The implementation of a risk-management process requires a significant investment of time, energy and resources from any organization. But how can those tasked with managing cyber risk ensure the investment worthwhile and effective?
The International Standards Organization (ISO) put forth its annual risk-management guidelines, ISO 31000: 2018, in February 2018. Here are the key components of the guidelines, as well as some critical questions for organizations to answer.
(Those unfamiliar with the ISO’s guidelines can read our overview.)
How Integrated Are Your Organization’s Security Practices?
What is one of the most significant determinants of success for a risk-management process? The level of commitment from top leadership and the board. At the center of ISO 31000:2018 is this very issue of commitment — and the guidelines warn that the effectiveness of the whole affair will depend on the dedication and involvement from those in charge.
Consider the following questions to assess the level of commitment from those at the top of your organization:
-
Is cyber risk management integrated into every corner of your organization? A counterproductive alternative would be to treat…
