eBook – Industrial Cyber Risk Management

"Cybersecurity risk should always be considered within the business context" The definitive goal of a cyber risk process is to eliminate risk to the extent possible by ascertaining which risks must be addressed and mitigated and which risks the management is willing to live with. This goal requires the development of a clear strategic methodology to determine and communicate the risk appetite; analyze and prioritize cyber risks and vulnerabilities; and establish a well-defined mechanism for mitigating the risks to be addressed. This is an organizational mission and not something that individuals or select teams can achieve.