网络安全风险_主动的网络安全风险管理方法

网络安全风险

Cybersecurity has often been thought of in terms of shielding networks from bad actors, malware, and other forms of intrusion. Even the name “firewall” implies walls built to keep something out. We block specific addresses and emails.

人们通常从屏蔽网络免受不良行为者，恶意软件和其他形式的入侵的角度来考虑网络安全。 甚至“防火墙”这个名称也暗示了为阻止某些事物而建造的墙壁。 我们阻止特定的地址和电子邮件。

That’s fine. That’s more than fine.

没关系。 那还不错。

But when it comes to cybersecurity, you can’t just be reactive. It would be best if you adopted a proactive stance, and part of that is examining your risk management procedures. Risk management means identifying risks ahead of time, blocking any threats before they can adversely affect your business. What does the threat landscape look like? How does it unfold, and what solutions can you put in place to keep your business safe and running at full strength?

但是，在网络安全方面，您不能只是被动地采取行动。 最好采取主动的态度，其中一部分是检查风险管理程序。 风险管理意味着提前识别风险，在威胁可能对您的业务造成不利影响之前将其阻止。 威胁形势如何？ 它如何进行，您可以采用哪些解决方案来确保业务安全并充分发挥作用？

When designing your proactive risk management procedures, keep these aspects in mind.

在设计主动风险管理程序时，请牢记这些方面。

保持领先 (Keep ahead of the curve)

Stay abreast of the most current threats and solutions out there. This can only work to your advantage by making you better equipped to handle surprises and better prepared to deal with them. Granted, this requires an investment of time and effort on your part, but it is preferable to fall victim to a data breach or catastrophic malware infection.

及时了解最新的威胁和解决方案。 只有使您有能力应对突发事件并为应对突发事件做好更充分的准备，这才对您有利。 当然，这需要您投入时间和精力，但是最好成为数据泄露或灾难性恶意软件感染的受害者。

Your best bet is to create a long-term strategy and, most importantly, act on it.

最好的选择是制定长期战略，最重要的是采取行动。

According to a 2019 IBM/Ponemon report, the average cost to a company for a data breach is over $8 million. That’s an increase over past years. If you take away nothing else from this essay, take away the knowledge that you can’t afford to ignore making cybersecurity a significant part of your overall approach to business.

根据2019年IBM / Ponemon的报告 ，公司数据泄露的平均成本超过800万美元。 这是过去几年的增长。 如果您没有从本文中摘取其他任何内容，请不要忘记使网络安全成为您的整体业务方法的重要组成部分的知识。

How, though?

不过如何？

No one is keeping cybersecurity issues that affect your business a secret. When new threats emerge and, as importantly, news in how to counter these threats are revealed, you have any number of online sites you can regularly visit for the most recent news. Ones I recommend include:

没有人将影响您业务的网络安全问题保密。 当出现新的威胁，并且重要的是，有关如何应对这些威胁的新闻被披露时，您可以定期访问许多在线站点以获取最新消息。 我推荐的产品包括：

• Forbes

  福布斯

• Business Insider

  商业内幕

• Bloomberg

  彭博社

• SC Magazine

  SC杂志

• Threatpost

  威胁柱

• Cnet

  网络

Make a habit of checking these sites weekly, if not daily, to find out what’s out there and what to do about it.

养成每周(如果不是每天)检查这些站点的习惯，以找出存在的问题以及如何处理。

Photo by Campaign Creators on Unsplash

广告系列创建者在 Unsplash上 拍摄的照片

安全是每个人的关注 (Security is everyone’s concern)

Given the breadth of cybersecurity risks today, the time has come for all members of your business to take a role in tackling online threats. You shouldn’t leave it to just the IT guys in the basement. Educate all your staff on safe email and password practices. Teach them how to recognize phishing and other potential scams. By giving them the insight needed to be proactive about your business’s network security, you can significantly increase your ability to handle risk management.

