Over the past few weeks, we’ve talked quite a bit about risk:

• What it is.
• How it applies to compliance.
• How you can start to think about it as an aspect of your overall business strategy. 

In many of the cases we’ve discussed, we’ve referred to risk in terms of mitigation–how to close the gap between your security capabilities and potential threats in the wild. 

But what’s critical to understand about risk is that it is just as much about how much risk you want to take on as you want to remove. And, when discussing potential risks concerning business goals, you must consider your risk appetite statement. 

Read More

We started our series on risk management a few weeks ago by introducing the concept of risk. One of the general stereotypes about risk is that it lacks some discreteness of security compliance–it doesn’t lend itself to checklists or paint-by-numbers approaches. This is, overall, a good thing, but can prove challenging for enterprises not ready for it. 

Here, we wanted to discuss something that many don’t associate with risk management–visualization and analytics. While risk is a human-driven process overall, decision-makers would do well with a set of easily digestible information to help foreground risk as a measurable process.

Read More

We’ve previously discussed the importance of risk management, and the challenges that come from approaching risk through large-scale frameworks. According to an abstract framework, many organizations aren’t necessarily equipped to mobilize far-ranging risk assessments. 

Here, we’ll discuss a compromise to combine the best of both worlds: standards-based risk management.

Read More