It is important that all considerable changes in technological risks are included in the risk mapping. New risks related to major shifts in technology such as the use of artificial intelligence, quantum computing, etc. should also be considered. Similarly, risks that are related to the growing use of existing technologies such as cloud computing and IoT should also be considered in the risk landscape.
Monitoring cyberthreats provides critical information on changing conditions that could potentially affect the ability of organizations to conduct core missions and business functions. Information derived from the ongoing monitoring of risk factors can be used to refresh risk assessments at whatever frequency deemed appropriate.
Monitoring of cyber threats is a continuously ongoing activity. The responsibility of cyber threat monitoring should be assigned to appropriate employees. For monitoring, there are numerous sources to obtain information of the latest cyber threats – mailing lists, CERT Tonga regular notifications/advisories, other CERTs’ advisories, vendor notifications/advisories and security news feeds. Once relevant new cyber threats have been identified, the applicability of advisories in the organization should be assessed and timely corrective actions should be planned and executed.