Threat management is a framework used by organizations to manage the life cycle of a threat to identify and respond to it with speed and accuracy. Threat management is comprised of five functions: Identify, protect, detect, respond, and recover:
- 1. Identify – Encompasses various areas, including asset management, business environment, governance, risk assessment, risk management strategy, and supply chain risk management.
- 2. Protect – Encompasses technological and physical security controls necessary for creating and executing suitable safeguards and safeguarding critical infrastructure. This includes identity and access management and access controls, awareness and education, information protection processes and procedures, data security, and maintenance and protective technology.
- 3. Detect – Process of alerting an organization about cyberattacks. Anomalies and occurrences, continuous security monitoring, and early detection methods are all examples of detect categories.
- 4. Respond – The procedures and processes that an organization executes to respond appropriately to cyber-attacks and other incidents.
- 5. Recover – Implementation plans for cyber resilience and business continuity in the event of a cyberattack, security breach, or another cybersecurity event. The recovery functions are recovery planning, improvements, and communications.
Threat management employs a range of techniques which can include, artificial intelligence, behavioral analysis, prediction tools, IoT modules, and others to ensure data integrity to protect security systems.
Our Guide to Risk Domains introduces and defines other critical and current risk domains – download here.