Investigation should include
- cybersecurity risk assessment
- risk management
- risk mitigation – reducing the likelihood of the risk
- risk transfer – transferring the risk to another company (e.g., using an insurance company to cover financial losses, outsourcing infrastructure to a cloud provider)
- risk avoidance – avoiding the possibility of the risk (e.g., not using a specific software program would avoid any known risks of that program)
- risk acceptance – understanding and accepting the risks associated with use of a system or feature.
Process/Skill Questions:
Thinking
- How does one know that an online retailer is reputable and safe?
- What is cybersecurity risk?
- What organizations are available to verify that a retailer or its financial systems are reputable and safe?
- What role do credit bureaus play in reducing cybersecurity risk?
Communication
- How can professionals communicate the importance of cybersecurity risk management?
- What communication skills are helpful in reporting risks, threats, and vulnerabilities?
Leadership
- How can leaders encourage cybersecurity risk management?
- How can a leader be a good role model for investigating risks and threats?
Management
- What procedures can be put into place to reduce cybersecurity risk?
- How are cybersecurity risks managed?