DDoS and Downtime: Considerations for Risk Management

10 April 2013

As critical business functions become increasingly dependent on the availability of it resources, chief financial officers (cfos), chief risk officers (cros) and other senior executives are beginning to re-assess whether their organization’s risk management strategy adequately addresses the threat of network, application or service downtime.

Given the complexity of the risk management framework, it is beyond the scope of this paper to address all the details of DDoS risk assessment and prioritization, or to suggest a cyber risk management plan. Rather, the purpose of this paper is to start a conversation about the often overlooked risk of downtime caused by DDoS attacks and to provide sufficient context for risk managers to account for the DDoS threat as they evaluate threats to their day-to-day operations and long-term mission.

* * * * -