考虑到当今网络安全风险的广泛性，企业中的所有成员都应扮演应对在线威胁的角色。 您不应该只把它留给地下室的IT人员。 对所有员工进行安全的电子邮件和密码实践教育。 教他们如何识别网络钓鱼和其他潜在的骗局。 通过为他们提供主动了解企业网络安全所需的洞察力，您可以大大提高处理风险管理的能力。

This is especially true when it comes to integrating mobile devices, BYOD policies, and work-from-home. Keep your team engaged and prepared to meet your cybersecurity needs.

在集成移动设备，BYOD策略和在家工作时尤其如此。 让您的团队参与进来并为满足您的网络安全需求做好准备。

合规性应该是您的出发点 (Compliance should be your starting point)

Regulatory compliance means adhering to the cybersecurity standards required for your business — most often this means healthcare and finance industries, but can also include any government contracts and safety-related trade. Most companies treat compliance as a target. What it should be is your base condition.

法规遵从性意味着您必须遵守业务所需的网络安全标准，这通常意味着医疗保健和金融行业，但也可以包括任何政府合同和与安全相关的交易。 大多数公司将合规视为目标。 它应该是您的基本条件。

Why? Because the cost to a business subject to regulatory compliance of breached data can be between $150 and $430 per individual record. That adds up to serious money quickly.

为什么？ 因为对违反数据的法规遵从性的企业而言，每条记录的成本可能在150到430美元之间。 这很快就使大量的钱加起来。

Start by looking over your compliance requirements, then ask yourself how you could make them better. It could be as simple as updating your blocked content and address lists. It could be more involved, such as installing System Information and Event Management (SIEM) software or upgrading your encryption and firewall protocols.

首先查看您的合规性要求，然后再问自己如何改善它们。 就像更新被阻止的内容和地址列表一样简单。 它可能涉及更多，例如安装系统信息和事件管理(SIEM)软件或升级加密和防火墙协议。

Start from a strong position on cybersecurity, so your standards are always above and beyond the minimum.

从在网络安全方面的强势地位入手，因此您的标准始终高于最低标准。

Photo by Markus Spiske on Unsplash

Markus Spiske在 Unsplash上 拍摄的照片

利用您的数据……所有这些 (Leverage your data… all of it)

Depending on the size of your business, you may have scads of data you can use to your advantage when it comes to combating potential Cybersecurity threats.

根据企业规模的不同，在应对潜在的网络安全威胁时，您可能会利用大量数据来发挥自己的优势。

As a business, you may have network access data, customer relationship management software to collect more data, and analytics software to measure everything from inventory and personnel to production and sales. Using these, you can uncover risky behaviours and weak links in both your networks and business.

作为企业，您可能拥有网络访问数据，用于收集更多数据的客户关系管理软件以及用于测量从库存和人员到生产和销售的所有内容的分析软件。 使用这些，您可以发现网络和业务中的危险行为和薄弱环节。

Proactive action is analyzing all of this information so you can deal with problems long before they happen.

主动行动正在分析所有这些信息，因此您可以在问题发生之前就早已解决。

An effective cybersecurity response is necessary for businesses that want to shorten downtime and limit the amount of damage a data breach can cause. Even better, though, is looking ahead at what your risks are, where your weak points are, and what proactive steps you can take toward risk management.

对于想要缩短停机时间并限制数据泄露可能造成的损害的企业而言，有效的网络安全响应是必不可少的。 不过，更好的是，您可以展望自己的风险，劣势所在以及可以采取哪些积极步骤进行风险管理。

You’ll save money, reputation, and aggravation — all worthy goals for any business.

您将节省金钱，声誉和麻烦-所有企业都值得实现的目标。

Thank you for reading. I’d love to share more with you via my Bi-Weekly Word Roundup newsletter sent to subscribers every other Sunday. It will feature news, productivity tips, life hacks, and links to top stories making the rounds on the Internet. You can unsubscribe at any time.

感谢您的阅读。 我希望通过 每隔一个星期日发送给订阅者 的双周词综述 新闻稿 与您分享更多信息 。 它将包含新闻，生产力提示，生活技巧以及指向互联网上的热门话题的链接。 您可以随时取消订阅。

翻译自: https://medium.com/swlh/a-proactive-risk-management-approach-to-cybersecurity-2d1b5896d4dd

网络安全风险