Search
Homepage Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs Cisco Partner Summit Digital 2020 Lenovo Tech World Newsroom Dell Technologies World Digital Experience 2020 HPE Zone Masergy Zenith Partner Program Newsroom Dell Technologies Newsroom Fortinet Secure Network Hub Hitachi Vantara Digital Newsroom IBM Newsroom Juniper Newsroom The IoT Integrator Lenovo Channel-First NetApp Data Fabric Intel Tech Provider Zone

The 10 Most Important Things A Company Needs In Its Risk Management Plan

Risk management has often focused too narrowly on just the IT department, failing to account for risks associated with business processes in other areas. Here's a look at what every company needs to have in their plan.

Back 1 ... 8   9   10   11   Next
photo

Put Risks In Financial Terms

Organizations should look to mature their risk management approach to make it easier to assess true business impact, according to RSA's Schlarman. Companies often start by rating the risk associated with each component either green, yellow or red, and while a traffic light system is easy to understand, organizations struggle to decide which of the red-rated issues is the most important.

Next, organizations will move to a cyber-scoring system, which Schlarman said makes it possible for companies to base their decision off the relative impact of the issue, but it still doesn't really achieve business understanding. The final step, Schlarman said, is putting each risk in financial terms by measuring the company's potential loss exposure.

Companies can often look at past loss events to inform what dollar amount should be associated with their risk exposure, Schlarman said. If there's not enough data to undertake a historical approach, Schlarman said walking through different risk scenarios, Monte Carlo simulations, or the Factor Analysis of Information Risk (FAIR) methodology can help companies generate a specific loss exposure figure.

 
 
Back 1 ... 8   9   10   11   Next

sponsored resources