5. The Approach to Cybersecurity: Cyber Risk Management 121 urgency or panic. Once a DRP is created, it needs to be tested, personnel must be trained, and everybody in the organization must be made aware of the high-level plan. A DRP can be tested by doing tabletop exercises, simulations, and possibly even unannounced drills. Lastly, the DRP needs to be revisited often. As the organization changes and risks change, a DRP can become outdated. If that is the case, it may not provide much help when it is called upon in the time of crisis. 5.5 Conclusion Organizational leaders in the C-suite focus much of their attention on risk management. For the long term sustainability and growth of their company, they need to study the risks they face and address them appropriately. Many of the risks are not cyber related. For example, their office location may be hit with a natural disaster. They may lose a large customer’s business. A key supplier may go bankrupt. While they may be unpleasantly surprised when something goes wrong, good leadership should not be unprepared. Their goal is to identify and handle the risks they face by putting appropriate controls in place. Because of the central role technology plays in organizations, cyber risk management has become an increasingly important focus for organizational leaders. This chapter has covered the importance of cyber risk management and the basics of how it should be performed. By following a process such as the one outlined in this chapter, an organization can thoughtfully determine how much cybersecurity they need and how much they should spend on it.
RkJQdWJsaXNoZXIy MTM4ODY=