Cyber Security is the result of understanding risks and threats and taking the appropriate actions.
Cybersecurity evolves around risk management. We must however add that cybersecurity evolves around a constantly evolving risk management, that is based on the understanding and acceptance that risk identification and mitigation are based on a moment in time and the best possible knowledge at that moment in time. Where some risk mitigation plans might stand the test of time for several years, this is not and will never be the case for cybersecurity and cyber risk management.
It is essential that the risk and threat landscape is regularly evaluated and the risk mitigation plans are updated accordingly. One simply can not mitigate all potential threats with a single iteration of mitigation, especially not when these threats continue to evolve and get more advanced. We only manage the risks we identified! As a rule of thumb we can say that a cyber risk mitigation plan which is 12 months old is already outdated and should be reviewed. Experts advise to review the cyber risk mitigation plan every 6 months the latest.
Dr. ir Johannes Drooghaag