What it comes down to is risk

By

Any good information security program should always relate to the business case and its tolerance for risk. The risk tolerance of an organization is the baseline that the program should address, including any additional legal requirements.

In order to accommodate or determine the acceptable levels of risk, organizations must fully understand what their business is, what makes it run, and be in a position to either build operational and business recovery systems or have significant insurance in place to offset recovery.

What it comes down to is risk

Each of the following issues also pertains to the risk tolerance for an organization.

An organization that doesn't understand its risk tolerance is usually not prepared, security-wise. Being prepared will ensure some confidence in business continuity and business survivability. Being unprepared will almost certainly ensure business failure.

The risks should be determined, as stated previously, by first understanding the business priorities and the components that make these business practices continue.

Once this is documented, a formal impact analysis and risk assessment should be undertaken. These should be centered on the "business" objectives.

In other words, each business case should have its priorities set to make business goals, and a series of risk assessments should be used to evaluate the risks to each business entity.

Only after a reasonable risk assessment or tolerance evaluation is completed will you fully begin to identify and appreciate your security investment to protect the business. This is what CEOs and CFOs need to understand.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident

Log In

  |  Forgot your password?