Simplify Cyber Risk

Welcome to Simplifying Cyber Risk!

Your first video lesson is below, but first a quick introduction and short intro video...

My name is Ryan Smith, and I'll be your instructor. I'm excited to have you here and to share these different ideas because they've immensely helped me in my own career in cybersecurity.

We put this course together to help two different people out:

1. The person who's implementing cybersecurity and compliance in their business that wants a higher level understanding of this so they know where to start, the path that they're on, and how to get to where they want to be.
2. The salesperson that's out there talking to clients about cyber risk, that wants to keep out of the technical weeds, that wants to overcome objections more easily, and be able to connect value back in their solution to the business impact cyber risk has on their business.

Either way, this course is going to be the foundation for both of you as we cover five different lessons:

1. The first lesson gets into measuring risk. This is where we'll introduce the concepts of risk-based cybersecurity, still at a very high level, and we'll tie that back to business impacts.
2. Next, we'll talk about compliance vs cybersecurity, some of the ways that those overlap, and how there's differences between those as well.
3. We'll also talk about the different things that go into play when you think about risk tolerance vs risk mitigation, so you can start to think about the decisions that you'll be making as you decide how to get rid of cyber risk.
4. Then we'll talk about those best practices that help you actually do that and where to find them.
5. And then finally, the challenges to expect as you continue down this path. This will help the person that's going to be implementing these practices know what to expect. And, this will help the salesperson know about the challenges clients are going to face.

As you continue beyond Simplifying Cyber Risk, there are two different directions you can go depending on which path that you feel like you're on.

If you haven't already checked out the RLS Consulting Programs, those are going to give you resources and all kinds of tools to take this course further and to get into expanded content to learn more.

These are at SecureMyAgency.com and SellMoreCyber.com when you're ready to explore more of our offerings.

And of course, if you have any questions, please don't hesitate to reach out to us at [email protected].

Good luck!

Lesson 1 - Measuring Risk

In this lesson, we introduce a simplified approach to understanding cyber risk. A central theme is that the idea of being “secure” is a myth and misleading way of thinking. Instead, we turn to risk-based cybersecurity for a better way to understand our level of risk.

The lesson demonstrates how cyber risk is a factor of likelihood and impact. Understanding and quantifying these two components are fundamental to breaking down risks for business leaders.

Objectives

1. Understanding the Risk Equation: Gain familiarity with the risk equation (Risk = Likelihood x Impact) as the foundation for measuring and managing cyber risk.
2. Exploring Likelihood: Explore the concept of likelihood in the context of cybersecurity, focusing on vulnerabilities and factors influencing the probability of a cyber incident.
3. Analyzing Impact: Examine the impact of cyber incidents, categorized under the CIA Triad of Cybersecurity (Confidentiality, Integrity, and Availability), to comprehend the potential consequences for businesses.
4. Addressing Unknown Impacts: Recognize the challenges in anticipating and quantifying unknown impacts and costs resulting from cyber incidents, such as fines, reputational harm, and regulatory penalties.
5. Challenging the Notion of "Secure": Challenge the binary notion of "secure" by emphasizing that cyber risk exists on a sliding scale, where mitigating risk is the goal rather than achieving absolute security.

By the end of the lesson, learners will have a comprehensive understanding of the nature of cyber risk, as well as ways to explain and relate these ideas to business leaders to communicate cyber risk more effectively.