Page 49: of Maritime Logistics Professional Magazine (Jul/Aug 2017)

48 50

effectively model and manage digital risk? Most reports on the risk management in your organisation (that subject suggest not. By way of a typical example, a couple of person could be a dedicated CRO but many years back the Brookings Institute looked at six U.S. port au- organisations are successful by increasing the thorities from a cybersecurity perspective and found that only role scope of the Quality Manager, Information one had conducted a digital vulnerability assessment and none Security Manager or COO); had a cyber incident response plan. “Indeed, of the $2.6 billion • Implement a group of employees to manage risk; allocated to the U.S. Port Security Grant Program – created in • Identify all your information assets; the wake of 9/11 to fund new congressionally mandated secu- • Identify the threats posed to each information asset; rity requirements at U.S. ports – to date, less than $6 million • Identify the consequences if each risk was to happen; has been awarded for cybersecurity projects.” (The Critical • Identify the controls you have in place (or are

Infrastructure Gap: U.S. Port Facilities and Vulnerabilities). planning to have in place) to mitigate threats • Agree the perspectives (e.g. likelihood, impact and

Recommendations associated scoring) of the risk matrix(es) you are

If your organization owns critical infrastructure or plant or going to use; equipment where deliberate sabotage would have Financial, • Agree the treatment plans for each band of risk scoring;

Infrastructural, Reputational, Market or Safety (FIRMS) conse- • Implement the controls.

quences, do you proactively manage this risk? The absolute es- sential, basic steps that every organisation must take in the face of the current level of global cybersecurity threat are as follows:

The Author Gordon McKeown • Implement ISO27001; • Include malicious digital attack in risk models is the Group Brand Manager at Ideagen. He is a software marketing professional with twenty for infrastructure; years’ experience in the industry.

• Take a risk-based approach to safety and security; • Appoint a person to overall responsibility for www.maritimelogisticsprofessional.com 49

I