Determining Your Risk Tolerance
What is your organization’s risk tolerance?
The process of determining risk tolerance can be a tricky one. However, there are specific steps that can be taken to determine risk tolerance and help secure your organization.
It’s not a case of one-size-fits-all; each organization needs a customized system. As Craig Shumard points out in this article, different organizations are motivated by different factors. For this reason, it is important that organizations establish a formal risk assumption model involving the CEO or Board of Directors.
After the risk has been identified, the next step is to determine who is authorized to make security risk decisions. In most cases, the best option is to have the CISO serve as the first line of defense. This means making sure that the CISO has the appropriate clearance and authority over security matters.
Original article by Craig Shumard.
Read the full story here.
Leave a comment
Voice assistants can be helpful, but their “always on” functionality can leave you vu Read more
Previously thought to be designed to deliver a DDoS attack, VPNFilter can alter data Read more
Getting a message to the user is one thing, having them see it is another… An article Read more
US Cyber Command joins with the FS-ISAC to share threat intelligence… An article revi Read more