Yiziphi Izinhlaka Zokulawulwa Kwengozi futhi Kungani Uzidinga?

Ukuthatha okhiye

I-Risk Management Framework isiza inhlangano yakho ukuthi ilungiselele izinkinga ezingase zibe khona

I-NIST Risk Management Framework iwuhlelo lukahulumeni wase-US lokudala izinqubomgomo zesikhungo ukunciphisa ubungozi

I-Risk Management Framework ivumelana nezimo futhi iyahlangana, futhi iyithuluzi eliwusizo lezinhlangano zazo zonke izinhlobo nosayizi.

Njengoba umhlaba uba inkimbinkimbi, kanjalo nezingozi ezingase zibe khona inhlangano engase ibhekane nazo. Amabhizinisi esimanje ancike kakhulu emhlabeni owenziwe ngedijithali, futhi abhekana nezingozi ezihlobene nengqalasizinda ye-IT, amaketanga okunikezela emhlabeni wonke kanye nezinselelo ezijwayelekile zendawo yezomnotho ehlala ishintsha. Phela, uma uhlelo luyinkimbinkimbi, kuba lula ukuthi lonke luhlehliswe. Yize singeke sikwazi ukuqeda zonke izingozi, izinsongo, nokucekelwa phansi kwempahla, kusafanele silawule isimo ngendlela esingakhona ngayo. Ukubeka amasistimu ukuze kuncishiswe izinhlobo ezahlukene zobungozi kubalulekile kumabhizinisi anoma yibuphi usayizi, okuyilapho uhlaka lokulawula ubungozi lusiza khona.

Kulesi sihloko, sizohlukanisa Izingxenye Ezi-5 Zokulawula Ubungozi, okuyindinganiso evamile yokwakha uhlaka lokulawula ubungozi olungasetshenziswa ezingozini ezihlukahlukene ezinhlanganweni ezahlukene. Ngemva kokuchaza uhlaka olujwayelekile, sizoxoxa ngohlaka lokulawulwa kwezingcuphe lwe-NIST ngokujulile futhi silusebenzise ezinhlelweni ezithile nezibonelo.

Yiziphi Izingxenye Ezi-5 Zokulawulwa Kwengozi?

1. Ubunikazi
2. Isilinganiso nokuhlola
3. Ukunciphisa umzimba
4. Ukubika kanye Nokuqapha
5. Ukubusa

Ukuhlonza ingozi

Okokuqala, udinga ukuchaza kabanzi ngobungozi bamanje nobungase bubhekane nenhlangano yakho. Kule ngxenye, ubuchopho buvunguza:

• Yiziphi izinsongo ezingase zilimaze inhlangano yakho?
• Yibuphi ubungozi obungase busetshenziswe ekuvikelekeni kwenhlangano yakho, izinqubo noma izinhlelo ze-IT?
• Angakanani amathuba okuthi usongo ngalunye lwenzeke?
• Lezi zinsongo zizoba namiphi imiphumela?

Ithiphu: Ukuhlaziywa kwe-SWOT ingasiza ekuboneni ubuthakathaka bangaphakathi nezinsongo zangaphandle.

Isilinganiso sobungozi kanye nokuhlola

Engxenyeni yesibili yohlaka lokulawula ubungozi, uzodala iphrofayela yengcuphe ngayinye oyitholile. Ungakala lezi zingozi ngezindlela ezimbalwa, kuye ngenhlangano yakho kanye nemboni. Ngokwesibonelo, ukuhlakanipha kokuncintisana ingakusiza ukuthi uhlole ubungozi obuhambisana nabaqhubi abaqhudelanayo. Kungenjalo, uhlaka lwenkampani yangaphandle lokulawula ubungozi lungalinganisa ukuthi yimalini engalahleka, kuyilapho uhlaka lwengozi ye-cybersecurity lungalinganisa izindleko zamathuba okushintsha isistimu yokuphepha yamanje uma kuqhathaniswa nokuyithuthukisa.

Uma usuwaqedile amaphrofayli engcuphe, wafake ohlwini ukusuka kokuncane ukuya kokusongela okukhulu. Khumbula ukuthi ubungozi buyashintsha njengoba inhlangano nendawo yokusebenza kwayo ishintsha, ngakho-ke uzodinga ukuphinda lesi sinyathelo ngezikhathi ezithile.

