What is your organization’s risk tolerance?
The process of determining risk tolerance can be a tricky one. However, there are specific steps that can be taken to determine risk tolerance and help secure your organization.
It’s not a case of one-size-fits-all; each organization needs a customized system. As Craig Shumard points out in this article, different organizations are motivated by different factors. For this reason, it is important that organizations establish a formal risk assumption model involving the CEO or Board of Directors.
After the risk has been identified, the next step is to determine who is authorized to make security risk decisions. In most cases, the best option is to have the CISO serve as the first line of defense. This means making sure that the CISO has the appropriate clearance and authority over security matters.
Original article by Craig Shumard.
Read the full story here.