Cybersecurity Fundamentals 11
Pravin Bhatiya
Risk, Readiness & Your Cybersecurity Career Roadmap
Part 11 : Risk Management in Cybersecurity — How Pros Think Like Defenders
Cybersecurity isn’t just about blocking attacks — it’s about identifying, analyzing, and managing risk.
What is Risk in Cybersecurity?
Risk = Threat × Vulnerability × Impact
Even a small threat becomes dangerous if you have a big vulnerability and high impact.
"Socho tumhara Wi-Fi password ‘12345678’ hai… aur koi hacker ne try kiya — toh risk bahut high hai."
Example:
Threat: Ransomware attack
Vulnerability: No backup or patching
Impact: Company shutdown, ₹20 lakh loss
Risk Management Process:
Identify assets and threats
Assess vulnerabilities
Evaluate potential impact
Mitigate with controls (patches, firewalls, policies)
Monitor continuously (SOC, alerts, audits)
Types of Risk Controls:
Preventive (firewalls, access controls)
Detective (IDS, SIEM logs)
Corrective (incident response plans)
Compensating (backups, insurance)
Career Link:
In roles like:
GRC Analyst
Risk & Compliance Officer
Cybersecurity Manager
...you’ll be expected to analyze risks and suggest security controls for real-world systems.
Pro Tip: Learn ISO 27001, NIST CSF, and risk assessment tools like FAIR model.
Subscribe to my newsletter
Read articles from Pravin Bhatiya directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by