Risk 101: Using Data to Better Understand Information Security Risk

Oren Falkowitz | January 15, 2014 | tag: Security Risk Management

The answer to the question of how organizations can evaluate information security risk depends on how we first think about risk in cyberspace. Good security risk management is a combination of data, processes, technology, and education. With new opportunities to observe and act on data in real-time, it has become possible to contextualize many different signals into information that supports decision-making for risk mitigation.    

Risk 101: is a new series of blog posts that explores risk vectors in cyberspace. The series emphasizes cybersecurity risks that can be objectively observed with data. Through the series we will provide in-depth exploration of signals that can be identified, and address methods for remediation.

Information Security Risk CategoriesThese risks will be organized into three categories:     

  • Misconfiguration & Mismanagement: Signals related to the implementation of specific technologies
  • Observation of Cyber Attack: Signals that reveal targeting of, motivation to, or successes in conducting a cyber attack
  • User Behavior: Signals that reveal high risk activity 

While companies continue to primarily search for threats within their networks, and share information post-attack (such as MD5 hashes of malware, IP addresses involved in attacks, malware signatures etc.), many organizations are ignoring or unaware of the risks present in the “virtual supply chain”. With this series, we hope to empower organizations to reduce risk holistically, which includes security risk from vendors, suppliers and other third parties with whom information is shared.

Our first post in The Risk 101 series will focus on the Sender Policy Framework (SPF), an e-mail validation technique to prevent malicious e-mail.   To receive automatic alerts when new content is published, subscribe to our email updates or follow BitSight on Twitter.  

Suggested Posts

The BitSight and Moody's Partnership: A New Era For Cybersecurity

Cybersecurity is one of the biggest threats to global commerce in the 21st century.

By providing data-driven insights into cybersecurity, we can empower the marketplace to make better, risk-informed decisions and create a more secure...

READ MORE »

4 Critical Success Factors for Effective Security Risk Management

With the average cost of a data breach in the U.S. reaching nearly $8.6 million, your organization can’t afford to ignore cybersecurity risk. Indeed, the need for security risk management is greater than ever. When cyber risk is managed...

READ MORE »

IoT Cybersecurity: How Your Organization Can Tame the Wild West

From sensors on the factory floor to those that guide autonomous vehicles, the Internet of Things (IoT) is transforming how we live and work. Over the coming years, IoT will continue to change our world, with the number of connected...

READ MORE »

Get the Weekly Cybersecurity Newsletter.