Risk and security can no longer be separated, if they ever could. In fact, at some companies, cybersecurity is being moved from its corporate silo into a broader basket of risk management. The argument has been made that Target had the right strategy in neglecting cybersecurity; the hit from being hit, they say, still cost it less than the costs and friction of a proper cybersecurity strategy, which may not have been effective anyway. That view is too cynical for most organizations, but a realistic assessment that puts cybersecurity as just one element in a broad framework of costs, risks, and rewards is surely in order.
We’ll look at a variety of risks that need to be managed, focusing on those introduced by computer systems, mobile devices, IoT, and cloud computing. We’ll also consider the tensions and tradeoffs among security, efficiency, customer satisfaction, and privacy.