Tech Talk Risk Assessments Work Better Together Jon Waldman, EVP Information Security Consulting, SBS CyberSecurity; President, SBS Institute When “risk assessment” is mentioned in the information technology or information security crowd, IT risk assessment is typically the first thing that comes to mind, probably because it has been around the longest, at least from a regulatory-guidance perspective. As important andmeasurable as the IT risk assessment can be, it is only part of the equation for assessing risk. Relying solely on a very granular, asset-based risk assessment tomake decisions for your entire organization is not practical or logical. It is recommended that different tiers of risk assessments are necessary for organizations to understand interconnected risks. The tiers range from the foundational IT risk assessment to the departmental business process risk assessment and the strategic organizational risk assessment. FIGURE 1 – MODERN I.S. RISK MANAGEMENT TIERS (SBS) 24
RkJQdWJsaXNoZXIy ODQxMjUw