Everything Is about Risk
First, let’s take a high-level look at all sub-functions that should be addressed as part of the Risk function. The following image captures much of what the Risk function entails.
Figure 14.1: Sub-functions of the risk function
As we’ve continued to reference throughout the book, cybersecurity is all about risk management. At a time when the threat landscape has never been so advanced and active, risk management has only become more critical. It is important to acknowledge that risk will never be eliminated.
There will be some level of risk with everything in life; this is unfortunately the reality of the world we live in. Our role as cybersecurity leaders is to understand the level of risk present, also known as inherent risk. Once this risk is understood, we then need to advise on how to reduce the inherent risk as much as possible, typically through the use of controls. Once the controls have been put in place, it is important...
