Developing Aviation Cyber Risk Mitigation Strategies

Posted by on in Regulatory
  • Font size: Larger Smaller
  • Hits: 873

Considerations by Sofema Online (SOL) www.sofemaonline.com looking at best practices to implement a Cyber Risk Mitigation Process within your organisation.

Introduction

Cyber security is not just about external protection of your data and information from external threats, we also have to consider any internal exposure as well.

To cover all potential eventualities, we need to develop an organisation risk mitigation strategy for managing cyber risks.

Examples of risk include:

» Ransomware
» Phishing
» Data leakage
» Hacking
» Insider threat

Risk management is considered as the process of identifying critical assets and developing appropriate mitigation risk strategies to minimize exposure.

Note - Before risk mitigation, Identification of both our external and internal risks is mandatory. (Both human error and misconduct can become pre-cursors and result in severe consequences).

With an effective risk management process, we are able to identify, evaluate and analyze our cyber risks (Related to currently available and researched data, obviously more data = a more qualified assessment.) Risks can then be measured against a set of predetermined criteria.

Risk mitigation strategies include a combination of the following options:

» Accept,
» Avoid,
» Control,
» Transfer risk (Risk transfer moves the risk to a third party).

o   Risk transfer may be outsourced, subject to the insurance agency, or handed over to a new entity.

As part of this journey, we need to determine our risk tolerance

» Identify potential cyber loss scenarios and how they might impact your business.
» Forecast the direct exposure to cyber events using loss scenarios as well as real-life loss information.
» Quantifying business interruption exposures and presenting the potential impact on your revenue and profit.
» Create a tailored cyber risk register.
» Increasing the visibility of our cyber risk with all stakeholders through:

o   Interviews,
o   Workshops,
o   Organisation Wide Presentations.

Considering the Reach of our Aviation Cyber Risk Mitigation Strategy

We need to identify any weakness with the potential to be exploited (vulnerability).

» All Systems & Processes
» IT systems
» Personnel & Access Points

Cyber Risk Assessment Features

» To understand how each of the identified risks may interact with one another.
» Search for common causes that can be taken care of through a risk mitigation strategy.
» Use a Cyber Risk Assessment Checklist:

o   What & how is information collected and stored?
o   Who has access to the stored data?
o   How do we manage our systems, networks &  email/Comms Programs?
o   How much information do we store in the cloud?
o   What are our strategies to ensure effective backup (how effective are these backup processes)?
o   Do we have a disaster recovery plan for data centre failures?

Next Steps

Sofema Aviation Services (www.sassofia.com) & Sofema Online (www.sofemaonline.com) is now taking reservations for the following course https://sassofia.com/course/easa-compliant-organizational-cyber-security-responsibilities-1-day/

Please email team@sassofia.com for details

Last modified on
Tagged in: Aviation Cyber Security Risk Sofema Aviation Services Strategies