International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 7 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

A technical risk assessment of COVID-19

What if we thought of the COVID-19 pandemic like malware? Javvad Malik, security awareness advocate at KnowBe4, performs a technical risk assessment

by Beth Smith
April 1, 2020
in Featured, Guru's Picks
A technical risk assessment of COVID-19
Share on FacebookShare on Twitter

There’s a lot of information and misinformation out there surrounding COVID-19, aka the Coronavirus.

 

It dawned on me that writing risks is literally one of the fundamental skills of an information / IT / Cyber security professional. So why not try to make sense of the whole pandemic by thinking of it like malware.

 

This involves a two-step process, first write out the risk in understandable terms, and secondly, create a usable and understandable risk matrix.

 

Step 1: Documenting the risk

I have previously posted a blog on writing better risk statements. The process involved structuring the message – for that I used the journalistic trope called the Inverted Pyramid. It structures information in a way that prioritises the facts from most to least important.

 

 

The headline

There is a new disease called Coronavirus, also known as COVID-19. It’s a viral disease that can affect the lungs and airways of systems (humans)

 

Adding Detail

This disease can impact breathing and heart. It is particularly potent against legacy systems (people over 70) and unpatched vulnerable systems (those with underlying health issues).

 

100% of systems (humans) have lungs and a heart and are affected in some form or another by viruses such as influenza and the common cold.

 

Contextualize

It is expected that 80% of the population will come into contact with the virus. For young and healthy systems (humans), the symptoms may be unnoticeable or mild, with only small performance degradation. However, they can pass on the virus to other vulnerable systems (humans).

 

Call to action

There is no vaccine or cure to COVID-19 at present. But measures should be taken to reduce the likelihood of catching and spreading the virus. These can be distilled into three actions

  • Better hygiene: Washing hands frequently like your mother taught you, covering your mouth when sneezing or coughing.
  • Social distancing: Something introverts are exceptionally good at and what many women wish more men were good at.
  • Isolation: Netflix and chill, only by yourself. Sorry.

 

 

Step 2: The risk matrix

Now that we have the risk documented, we need a matrix to help visualize the risk. For this I turned to my long-time friend and former CISO Thom Langford, with whom I collaborated with previously to formulate the Malik-Langford risk model.

 

Taking that model, we put our heads together and updated it to the COVID-19 special risk model v3.0

Risk Management Model COVID-19

And there you have it, a risk statement and matrix to help you make sense of COVID-19. Hope you all stay safe and healthy. Look after each other!

Share4Tweet
Previous Post

135 Million Records Leaked by Backup Company

Next Post

Securing Your Remote Workforce

Recent News

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

Mike Winston on Why Jet.AI Shifted From Aviation to AI Infrastructure

July 7, 2026
George Murnane’s One-Question Test for Real AI

George Murnane’s One-Question Test for Real AI

July 7, 2026
Registration Now Open for International Cyber Expo 2026

Registration Now Open for International Cyber Expo 2026

July 7, 2026
Forescout

Forescout recognised by NATO for cybersecurity capabilities across IT and OT environments

July 7, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol