A lot of fellow professionals see that I am in Risk Management and immediately think that this is Cyber Security.
I will explain in as much detail as possible, to clarify the differences
Below are layers of different risk management disciplines in a company to understand where cybersecurity (or cybersecurity risk) is situated.
- Enterprise Risk Management: This is the capability to understand and manage all risk types in a given organization. Depending on the company, this usually includes managing strategic risks, reputational risks, financial risks, compliance risks and operational risks.
- Operational Risk Management: Operational risks are a subset of enterprise risks and are associated with operational processes, employee errors and technology systems.
- IT Risk Management belongs to the operational risk category and includes all types of risks related to using and managing information technology. A simple way to think about IT risk management is the infamous CIA model which is basically a nifty acronym for confidentiality, integrity and availability. IT risk management is there to address the risks related to these three main areas.
- Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.
- Cybersecurity risk is one of several risks in the IT risk management space. It’s also one of the most important risks for any organization that has cyber presence.
