BU415 Chapter Notes - Chapter 13: It Risk Management, Malware, Phishing

It risk management and cybersecurity: why is cybersecurity not an it problem, managers should care about it because of the threats and implications of breaches. Investing in cybersecurity is a negative deliverable it has no roi and doesn"t produce revenue so historically, it hasn"t been cared about. Insurance or outsourcing security: the internal threat. Internal malicious behaviour: disgruntled employees, harder to detect because their actions can go undetected for a long time. Impossible to prepare for: careless behaviour, the external threat. Identify: understand context in which organization operates in, need to tailor efforts to distinct requirements of each firm, protect, things like restricting access to certain things and using control systems, detect: Implement ways to identify cybersecurity breaches and events: ex. Using monitoring tools: recover, define appropriate measures to restore the compromised services. Internal cybersecurity threats: develop policies and auditing standards and culture to ensure compliance, monitoring, monitor and limit access to dangerous websites, external cybersecurity threats.