2. Assess the risk: Once an organisation has identified its own cyber risk areas, an analysing of the relevant risks covering all relevant areas of operation should be done to determine the appropriate response. Risk assessment will also include risk evaluation, which is assessing the likely hood of the risk occurring and costing the risks. Risk assessment should then provide a platform for a cyber-security framework and sustainable strategy.

Just like any type of risk, organisations need to make decisions around which cyber risks to avoid, accept, control or transfer.
Organisational Roles and Responsibilities for Cyber risk Management
For a successful Cyber risk Management framework, there should be clearly delineated organisational roles
1. Cybercrime Prevention: In general preventive controls must attempt to prevent or deter undesirable acts from occurring. They are proactive controls, designed to prevent a loss, error, or omission. For example physical security and controlled access to organisation serve and individual computers, restricting access to sensitive Information so that it accessed by limited and authorised individuals. This can be done by password protection at every level for entry into computer systems.
There are two main elements to cybercrime prevention which an organisation should have in place
a) A sound ethical culture: An organisation has to instil ethical culture by periodically training employees to make security their watchword. All organisation employees should be educated and made aware of Cyber security policy and apply on their day –to-day work. With all employees knowing and applying the Do’s and Don’ts of cyber security this serves as the first layer of defence against
Internal controls typically deal with approval and authorisation processes, access restrictions, transaction controls, account reconciliations and physical security. These procedures often include the division of responsibilities, and checks and balances to reduce risk. Cyber-security policies and procedures should be documented, communicated to the users and most imported should not be a hindrance to achieving the objective of the entity but an enhancer.
Cybercrime detection: Detective controls must attempt to detect undesirable acts that have occurred. These controls monitor and provide information on what went wrong. The detection controls provide evidence after-the-fact that a loss or error has occurred, but do not prevent them from occurring. Regular supervision and monitoring of the organisation ICT is important. For example organisations can install intrusion detection tools which will notify you immediately once your system is