Coping with uncertainty, ambiguity & risk in a cyber-environment
From the 2021 IBM’s report, cyber-resilience for small organisations includes:
Investing in training and education for employees
Outsourcing the cybersecurity function to external providers
Increasing the complexity of internal monitoring procedures
According to ISO standards, a risk management cycle is as follows:
risk reporting > monitoring > communication
risk assessment > evaluation > treatment
risk identification > analysis > evaluation
Risk evaluation allows to:
Support strategic decision making
Recognize and describe the source of the risk
Comprehend the nature of the risk
Quality assurance applies to:
both
processes
people
A summative evaluation:
is a standard monitoring process implemented before financial reporting
is intended to rank the likelihood and impact of a given risk
is a benchmark evaluation between expectations, performance standards and actual achievements