risk management

7 STEPS TO A GRC RISK MANAGEMENT FRAMEWORK—4: EVALUATE RISK TREATMENTS

This week, we continue our journey through the seven steps you can follow to build a risk management framework for information. We’ve already looked at how to identify important information that may be at risk in your organization, where to find the information and how to assess the risk it presents within its business context.…

7 STEPS TO A GRC RISK MANAGEMENT FRAMEWORK—3: ASSESS RISK

In the last couple of weeks, we’ve been talking in this space about the seven steps to building a risk management framework for information, starting with the first step of identifying information that needs to be protected and then going on to the second step, which is determining where that information exists inside your organization…

7 STEPS TO A GRC RISK MANAGEMENT FRAMEWORK—2: LOCATE DATA

In our first post on the seven steps to building a GRC-based risk management framework for information, we talked about step 1: identifying information that is important enough to warrant protection. Once you’ve identified information important enough to be protected, within its business context, you can move on to determining whether you actually have any…

7 STEPS TO A GRC RISK MANAGEMENT FRAMEWORK—1: IDENTIFY INFORMATION

Managing information risk can be a paralyzing challenge, given the amount of data and information that comes pouring in daily. It’s hard to know what information needs to be protected, let alone the most effective way to do it. RSA has developed a practical seven-step methodology for building a risk management framework for information. Derived…

Swinging for the Fences

Did you know only approximately one in 200, or about 0.5%, of high school senior boys playing interscholastic baseball will eventually be drafted by an MLB team?  That includes all levels of professional baseball.  Only a small percentage of players drafted actually make it to the Major Leagues.   The competition to make it to the…

Completing the Puzzle

In a previous blog I reviewed the real world pay back for being a risk leader.  Let’s say your company gets it, they know that good risk management increases the likelihood objectives will be fulfilled and profits improved, and now you’ve been given the assignment to start the risk management program to make your organization a…

Defining Your Cyber Risk Appetite

When a senior executive tells the board he or she wants to discuss the company’s risk appetite, usually the board’s interest is piqued. After all, understanding an organization’s risk appetite is critical to the decisions the board makes. So why should defining a company’s cyber risk appetite be so difficult? A CISO’s role is to…

Capture the Prize

Risk is the effect of uncertainty on objectives.  Managing risk well increases the certainty that objectives will be achieved.  Not surprisingly, organizations leading in risk management “capture the prize”.  According to a PWC Risk Review, organizations more frequently achieve their objectives, are more profitable and less likely to experience a negative profit margin than those…

The Business Value of RSA Archer

Implementing an effective governance, risk, and compliance program can be a costly and time-consuming effort: Hardware, software, and the active engagement of a lot of people in the first, second and third lines of defense.  Before implementing a program, and periodically throughout the life of the program, the question always arises from senior management: Is…

Resiliency and Risk Management

I’m glad the world didn’t end during DRJ Spring World 2017 conference as more than 1,000 of the world’s business continuity and disaster recovery specialists were there! It was a great conference and I had the pleasure of presenting on building resiliency across the organization’s value chain, and the key relationship between business resiliency and…