What it comes down to is risk

By

Any good information security program should always relate to the business case and its tolerance for risk. The risk tolerance of an organization is the baseline that the program should address, including any additional legal requirements.

In order to accommodate or determine the acceptable levels of risk, organizations must fully understand what their business is, what makes it run, and be in a position to either build operational and business recovery systems or have significant insurance in place to offset recovery.

What it comes down to is risk

Each of the following issues also pertains to the risk tolerance for an organization.

An organization that doesn't understand its risk tolerance is usually not prepared, security-wise. Being prepared will ensure some confidence in business continuity and business survivability. Being unprepared will almost certainly ensure business failure.

The risks should be determined, as stated previously, by first understanding the business priorities and the components that make these business practices continue.

Once this is documented, a formal impact analysis and risk assessment should be undertaken. These should be centered on the "business" objectives.

In other words, each business case should have its priorities set to make business goals, and a series of risk assessments should be used to evaluate the risks to each business entity.

Only after a reasonable risk assessment or tolerance evaluation is completed will you fully begin to identify and appreciate your security investment to protect the business. This is what CEOs and CFOs need to understand.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
comesdownisitrisksecuritytowhat

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?