Ukunciphisa ingozi

Ngohlu olulinganiselwe lwamaphrofayili engcuphe, inhlangano yakho ingacabangela indlela yokunciphisa ubungozi obukhulu, futhi ifunde ukubekezelela amazinga aphansi. Isibonelo, inhlangano eyakha uhlaka lokulawulwa kochungechunge lokuhlinzekwa kwempahla ingagxila ekunciphiseni noma yiziphi izingozi ezingaba khona ngomhlinzeki wayo omkhulu, ngisho noma idinga ukuchitha isikhathi esincane kwabanye abahlinzeki bayo.

Ukubika nokuqapha ngobungozi

Ingxenye yesine ye-RMF idinga ukubika njalo ngezinyathelo zobungozi. Le ngxenye ivumela inhlangano yakho ukuthi igcine izinga eliphezulu lobungozi futhi iqinisekise ukuthi amasu okunciphisa acatshangelwa engxenyeni yesithathu asabalulekile futhi ayasebenza.

Ukulawulwa kobungozi

Ingxenye yokugcina ohlakeni lokulawulwa kobungozi inqubo yokubusa. Ngamanye amazwi, izinhlangano zidinga ukwakha uhlelo olusemthethweni abasebenzi abalusebenzisa njalo ukuqinisekisa ukuthi ubungozi bulawulwa ngendlela efanele.

Iyini i-NIST Risk Management Framework?

The I-Risk Management Framework (RMF) ekuqaleni yadalwa amasosha ase-United States ukuqinisekisa ukuthi izinhlelo zolwazi olubucayi kuhulumeni wobumbano zivikelekile futhi zigcinwa ngokuphephile. Njengamanje, iNational Institute of Standards and Technology (UNYAZI) uphethe Uhlaka Lokulawulwa Kwengozi. I-NIST ibuyekeza uhlaka ukuze luhambisane nenqubekelaphambili yezobuchwepheshe kanye nobunzima obandayo bomhlaba wesimanje.

Nakuba i-RMF ekuqaleni yadalelwa uhulumeni wobumbano ukuthi abhekane nezinhlelo zobuchwepheshe bolwazi, iyithuluzi eliwusizo elingasetshenziswa ezinhlotsheni ezihlukene zobungozi ezinhlanganweni ezisembonini yangasese. Ngakho-ke, isebenza kanjani i-RMF?

Uhlaka lokulawulwa kwezinhlekelele lwe-NIST lwakhiwe izinyathelo eziyisikhombisa. Lezi zinyathelo zakha uhlelo olusebenzayo, lwesikhungo olunganciphisa ngempumelelo ubungozi benhlangano. Ake sidlule kuzo zonke.

Yiziphi izinyathelo ze-7 Risk Management Framework?

1. Lungiselela
2. Faka ngokwezigaba
3. Khetha
4. Qalisa
5. Hlaziya
6. Vumela
7. Gada

Lungiselela

Ukulungiselela iwumgogodla wenethiwekhi exhumene eyenza uhlaka lokulawula ubungozi. Lesi sinyathelo senza inhlangano yakho ilungele ukusebenzisa isu elisemthethweni ngokuhlonza ubungozi, ukusungula ukubekezelela ubungozi kanye nokwabela abasebenzi izindima.

Nakuba ukulungiselela kuyisinyathelo sokuqala, ungakuphinda kuzo zonke izigaba zenqubo. Uma okuthile kushintsha, noma uqaphela ukuthi ukucabangela kwakho bekungalungile, ungase ukuthole kuwusizo ukubuyela ekuxoxisaneni.

Ungasebenzisa ingxenye ye-Identification ukuze ubeke izingozi ezingaba khona, izinsongo kanye nokuba sengozini futhi uqale ukwenza le mibono ibe semthethweni isu lokulawula ubungozi.

Faka ngokwezigaba

Ukuhlukaniswa kwemikhakha ifana nakho kokubili ukulinganisa nokuqapha kanye nezingxenye zokunciphisa, kodwa isemthethweni kakhulu kunokumane iveze ubungozi obuhlukene. Kulesi sinyathelo, uzokala ubungozi ngokusemthethweni ukusuka kokuncane kuye kwezinkulu futhi ukusuka kokuncane kuye kokubaluleke kakhulu. Lesi sakhiwo sibe sesisetshenziselwa ukudala izinqubomgomo zokunciphisa ubungozi benhlangano.

