AWS prescriptive-guidance documentation change
Summary
Updated navigation links, added 'and customer trust' to benefits section, fixed apostrophes in contractions, restructured a bullet point into a paragraph, and changed heading from 'Changing risk language' to 'Changing cybersecurity risk language'.
Security assessment
Changes are editorial improvements and content restructuring without addressing specific vulnerabilities. The added 'customer trust' reference enhances business value messaging but doesn't introduce new security controls or address exploits.
Diff
diff --git a/prescriptive-guidance/latest/strategy-cybersecurity-positive-risk/benefits.md b/prescriptive-guidance/latest/strategy-cybersecurity-positive-risk/benefits.md index b02b99fff..fd7deec0e 100644 --- a//prescriptive-guidance/latest/strategy-cybersecurity-positive-risk/benefits.md +++ b//prescriptive-guidance/latest/strategy-cybersecurity-positive-risk/benefits.md @@ -5 +5 @@ -[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Positive risk within cybersecurity](welcome.html) +[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Positive risk within cybersecurity](introduction.html) @@ -7 +7 @@ -Promoting positive outcomesIncreasing security posture +Promoting positive outcomesIncreasing security posture and customer trust @@ -11 +11 @@ Promoting positive outcomesIncreasing security posture -Especially in an industry such as cybersecurity, which is focused on protecting the business from potential loss, it’s easy to frame risk from a negative perspective. Reframing cybersecurity risks based on their potential gains can benefit the business by promoting positive outcomes, increasing the security posture of the organization, and increasing customer trust. +Especially in an industry such as cybersecurity, which is focused on protecting the business from potential loss, it's easy to frame risk from a negative perspective. Reframing cybersecurity risks based on their potential gains can benefit the business by promoting positive outcomes, increasing the security posture of the organization, and increasing customer trust. @@ -28 +28 @@ When cybersecurity executives integrate positive risk into conversations and rep -For example, let’s say a business had a data breach several years ago, and the data breach was caused by a lack of a patch management process. The incident is still brought up by the media, and it affects customers’ perceptions of and interactions with the company. The business wants to move past the incident and expand their services offerings, but customer trust is blocking sales. Cybersecurity uses positive risk to convince leadership to invest in a patch management process that continually updates applications. The new process dramatically reduces the risk of a data breach, improving the security posture of the company. News of the up-to-the-minute patch management process reaches the media and potential customers. Customers now feel comfortable buying from the business, and sales increase to an impressive level. +For example, let's say a business had a data breach several years ago, and the data breach was caused by a lack of a patch management process. The incident is still brought up by the media, and it affects customers' perceptions of and interactions with the company. The business wants to move past the incident and expand their services offerings, but customer trust is blocking sales. Cybersecurity uses positive risk to convince leadership to invest in a patch management process that continually updates applications. The new process dramatically reduces the risk of a data breach, improving the security posture of the company. News of the up-to-the-minute patch management process reaches the media and potential customers. Customers now feel comfortable buying from the business, and sales increase to an impressive level. @@ -36 +36 @@ Cybersecurity is integral to the security posture of the business. Data breaches -As discussed in Promoting positive outcomes, research shows that executive leadership understands the negative risks associated with cybersecurity but frequently doesn’t understand the positive risk, or business value. However, research shows that leadership within cybersecurity understands how a strong security posture can benefit the organization. +As discussed in Promoting positive outcomes, research shows that executive leadership understands the negative risks associated with cybersecurity but frequently doesn't understand the positive risk, or business value. However, research shows that leadership within cybersecurity understands how a strong security posture can benefit the organization. @@ -50 +49,0 @@ In [Cyber Security Research: The Innovation Accelerator](https://www.vodafone.co - * Instead of using potential negative outcomes when communicating with executive leadership, you can also use positive risk to communicate the business value of improving customer trust. Executives can be cautious when funding programs. In some cases, cybersecurity gets the bare minimum needed to operate. Internally communicating positive risks in funding requests can help your leadership understand the business value of cybersecurity. This can result in increased funding for cybersecurity initiatives and drive revenue for the business. @@ -53,0 +53 @@ In [Cyber Security Research: The Innovation Accelerator](https://www.vodafone.co +Instead of using potential negative outcomes when communicating with executive leadership, you can also use positive risk to communicate the business value of improving customer trust. Executives can be cautious when funding programs. In some cases, cybersecurity gets the bare minimum needed to operate. Internally communicating positive risks in funding requests can help your leadership understand the business value of cybersecurity. This can result in increased funding for cybersecurity initiatives and drive revenue for the business. @@ -63 +63 @@ Introduction -Changing risk language +Changing cybersecurity risk language