It’s impossible to escape the barrage of news about cyber attacks. At the enterprise level, we also observe varying degrees of insight into how to understand and manage it.
Boards of directors are turning attention from understanding the risk to understanding management’s readiness to deal with the risk. That translates into questions such as, “Do we understand the risk well enough to prevent, mitigate and recover from a large-scale cyber event?”
Common sense risk analysis
Risk analysis starts with awareness of the risks an organization faces. The better an organization understands the risks it’s dealing with, the more robust its risk analysis and risk-based decision making will be.
Some common suggestions for improving risk awareness include the following:
- Harvest the risk information you already have. Whether it’s through formal risk assessment activities already underway,…