10 steps to more effective cyber threat risk management

Following are 10 steps chief compliance officers and other compliance professionals can take to get more involved:
1. Stay informed about cyber threats and their potential impact on your organization.
2. Recognize that an intelligent approach to cyber threat risk is as valuable as traditional business intelligence.
3. Recommend that a C-level executive be accountable for cyber threat risk management.
4. Support sufficient resourcing for the organization’s cyber threat risk management efforts.
5. Request management to make regular (e.g., quarterly), substantive reports on the organization’s top cyber-threat
risk management priorities.
6. Establish continuous monitoring methods that can help the organization predict and prevent cyber-threat-related
issues.
7. Require internal audit to evaluate cyber threat risk management effectiveness as part of its quarterly reviews.
8. Expect executives to track and report metrics that quantify the business impact of cyber threat risk management
efforts.
9. Monitor current and potential future cyber security-related legislation and regulation.
10. Recognize that effective cyber threat risk management can give your company more confidence to take certain
“rewarded” risks (e.g., adopting cloud computing) to pursue new value.

Internal control systems often focus compliance professionals on the four distinct but overlapping categories of enterprise

risk: strategic, operational, financial and compliance. Whereas cyber issues are mainly thought of with regard to

operational risks, there increasingly is a compliance facet as well.

Now is the time for compliance professionals to step up and anticipate what can be done to better understand the

organization’s capabilities for managing and mitigating the ever-present — and growing — risk that cyber threats pose.

Insights gained through the 10 steps above can help guide an in-depth review of current practices and set the

organization on a course for evolving a cyber threat risk management approach that is proactive, preemptive and

effective.

Social Impacts of Cyber Crime

Cyber criminals take full advantage of the anonymity, secrecy, and interconnectedness provided by the Internet, therefore
attacking the very foundations of our modern information society. Cyber crime can involve botnets, computer viruses,
cyber bullying, cyberstalking, cyberterrorism, cyberpornography, Denial of Service attacks, hacktivism, identity theft,
malware, and spam. Law enforcement officials have struggled to keep pace with cyber criminals, who cost the global
economy billions annually. Police are attempting to use the same tools cyber criminals use to perpetrate crimes in an
effort to prevent those crimes and bring the guilty parties to justice. This essay begins by defining cyber crime and then
moves to a discussion of its economic and social impacts. It continues with detailed excursions into cyberbullying and
cyberpornography, two especially representative examples of cyber crime, and concludes with a discussion of ways to
curtail the spread of cyber crime.