|
|
At a high level, the risk is unacceptable in the long term. In the short term, the company can afford to tolerate it, but at the same time, it must immediately start systematic steps to eliminate it. And finally, the critical stage does not allow any delay. For him, steps to eliminate the risk must be started without delay.Let's show it with an example from the field of transport, which had significant problems with cyber security.
Let us recall, for example, last year's ransomware attack on the Directorate of Chinese American Phone Number List Roads and Highways (ŘSD), from which this organization recovered for months. Its director, Radek Mátl, even publicly admitted that he was considering paying the ransom. This alone is a sign that the issue of cyber security was definitely not one of the priorities in this state-owned company, to deal with encrypted disks quickly, how to restore systems, and how to properly inform the outside about the problem.
It also differs in how difficult it is to bring the level of risk below the tolerable limit, or how urgently it will need to be done. In the first two levels, low and medium, the risks are acceptable. In low without anything else, in medium on the assumption that the risk can be reduced by less demanding security measures, or on the contrary, these security measures are significantly demanding and therefore not quite worth taking.
|
|
發表於 2024-3-7 18:49:41