Chapter 7: A Framework for Dealing With Cybersecurity Risks as Part of Information Security

In the current scenario, cybersecurity issues have emerged to be a major challenge for firms to deal with. The increased use of technologies has increased radically the volume and typology of information produced, exchanged, and managed by firms thus creating conditions for cybersecurity incidents or information breaches. In this situation, it becomes paramount for firms to recognize cybersecurity risks and be prepared to prevent them through the implementation of approaches and technologies able to ensure a high level of protection.

In this chapter, we provide a framework for analyzing and managing cybersecurity risks. We employed a case study strategy to understand how the risk analysis process is carried out within an Information Security company. The study and observations obtained from this case study have permitted to define a framework useful for SME to deal with cybersecurity issues.