Management Security
-Technical controls(authentication, access control etc.) are used to reduce the risk of attacks on valuable asset.
What assets need to be secured and from whom.
Organization Context
legal and compliance drivers for cyber cecurity
financial and health data
what technical control should be deployed?
must understand risks posed by threats
costs and benefits of security measures
Key Challenges
what assets are under risk?
What are the threats and how serious is the risk posed by them?
likelihood of successful attack and its impact
What technological solutions/controls exist to counter threats?
How can we address risk in a cost-effective manner?
cost is less than reduction in risk
How do we understand people and process aspects of cyber security management?