This workshop took place at ITU Headquarters (ITU Montbrillant building, Room H) in Geneva, Switzerland on
Thursday, 26 January 2017, from
14:30- 17:30 in conjunction with the
ITU-D Study Group 2 Rapporteur Group meetings, and will preceed the
ITU-D Study Group 2 Question 3/2 (Securing information and communication networks: Best practices for developing a culture of cybersecurity) meeting.
In many ways, cybersecurity is about risk management. A key element of risk management is the assessment of risk. For the cyber domain, and despite much scientific and technical work in this area, assessing risks remains an art, particularly at the highest levels. This is due to the very complex nature of cyberspace, the difficulty in assessing vulnerabilities in very large “systems” composed of continually-evolving technology and human processes, the difficulty in assessing the value of digital assets and reputation, and the dynamic nature of cyber threats.
Objective of the workshop
This workshop brought together world experts who shared their knowledge and experience on the practical assessment of cyber risks at the national level, in large organizations, and in critical infrastructure sectors. The workshop also discussed supply chain risks and role of standards for managing cyber risks in organizations.