Increasing the Frequency of Risk Assessments
Time to ramp up your risk assessment!
When it comes to IT risk assessment, frequency is just as important as the actual assessment. While HIPAA and other compliance mandates only require annual assessments, some experts say this is not enough for most organizations.
Director of risk and advisory services for Neohapsis, Gary Alterson, suggests moving to at least a quarterly assessment schedule. “Given the rapidly changing threat environment and how fast IT moves, I recommend that risk assessments be refreshed and reviewed at least quarterly, if not monthly,”
In order to be able to keep up with the increase in assessments, organizations need to rethink their approach to the process.
“A better approach is to make risk assessments more of a life cycle and process within the organization. Perform assessments continuously throughout the year,” says Jim Mapes, chief security officer at BestIT.
Organizations need to build time and resources into the IT lifecycle. Here are some tips to starting:
- Track. Start a daily tracking of risk factors.
- Prioritize. Focus on what matters most, the most risk-adverse data.
- Mitigate. Don’t just assess risk, work towards mitigating it throughout the IT lifecycle.
Original article by Ericka Chickowski.
Read the full story here.
A Webinar Back by popular demand! Based on what Dan is finding in reviews of several
While we’re not a news service, we often use current events to comment on trends and
Welcome IBA Forum attendees! Looking to set up your own program for people to work fr
A short. This presentation is intended for those who are planning to participate in a
An Update to the FFIEC Outsourced Cloud Computing Document In April 2020, the FFIEC r