Proper cyber security risk management is more than a technology solution. A company must integrate cyber risk management into day-to-day operations. Additionally, a company must be prepared to respond to the inevitable cyber incident, restore normal operations and ensure that company assets and the company’s reputation are protected.
Understand what information you need to protect: identify the corporate “most important assets.”
The first step in assessing an organization’s cyber risk is to understand what company assets you are trying to protect and why. Ask yourself, what are your most critical assets? Identify your most important information, assets, and legally protected information.
Identify Threats to Critical assets
How do you store the information?
Who has access to the information?
How do you protect your data?
What steps are you taking to secure your computers, network, email and other tools?