Risky Business
Companies typically define risk as the probability or likelihood of an event happening multiplied by the potential impact to the organization, according to Steve Schlarman, RSA Archer strategist at Bedford, Mass.-based RSA.
Businesses can reduce the likelihood or impact of a negative event through a variety of mechanisms such as mitigating risk, managing risk, transferring risk, or establishing certain controls, Schlarman said. The overriding objective of risk management is to identify potential adverse events and make a decision about what to do to address those risks, according to Schlarman.
Organizations have been identifying and assessing risk at some level for quite a while now, Schlarman said, with security teams deploying…