Khetha

Kulesi sinyathelo senqubo, wena khetha izixazululo noma izinqubomgomo ezidingekayo ukuze kuvinjwe noma kuncishiswe ubungozi obuhlonziwe ngaphambilini. Lezi zixazululo zizobukeka zihlukile kusuka enhlanganweni eyodwa kuya kwenye. Uhlaka lokulawulwa kobungozi bebhizinisi lungase lubeke izixazululo zokuvimbela ukuntshontshwa kwempahla yengqondo, kanti uhlaka lokulawulwa kobungozi be-cybersecurity luzohlinzeka ngezinyathelo zokuqinisa i-firewall yamanethiwekhi.

Qalisa

Isinyathelo esilandelayo uku sebenzisa izixazululo ozikhethile. Lena ingxenye yohlaka lokulawula ubungozi lapho uphendula khona imicabango yakho ibe yizenzo. Qinisekisa ukubhala inqubo nezinqubo ukuze izixazululo ezikhethiwe zibe izinqubomgomo zenhlangano ezisemthethweni.

Hlaziya

Kulesi sigaba sohlaka lokulawulwa kobungozi, wena hlola ukuqaliswa kwezixazululo zakho zokulawula ubungozi. Inhloso yalesi sinyathelo ukuqinisekisa ukuthi izixazululo zenziwe ngendlela efanele, futhi, okubaluleke nakakhulu, uma zenze imiphumela oyifunayo. Uma kungenjalo, uzodinga ukubhekana nanoma yibuphi ubuthakathaka ekulawuleni ubungozi.

Vumela

In the ukugunyazwa isinyathelo, uzonikeza isikhulu noma ilungu eliphezulu lenhlangano isifinyezo sohlelo kanye nokuhlola ukuze uthole imvume yabo esemthethweni yokuthi uhlelo lusebenza ngendlela ehlosiwe. Ukwengeza, amalungu aphezulu kufanele aqinisekise ukuthi uhlaka lokulawula ubungozi luyahambisana nemithetho nezinqubomgomo zenhlangano.

Gada

Isinyathelo sokugcina sohlaka lokulawula ubungozi, njengesinyathelo sokuLungiselela, singenzeka noma kunini. Inhlangano yakho kufanele ngokuqhubekayo Ukuqapha izinhlelo ezibekiwe ukuze kuqinisekiswe ukuthi zisabalulekile, ziyasebenza futhi zisebenza njengoba kuhlosiwe. Uma kukhona ukungabaza noma ukucatshangelwa okusha, labo abaphethe ukugcinwa kohlaka lokulawulwa kobungozi kufanele babuyele esinyathelweni sokulungiselela.

Singayisebenzisa kanjani i-NIST RMF Yokuphathwa Kwengozi Yebhizinisi?

I-NIST Risk Management Framework iyithuluzi elihle lokulawula ubungozi bebhizinisi (ERM), njengoba i-ERM ibhekene nokunciphisa ubungozi ezingeni lenhlangano. I-ERM nayo ingaba yisinyathelo esibalulekile ukuhlela amasu njengoba noma yiziphi izinqumo ezithathwayo kufanele zicabangele izidingo zefemu yonke hhayi nje izingxenye zomuntu ngamunye zenhlangano. I-NIST RMF iqinisekisa ukuthi yonke inhlangano iyacatshangelwa, futhi inikeza imodeli yokudala izinqubomgomo neziqondiso zezinga lesikhungo.

Ukusebenzisa ingxenye Yokuhlonza phakathi nesinyathelo SokuLungiselela kuvumela inhlangano yakho ukuthi igxile kuzo zombili izingozi zangaphakathi nezangaphandle. Ubungozi bangaphakathi kungaba wuhlelo lolwazi oluphelelwe yisikhathi oluthinta umnyango owodwa kuphela. Ingozi yangaphandle inkinga evamile engase ithinte inhlangano iyonke, kanye nezinhlaka zangaphakathi zeminyango eyahlukene.

