Security News > 2021 > January > Be proactive: 3 risk management steps to take before a cyberattack
Risk management is more than recovery from a cyberattack.
Another equally important function of risk management is that it can be considered a proactive methodology used to identify risks in an organization's cybersecurity framework.
The article's author suggests: "Companies may choose to perform risk assessments internally. SaaS platforms have made this possible by offering automated testing, reports, and monitoring. One of the best approaches to risk management is the use of automated-scanning software."
The whole point of this type of risk management is to proactively identify cybersecurity risks and remove the risk if possible; if that's not possible, develop responses that will reduce the impact if a cyberattack does occur.
Create a cybersecurity framework: The National Institute of Standards and Testing describes a cybersecurity framework as, "Voluntary guidance, based on existing standards, guidelines, and practices for organizations to better manage and reduce cybersecurity risk. In addition to helping organizations manage and reduce risks, it was designed to foster risk and cybersecurity management communications among both internal and external organizational stakeholders."
The EconoTimes article makes a good argument that risk management is more than how to recover from a cybersecurity event-it's also a way to proactively reduce the risk of becoming a cyber victim.