boards: key issues in corporate governance for 2023. Harvard Law School Forum on Corporate Governance. https://corpgov.law.harvard.edu/2022/12/01/thoughts-for-boards-key-issues-in-corporate-governance-for-2023/

  28. European Systemic Risk Board ESRB (2020) Systemic cyber risk. https://www.esrb.europa.eu/pub/pdf/reports/esrb.report200219_systemiccyberrisk~101a09685e.en.pdf

  29. Boehm J, Kaplan J, Sportman N (2020) Cybersecurity’s dual mission during the corona virus crisis. Mckinsey Insights. https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/cybersecuritys-dual-mission-during-the-coronavirus-crisis

Download references

Author information

Authors and Affiliations

  1. Universidad de los Andes, Law Faculty. Cra 1E No.18A-10, Bogotá, Colombia

    Jeimy J. Cano M

Authors
  1. Jeimy J. Cano M
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Jeimy J. Cano M .

Editor information

Editors and Affiliations

  1. Northumbria University, London, UK

    Hamid Jahankhani

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cano M, J.J. (2024). RAFA Model. Rethinking Cyber Risk Management in Organizations. In: Jahankhani, H. (eds) Cybersecurity Challenges in the Age of AI, Space Communications and Cyborgs. ICGS3 2023. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-47594-8_12

Download citation

Publish with us

Policies and ethics

Search

Navigation