Skill: Cybersecurity Risk Management
Artifact 1: Risk Components Discussion
This artifact comes from my CYSE 430 Introduction to Cyber Risk Management class. In this assignment I had to break down the four main elements of risk assets, threats, vulnerabilities, and impact and explain how they work together to shape an organization’s overall risk level. I also had to use a real-world example to show how failing to identify even one of these elements can create a major gap in a security plan. This paper shows my ability to apply risk management concepts, analyze real incidents and understand how technical weaknesses connect to business and human behavior.
Full Text of Artifact
CYSE 430 – Chapter 1 Discussion Response
When it comes to cybersecurity risk really comes down to four main parts assets, threats, vulnerabilities and impact. All of them connect to shape how much risk an organization faces. Assets are what a company values and wants to protect like data, systems or customer information. Threats are anything that could harm those assets like hackers, malware, or even natural disasters. Vulnerabilities are the weak spots that make it easier for threats to cause problems like not updating software or using weak passwords. Impact is what happens when a threat actually takes advantage of a vulnerability such as money loss, downtime or a hit to reputation. All four of these parts work together to show the full picture of risk. If just one is ignored it can throw the whole plan off. In 2017 the Equifax breach, the company had valuable data and knew the threat was there but they failed to patch a known software vulnerability. That one mistake let hackers steal personal data from over 140 million people. Even though they had other security tools in place, that one missed vulnerability made the impact huge. This shows how one weak point can break a risk management plan, no matter how strong the rest of it looks.
Interdisciplinary Significance
This artifact shows how cybersecurity risk management connects to multiple disciplines. Understanding assets and impact ties directly to business and finance because businesses must prioritize what matters most. Identifying threats and vulnerabilities relies on technical cybersecurity and computer science knowledge. The Equifax example also highlights legal and policy implications, since the breach led to federal investigations, fines and long-term trust issues. Writing this helped me see that effective risk management is not just technical it requires thinking about business needs, human error, organizational policy and the real-world consequences of cyber decisions.