Coping with uncertainty, ambiguity & risk in a cyber-environment
From the 2021 IBM’s report, cyber-resilience for small organisations includes:
Increasing the complexity of internal monitoring procedures
Investing in training and education for employees
Outsourcing the cybersecurity function to external providers
According to ISO standards, a risk management cycle is as follows:
risk reporting > monitoring > communication
risk identification > analysis > evaluation
risk assessment > evaluation > treatment
Risk evaluation allows to:
Recognize and describe the source of the risk
Comprehend the nature of the risk
Support strategic decision making
Quality assurance applies to:
both
processes
people
A summative evaluation:
is a benchmark evaluation between expectations, performance standards and actual achievements
is intended to rank the likelihood and impact of a given risk
is a standard monitoring process implemented before financial reporting