Risk Management and Cyber Security

A lot of fellow professionals see that I am in Risk Management and immediately think that this is Cyber Security.

I will explain in as much detail as possible, to clarify the differences

Below are layers of different risk management disciplines in a company to understand where cybersecurity (or cybersecurity risk) is situated.

  • Enterprise Risk Management: This is the capability to understand and manage all risk types in a given organization. Depending on the company, this usually includes managing strategic risks, reputational risks, financial risks, compliance risks and operational risks.
  • Operational Risk Management: Operational risks are a subset of enterprise risks and are associated with operational processes, employee errors and technology systems.
  • IT Risk Management belongs to the operational risk category and includes all types of risks related to using and managing information technology. A simple way to think about IT risk management is the infamous CIA model which is basically a nifty acronym for confidentiality, integrity and availability. IT risk management is there to address the risks related to these three main areas.
  • Cybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.
  • Cybersecurity risk is one of several risks in the IT risk management space. It’s also one of the most important risks for any organization that has cyber presence.

Author: Mariella Stockmal

Dynamic results driven, Management and Consulting for: Business Risks, Operational Risks, and Fraud Protection

Leave a Reply

%d bloggers like this: