CISSP Exam Study Guide: Cybersecurity And Ethical Hacking To Information Security Professionals: Comprehensive Guide To Threats, Ethical Hacking, Defense Techniques & Cybersecurity Frameworks 5 Book by Knowles John & Knowles John

Author:Knowles, John & Knowles, John [Knowles, John]
Language: eng
Format: epub
Published: 2021-10-21T16:00:00+00:00

Chapter 46 How to Monitor Risk Factors

We've talked about metrics and how we measure different risk factors using KPIs, KRIs, and KGIs. But how do we put them all together and monitor risk? What is risk monitoring? Well, you've heard the term continuous monitoring. Does this mean we're watching dials and logs and stuff around the clock? Maybe in some cases. But normally we're looking for risk on a continual basis in that we're looking to make sure that we always maintain acceptable levels of risk. We monitor changes in the environment, our operating environment, our technical environment, our business environment. We're looking for changes in these risk factors to see how they change risk, to see if they raise or lower risk. When it's necessary, we adjust our controls, our risk mitigations. We take different actions to bring these risk levels back to an acceptable level. What are we doing when we monitor for risk? We’re looking at metrics. We're looking at these metrics through a point in time view. When we take a measurement and look at a threshold, it's for that particular moment in time. It doesn't tell us what happens the moment before or the moment after. However, we can measure things over a period of time, and then we get a trend or historical analysis of what's been going on. We can measure a particular value one month and another value another month, and so on, over the book of a quarter. Then when we look at those, we can see a trend. We can see if risk is going up or going down, how that particular risk factor is changing. Some of the questions we need to ask ourselves are, How well are we performing? We look at our KPIs. We look at how much risk we are incurring. We look at our KRIs. We also reevaluate risk through risk assessments. Finally, we look at how well we are meeting our overall security and risk goals through our KGIs. How do we monitor this risk? First of all, we look at risk factors. We recalculate risk as we need to. We change our risk response and mitigations. We update our risk assessment. Let's look at all four of these. When we monitor risk factors, what we're doing is looking at our KRIs and our other indicators to look for changes that may increase or decrease risk. How are these things changing over time? What are they telling us? What are our trends or our historical analysis telling us? As they change, we need to recalculate risk. We're constantly evaluating risk. As risk factors go up or down, we're looking at how our threats, vulnerabilities, likelihood, and impact are affected by these risk factors. As these risk factors change, we should be able to re-evaluate our risk. Based upon changes that we see in risk factors or overall risk, we may need to change our risk responses. We may need to add controls or take away from controls or change them completely.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.