🛡️

Cybersecurity Risk Management

Sep 8, 2025

Overview

This lecture covers the core responsibilities of cybersecurity professionals in identifying, assessing, and managing different types of risks that organizations face to protect information and assets.

Types of Risks

  • Risks are divided into internal and external categories.
  • Internal risks originate within the organization, such as opportunities for employee fraud.
  • Internal controls, like two-person check issuance, can mitigate internal risks.
  • External risks come from outside threats, like ransomware attacks by external actors.
  • Controls for external risks include using multifactor authentication and conducting security awareness campaigns.

Special Risk Categories

  • Multi-party risks affect multiple organizations, such as when a SaaS provider is compromised.
  • Legacy systems, which are outdated and unsupported, are harder to secure and pose unique risks.
  • Organizations should replace legacy systems or apply strong, tailored security controls.
  • Intellectual property (IP) theft risks are significant for information-based businesses, as loss or alteration of IP damages the organization.
  • Software license compliance risk arises when organizations use software outside of legal agreements, risking audits and fines.

Risk Management Strategies

  • Use internal controls to reduce the likelihood or impact of internal risks.
  • Implement security controls and training to mitigate external and multi-party risks.
  • Monitor and manage use of legacy systems and plan for their replacement.
  • Protect intellectual property with appropriate security measures.
  • Use license monitoring software to ensure software compliance and avoid legal penalties.

Key Terms & Definitions

  • Internal Risk — Risk originating from within the organization, often due to processes or personnel.
  • External Risk — Risk from outside the organization, like cyberattacks or natural disasters.
  • Multi-party Risk — Risk that impacts multiple organizations due to shared dependencies.
  • Legacy System — Older technology that is hard to secure and often unsupported.
  • Intellectual Property (IP) Theft — Stealing, altering, or destroying valuable business information.
  • Software License Compliance — Adhering to software usage agreements to avoid audits and fines.

Action Items / Next Steps

  • Assess your organization's internal and external risks and review current controls.
  • Identify any legacy systems and evaluate their security posture.
  • Implement or review software license monitoring solutions to ensure compliance.

View note sourcehttps://www.linkedin.com/learning/isc2-certified-in-cybersecurity-cc-cert-prep/understanding-risks?autoplay=true&resume=false&u=114710954