Determining Your Risk Tolerance
What is your organization’s risk tolerance?
The process of determining risk tolerance can be a tricky one. However, there are specific steps that can be taken to determine risk tolerance and help secure your organization.
It’s not a case of one-size-fits-all; each organization needs a customized system. As Craig Shumard points out in this article, different organizations are motivated by different factors. For this reason, it is important that organizations establish a formal risk assumption model involving the CEO or Board of Directors.
After the risk has been identified, the next step is to determine who is authorized to make security risk decisions. In most cases, the best option is to have the CISO serve as the first line of defense. This means making sure that the CISO has the appropriate clearance and authority over security matters.
Original article by Craig Shumard.
Read the full story here.
Leave a comment
Some small organizations continue to use customer data to generate initial passwords, Read more
Another awareness poster for YOUR customers (and users). Now that we have our own em Read more
Risk isn’t the only thing to consider when planning a decision tree. Another one of t Read more
While we’re not a news service, we often use current events to comment on trends and Read more