IT RISK 1

What is the definition of IT Risk?

The potential exposure or loss or harm stemming from an organization's Information Technology (IT), Operational Technology (OT), or other computer-based technology.

What is the difference between Cybersecurity and IT Risk?

Cybersecurity focuses on protecting IT systems from threats, while IT Risk encompasses the potential losses or harm from those threats.

What is the relationship between IT Risk and Enterprise Risk Management?

IT Risk is one of the categories of Enterprise Risks.

What types of risks are included in Enterprise Risk Management?

Credit Risks, Market Risks, Financial Risks, Strategic Risks, Operational Risks, Compliance Risks.

What is the focus of the IT Risk Management Framework?

To manage and mitigate risks associated with information technology.

What is the importance of understanding IT Risk in an organization?

To identify and mitigate potential losses or harm from technology-related threats.

What is the relationship between digital transformation and cybersecurity?

Digital transformation makes cybersecurity a business issue, not just an IT issue.

What does it mean to protect the 'crown jewels' in cybersecurity?

It refers to the practice of identifying and safeguarding the most valuable data within an organization.

What is a risk-based approach in cybersecurity?

It emphasizes that cybersecurity is not just about spending money, but about strategically managing risks.

What are the main functions of IT risk management?

Govern, comply, manage risk, protect, shield, respond, recover, sustain, defend, prevent, monitor, hunt, detect, and educate.

What does the CIA triad in cybersecurity stand for?

Confidentiality, Integrity, and Availability.

What is confidentiality in the context of the CIA triad?

Ensuring that information is accessible only to those authorized to have access.

What does integrity mean in cybersecurity?

Safeguarding the accuracy and completeness of information and processing methods.

What is meant by availability in the CIA triad?

Ensuring that authorized users have access to information and associated assets when required.

What is cyberspace?

A concept describing a widespread, interconnected digital technology.

What are the three dimensions of cyberspace?

Physical, Informational, and Cognitive.

What does the physical dimension of cyberspace encompass?

The core technical infrastructure of networked hardware and software.

What is included in the informational dimension of cyberspace?

Content or data at rest or in transit.

What does the cognitive dimension of cyberspace refer to?

Knowledge, values, beliefs, concepts, intentions, and perceptions of individuals and groups.

What are some potential costs of IT risk for businesses?

Data theft, financial loss, identity theft, reputational damage, asset damage, legal penalties, and impact on critical infrastructure.

What is the significance of the SAR threshold in the US?

It is set at $10,000, which triggers a Suspicious Activity Report.

How much was the average income for the top 10% in 2020?

$173,000.

How does $1 million in cash compare in physical space?

It doesn't fill a briefcase when in $100 bills.

How much physical space does $1 billion in cash occupy?

It takes about 10 crates of $100 bills.

What is the impact of failing to mitigate IT threats?

It can lead to various forms of theft, damage, and legal consequences.

Why is addressing cyber risk considered challenging for organizations?

Organizations have made little progress in effectively addressing cyber risk.

What role does artificial intelligence play in cybersecurity?

AI can be used in attacks that learn and adapt over time.

What is a key challenge in balancing business growth and cybersecurity?

Finding the right balance between profitability and adequate cybersecurity measures.

What is the SAR threshold in the US?

$10,000

What was the average income for the top 10% in 2020?

$173,000

How much money does $1 million in $100 bills fill?

It does not fill a briefcase.

How many crates of $100 bills are equivalent to $1 billion?

10 crates

What was the top hedge fund's AUM in 2022?

$126 billion

What was Apple Computer's valuation in 2018?

$1 trillion

What were Apple's valuations in 2020 and 2023?

$2 trillion in 2020 and $3 trillion in 2023.

Who is responsible for managing IT risk within an organization?

Everyone, including IT, HR, Finance, Legal, individual businesses, and staff.

What is the role of the Chief Information Security Officer (CISO)?

Responsible for the management and execution of Cybersecurity policy and programs.

What is the Board of Directors' involvement in Cybersecurity Risk Management?

They commit to managing information risk, understand cyber risks, respond to incidents, evaluate risk reports, and support budget requirements.

What is a key focus for pre-breach CISOs?

They tend to focus more on tools.

What do post-breach CISOs realize is more important than tools?

People and processes.

What is the purpose of the DIKW Pyramid?

It is a framework for understanding the relationship between Data, Information, Knowledge, and Wisdom.

What is the assignment due prior to Session 2 about?

Conducting research on a publicly available cybersecurity breach, summarizing what happened, root causes, and the impact including costs.

What chapters are included in the readings for Principles of Computer Security?

Chapter 1 (pages 1-17), Chapter 2 (pages 26-29), Chapter 4 (pages 86-106), Chapter 15 (pages 574-609).

What additional readings are posted in Module 2?

Credential Stuffing (NYAG), Tampering with QR Codes to Steal Victim Funds, DBIR Report.