The Agency Insider with Linda McGlasson

New Guide for Businesses to Defend Against Cyber Attacks

New Guide for Businesses to Defend Against Cyber Attacks

The Financial Management of Cyber Risk: An Implementation Framework for CFOs lays out a well-thought out cyber security plan framework. It is the answer for those senior executives who may still be thinking that they won't suffer a data breach or be victimized by cyber thieves -- or even be defrauded by their own employees. This is a practical, easy to understand framework developed by a cross-sector taskforce of more than 60 industry and government experts.

The guide, produced by the Internet Security Alliance and the American National Standards Institute, is a direct response to President Obama's Cyberspace Policy Review, which asked for a program to help assign monetary value to cyber risks and consequences, helping senior execs to address cybersecurity needs.

This is a practical, easy to understand framework developed by a cross-sector taskforce of more than 60 industry and government experts. 

I'm betting that everyone reading this could do with a review of this 76-page report. It covers the financial impact of cyber risks from an enterprise-wide view, and its chapters touch on the core business functions of any sized organization in any industry. Financial institutions should be telling their business customers about this guide, too. I'll offer that it may be the best thing that you can give them to start their journey to cyber security.

Along with the big strategic questions, the guide has sample charts to help calculate the probability and severity of financial loss from both risk events and the actions taken to mitigate them.

One example of the type of risk mitigation questions asked:

Question: "What are the other benefits of purchasing a specific cyber risk insurance policy?"

Answer: "A framework for determining comparative benefit --In addition to the obvious benefit of legal and first-party expense reimbursement, the purchase of a specific cyber risk policy has a number of other indirect benefits, including:

  • "The ability to obtain an objective, usually free, review of a company's network security by a third party (i.e., the insurer or its agent);
  • "A better ability to understand the company's risk level compared to its peers (by examining the differences in premiums);
  • "Better quantification of net financial risk;

"Finally, the demonstration of the successful ability to purchase insurance could be a favorable factor with the company's regulators, or even in litigation."

The guide also includes a list of standards and reference documents to help businesses develop comprehensive risk management frameworks.

So don't just sit there, dragging your heels, waiting for something to happen to your business or for your business customers to develop their own plan of action. Why wait while your company's reputation is hurt and money and data flow out to the hands of criminals? Make this guide the place you draw the line in the sand -- 21st century cyber risk mitigation starts here and now.



About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.