Monday, May 16, 2016

Week 9 - Risks… Good, bad and ugly?

What is Risk? Thanks to Merriam-Webster we see that risk = possibility of loss or injury. A simple definition but true none the less.  Too much risk can cause businesses to fail because there is confusion and uncertainty within the organization.  Mainly because the corporate leaders do not understand what “Risk” is and how to mitigate, transfer or even accept it and the full impact of the “Risk” hasn’t been dissected by the business to get a grasp of what they are challenged with.

                                      (healthcareglobal.com)


What I mean is this, if a company does not fully understand a subject such as employee theft, then the possibility of loss, either monetarily, intellectual property or customer data will be greater and the cost to the company will be much more to mitigate when the event occurs.  Therefore, it is very important for all groups within a business to understand what risks are present and how to mitigate, control and even avoid them.  This isn’t always easy though, since new (Potential) threats crop up every day.  Having a Risk Management Plan (NIST Special Publication 800-30 Revision 1) in place will help keep businesses calm during times of tumult.  The following diagram from NIST.gov displays a great overview of the Risk management process. 
                                           (NIST.gov)

Questions to ask when the event occurs….
ü  What is the threat?
ü  What is the impact of the threat?
ü  How vulnerable are we?
ü  Who needs to be involved and notified?
ü  How quickly must you act?
ü  What actions need to be put into play in order to mitigate or manage the threat?

Businesses can’t avoid risks, as a matter of fact; risks are inevitable and sometimes needed in a business strategy so develop your plan now.  The following demonstrates how to prioritize the Risks in your business.  Putting an importance on the Risk such as Miner, Major, critical or Minor, Moderate and Significant will help everyone involved understand the significance of the threat.

   (Managementstudyguide.com)

A thorough risk assessment audit and plan can lessen the impact of a breach and make your life much easier.  But, these assessment plans need to be very accurate, comprehensive and also need to be run on a regular basis in order to build up a stockpile of historical data and benchmarks. 

So get to work…. And Happy Assessment (ing)…

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)