Describe what you learned in terms of risk to a business organization or entity?

                In the present age, it is not easy to run a successful business without having risk management systems and cybersecurity measures to avoid data breaches and denial service attacks from the external environment. The article is a great contribution to the research for the organizations to and their managerial staff to provide them awareness about the possible risks to their business. The article is written by Pescatore in 2018 with the topic name " Breach Avoidance: It can be done it needs to be done".

               After reading the whole article I learned that a risk to a business organization and entity is the collection of threats. The risk is basically the chances of damages in the business and damaging incidents related to data of the organization. risk can negatively affect the assets of the owners and shareholders of the business if not managed properly. In the article, a formula is mentioned that elaborate on how the organizations can measure risk factor in a quantitative way. The risk formula considers the available threats to the organization, its vulnerabilities ( including software and people in the organization) and actions taken for elimination and mitigation. Here formula of risk is mentioned below:

  Pescatore illustrated in the article that to reduce risk right proactive actions are required not too many activities. in his views organizations should adopt the defense in depth strategy. rather than covering different areas they should mainly focus on the area that has the highest risk factor and that can result in the worst outcomes. In his perspective only adding layers of security products increases the complexity.

The key steps and success patterns to reduce risk factor and to avoid breaches in the organization are mentioned below in list:

1.      Selection of cybersecurity framework prioritized by real-world risks

2.      Institute continuous monitoring system for assets

3.      Create maps against real-world threats

4.      Use playbooks

The above-mentioned list of steps and success patterns are explained below to provide a comprehensive understanding of these steps and success patterns.

·          Selection of cybersecurity framework prioritized by real-world risks

              There are various options available for cybersecurity frameworks as, CIS critical Security Controls, Health information trust alliance common security framework, NIST cybersecurity framework, and PCI data security standards prioritization guideline. In the first step management of the organization have to select the most relevant framework for their organization.      

·         Institute continuous monitoring system for assets

Then the organizational management should have to ensure monitoring system for assets. they should have a clear understanding of the total assets of the organization and vulnerability chances in these assets.   

·         Create maps against real-world threats

In this step management of the organization will create maps against real-world threats. They will map the vulnerabilities against the threats that can be affected.  

·         Use playbooks

Now in this step, they will upload playbooks for damage avoidance. In the playbooks, producers will make notes what steps require repetition and what actions are completed.

More recommendations/steps to reduce the risk of loss of company

                  In accordance with my opinion and recommendations organizations can also take these steps to avoid breaches. The following steps are suggested after the thorough analysis of research and literature review (Hasib, 2014). 

1.      Provide training sessions to the employees to help them identify external access and irregular activity in the systems. 

2.      For cybersecurity breaches as malware, spyware and viruses use security alerting software.

3.      Ban all unencrypted devices

4.      Stop Incursion.   

                Through using these steps organizations can control the risk of breaches and they can make them systems strong enough to automatically prevent external attacks and limit the chances of damages in assets. above mentioned steps not only provide security for tangible assets as software but also for intangible assets as goodwill of the company that gets negative effects from security breaches.

References Steps to avoid Breach

Hasib, M. (2014). Cybersecurity Leadership: Powering the Modern Organization. Tomorrow's Strategy Today, LLC. Retrieved 11 25, 2018

Pescatore, J. (2018). Breach Avoidance: It can be done, it needs to be done. Retrieved 11 25, 2018