Once your organization prioritizes the assets, you’ll want to prioritize the risks. No company can eliminate all risk, but you can focus on where you can reduce it. Ask yourself what risks your organization is willing to take, what risks pose the greatest risk for your organization, and what risks require the most protection.
To define risk, Dustin uses the equation “risk = likelihood x impact,” meaning that the risk changes depending on how likely it is and how impactful it would be if an attack occurs. Risk can be measured by the impact to safety, revenue, reputation, regulatory compliance, and other factors. However, not all risk is created equal. Dustin uses a hospital example to show when the risk is high in different scenarios, and heightened when the potential impact to patients is greater.
When prioritizing risks, performing a risk assessment is the best way to proactively find vulnerabilities and weaknesses before the threat actors do. Pondurance uses risk assessments, and also cyber risk management tools such as MyCyberScorecard, to accurately measure and prioritize risks. A risk assessment analyzes your entire network to determine where your organization is…
