Investing in risk management is the best way to make the money you get to put towards dealing with risk stretch to its fullest. In this case, article author Ericka Chickowski sees investing as creating a stable, highly communicative risk management process in place. First, establish a risk and security oversight board which can engage in cross-functional teams and establishes priorities with the business. You should also determine what the “bloodline” is for your company:
What’s the business bloodline for your company? In other words, what are the areas of the business for which security threats could truly disrupt the way in which the organization operates? This is exceedingly important to determine — and one that second opinion should help deliver. Once you figure that out, start mapping technical elements to it in order to understand what kind of events could do the organization the most harm, says Amichai Shulman, chief technology officer for Imperva.
“For some companies, a POS system or its database full of credit cards may be its most valuable assets; for some it may be Social Security numbers and the personal information attached,” he says. “For a company that bases its livelihood on transactions and uptime, the loss of revenue or customer loyalty caused by a DDoS could be devastating.”
Yet another piece of advice is to communicate risk visually. That means providing heat maps which show the top 10 risks to the executive suite, for example, or creating a graph which shows where the most issues are coming up. Presenting communication visually allows more people to understand the impact of risk, and thereby help them understand why what you’re doing is important.
Read the full article here: http://www.darkreading.com/risk/how-to-get-the-most-out-of-risk-manageme/240165618