The application of risk in cyber security plays an integral role as a basis
of evidence for decision making as well as providing visibility over existing and
potential security postures. To effectively leverage this utility, Risk Management
must be integrated within a solution that unifies immediate, short-term, and longerterm
functions that deliver cyber security capabilities for secure business services.
Through structured language and entity models, integration of systems and
processes enable…
Read moreThe application of risk in cyber security plays an integral role as a basis
of evidence for decision making as well as providing visibility over existing and
potential security postures. To effectively leverage this utility, Risk Management
must be integrated within a solution that unifies immediate, short-term, and longerterm
functions that deliver cyber security capabilities for secure business services.
Through structured language and entity models, integration of systems and
processes enables automation that scale when unified holistically. Risk however is
something that also integrates human motive with machine applications. It relates
the management of source security data with traffic flow, asset criticality, asset
owners, controls, as well as policy and predicted representations. The management
of risk requires workflow design to manage decoupled governing practises and
third-party involvement. What risk highlights is the importance of human-machine
teaming, and it is the enhancement of that teamwork that is the focus of the case
example, which elaborates on how layered architecture and interoperating mesh
security solutions forms the basis of Red Piranha’s Consolidated Security Platform
and holistic adoption of Cyber Security Risk Management (CSRM). The novel
contribution of this paper is in outlining the adoption of CSRM within a
Consolidated Security Platform (CSP). Moreover, the novel contribution here is in
demonstrating how CSRM integrates multiple dimensions to leverage automation
when unified in a way that can task both workflow and dataflow for its own end.