This post by Jeffrey Roman features an article and associated podcast concerning how to have a top notch risk management process no matter how small your budget is for such an effort. The article and podcast feature the insights of Ron Ross from the National Institute of Standards and Technology (NIST). According to Ross, the use of automation can “increase consistency, effectiveness, and timeliness.” This translates to less wasted time, hence more efficiency and less money spent. Ross goes on to explain why the cloud may make even more sense for a budget conscious organization by reducing the size of the enterprise's digital footprint:
By reducing an enterprise's digital footprint, it can lead to reduction and better management of complexity. The money saved through the cloud, Ross says, can be reinvested into stronger cybersecurity measures, including automated tools. “Make a list of the things that are most important,” he says. “Buy those automated tools first and they're going to give you the greatest return on your investment.”
The podcast features Ross' insights on understanding the threats of using the cloud, how a multi-tiered approach to risk should be built on governance, processes and information systems, and features in depth discussion on processes that can effectively address risk management while not hindering cost saving.