Ngaphezu kwalokho, ezingeni langaphandle, ubungozi bungasebenza ezingxenyeni ezihlukahlukene zebhizinisi ngezindlela ezahlukene. Isibonelo, ukuguqulwa kwezibalo zabantu kudala ubungozi obuhlukile bomnyango wezokuthengisa nokuthengisa kunomnyango wezezimali. Ngokufanayo, ukungeza Ucwaningo Lwezimboni engxenyeni yokuhlonza yohlaka lwengozi lwe-NIST yenza i Ukuhlaziya Ubungozi ngempumelelo kakhudlwana. Uma unolwazi olwengeziwe, izinqumo ezingcono ongazithatha. Uma izici zezibalo noma zezomnotho zishintsha, ukusebenzisa ucwaningo olujulile lwemboni kuzosiza ukuxhumanisa amaqiniso asheshayo nawo wonke amathrendi embonini.

Ingasetshenziswa kanjani i-RMF ekulawuleni ubungozi benkampani yangaphandle?

I-Third-Party Risk Management (TPRM) ifuna ukunciphisa ubungozi obuhlobene nezinhlangano zangaphandle ezifana nabathengisi, abahlinzeki kanye nosonkontileka. Ububanzi obugcwele be-NIST RMF bungasiza ekunciphiseni lolu hlobo lobungozi. Izinto eziningi zingaphandle kolawulo lwenhlangano yakho lapho usebenza nezinkampani zangaphandle, ngakho-ke ukulawula lezo ongakwazi ukuzilawula kubalulekile. Kulapho uhlaka oluphelele lokulawulwa kwezinhlekelele lubalulekile.

Uma inhlangano yakho incike kakhulu kumphakeli, ubhekana nezingozi ezinkulu uma engakwazi ukulandela. Ukuqaphela izingxenye zokunciphisa nokubika nokuqapha kubalulekile, njengoba inhlangano yakho idinga ukuba ilungele noma yiziphi izinguquko ezingalindelekile ukuze kuncishiswe ubungozi bomuntu wesithathu.

Uhlaka lokulawulwa kwezinhlekelele lwe-NIST luwusizo ekudaleni nasekusimamiseni izinqubomgomo zenhlangano yokulawula ubungozi. Izinqubo zenhlangano ezenziwa ngokusemthethweni futhi ezenziwe isimiso zinciphisa ukungaqiniseki, okusiza kakhulu ku-TPRM.

Isebenza kanjani i-RMF ku-Cyber ​​Security Risk Management?

Njengoba izikhungo eziningi zenza imisebenzi endaweni yedijithali, izinhlangano zinesidingo esikhula njalo sokuvikeleka ku-inthanethi. Izinhlangano zabo bonke osayizi, kusukela ekhoneni lesitolo se-bodega kuya enkampanini ye-Fortune 500, zidinga uhlaka oluqinile lokulawula ubungozi bokuphepha ku-inthanethi.

Izinhlobo eziningi zobungozi bokuphepha ku-inthanethi zikhona futhi zingahluka kuye ngenhlangano iye kwenye. Ukuhluleka kwesistimu kuyingozi enkulu, futhi leyo esebenza kuzo zonke izinhlobo zezinhlangano. Ukuqapha nokwenza ukuhlola okungaguquki kunciphisa amathuba okuhluleka kwesistimu. I-NIST RMF iyithuluzi elihle lokunciphisa ubungozi bokwehluleka okubanzi kwesistimu yamanethiwekhi olwazi.

Imicabango yokugcina

Awukwazi ukwenza imisebenzi yakho ikhululeke, kodwa kunezindaba ezinhle: inhlangano yakho ingenza lukhulu ukunciphisa ubungozi. Uhlaka oluqinile lokulawula ubungozi, njenge-NIST RMF, luyavumelana nezimo futhi luhlangene, futhi luyithuluzi eliwusizo lezinhlangano zazo zonke izinhlobo nosayizi.

Umthombo ovela I-IBISWorld

Umshwana wokuzihlangula: Ulwazi olubekwe ngenhla luhlinzekwa yi-IBISWorld ngaphandle kwe-Chovm.com. I-Chovm.com ayenzi izethulo namawaranti mayelana nekhwalithi nokuthembeka komdayisi nemikhiqizo.