In this article I want to share with you the secrets to being able to assess whether the enterprise cyber risk in your organization is being managed effectively using a simple set of questions. These are questions that will work even if you are not working in the security function – and I think average workers being able to understand if cyber risk is managed is important.
Why? Because if the enterprise you are working for is not on top of its cyber risks, then unless you are very close to retirement, you might want to start looking for someplace else to work.
Think about it: How many companies have now gone out of business or had to downsize because they could not keep the technologies they use secure? Where do you think that trend is headed, up or down?
What got me thinking about this was new research on enterprise risk management from ISACA, CMMI Institute and Infosecurity that showed me the heartening news that cyber risk appears to be the number one priority for most enterprises. Yes!
But (you knew the but was coming) … when it comes to cybersecurity risk, there is no better analogy for how too many organizations continue to manage the task than this:
Early on…
