Time to Start Managing Cyber Security Risk

Time to Start Managing Cyber Security Risk

The risk of cyber security threats is growing exponentially and failure to address it in a concerted way can result in serious consequences. It’s time for IT departments to manage risks just as legal, finance and other corporate departments do. It is possible to manage cyber risk from both a business continuity and security point of view.

Cyber security risks are everywhere. A top professional-services firm recently asked 10,000 IT security and business executives worldwide about cyber security incidents that include data breaches and thefts, payment-card skimming, viruses and other malware, state-sponsored espionage, and denial-of-service attacks. These respondents collectively identified 42.8 million IT security incidents during 2014. That’s a 50-percent increase over the previous year. 

That kind of aggressive growth demands a formal risk-management methodology. Perhaps the best known comes from the National Institute of Standards and Technology (NIST) in a document entitled Guide for Conducting Risk Assessments. The document defines IT-related risk as comprising two factors: the probability of a threat occurring and its likely impact. 

Another organization, the Information Systems Audit & Control Association (ISACA), offers an IT risk framework aimed at helping security teams understand and manage all significant IT risk types. “IT risk always exists,” says ISACA, “whether or not it is detected by an enterprise.” 

Risk Management Framework

No matter which risk-management framework you adopt for business continuity and security, the work will need to be done as an iterative process. In other words, you’ll need to repeat it on a regular basis. 

Why? Because everything is constantly changing — the business environment, your business processes and systems, not to mention the tactics of criminals, hackers and other bad guys. There’s also your constant need to balance costs, productivity, effectiveness and the business value of whatever data or systems you’re protecting.  Cyber risks will never be completely eliminated.

Professional Expertise

Here at Masergy, we agree. That’s why we include risk management as a key professional service offered in our Managed Security solution. Our solutions provide end-to-end security audits and gap analysis for all kinds of systems. We can identify and contain any compromised infrastructure, then deliver a complete investigation report to your management and operations teams. 

More specifically, Masergy’s risk management features essential professional services that will help your company stay ahead of cyber risk, including:

Enterprise Security Assessment (ESA): Provides comprehensive security audits and gap analyses mapped to your compliance frameworks. Also, custom packages can be delivered to address your security initiatives and discover vulnerabilities.

360° Living Security Audit: A comprehensive deep-dive audit of your infrastructure - from wired and wireless to BYOD - to secure assets from premise to cloud.

So stop wishing cyber threats away, and start managing them as a risk. Masergy can help. And in today’s insecure IT world, that’s really good news.

Learn more about Masergy’s comprehensive professional services.

About David Venable

VP, Cybersecurity, Masergy
David Venable, Vice President of Cyber Security at Masergy Communications, has over 15 years experience in information security, with expertise in cryptography, network and application security, vulnerability assessments, penetration testing, and compliance. David is a former intelligence collector with the National Security Agency, with extensive experience in Computer Network Exploitation, Information Operations, and Digital Network Intelligence. He also served as adjunct faculty at the National Cryptologic School.