Risk Management & Business Continuity
January 24, 2018 - Teddy Roosevelt said "Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you." His words are indicative of his understanding of the benefits and dangers of risk. He was himself a risk-taker, but he knew the importance of controlling risk. In this issue, we are looking at assessing/managing risk – whether it benefits us, how it benefits us, and what are the best approaches. What are your thoughts?
Since many of the major regulatory frameworks, including HIPAA, PCI, and SSAE 16, all call for risk assessments, organizations have been forced, some kicking and screaming, to engage in reviewing their risks. Many companies treat the requirement for a completed risk assessment as an exercise in "papering the file" -- it must be done, so get through it as fast as possible, put it on file, and move on to something important.
The world is a scary place to do business. There are risks all over the place from unseen hackers to known competitors to weather to regulatory changes to employee theft. The lesson is that every organization must take a comprehensive, top to bottom, strategic approach to risk management involving everyone in the organization.
Risk Assessments have always been a 'best practice' in Business Continuity Management. That classic legacy approach has required a thorough examination of threats & vulnerabilities, probability & impacts -- resulting in some manifestation of risk index. But at the end of the day, Business Continuity Planning is about the ability to respond to disruptions.
Most risk equations include the standard approach of probability and impact. Nowadays, with the changing threat landscape, a new approach to the risk equation should be looked at. In this article Adesh Rampat explains why adding resilience and incident response to the risk equation provides a more useful and measurable metric.
If you've not yet come across shadow IT, think yourself fortunate that you're reading this. Shadow IT is a rapidly growing risk to all businesses when it comes to IT continuity and security, heightened by the increasing ease of adoption of cloud services. It's likely to be already happening within your business; you just may not be aware of it yet.
The call for nonprofit risk management is clear. But although nonprofits are increasingly aware of the need to adopt risk management, there's still little guidance about when and how they should adopt such a program, or what it should look like in its early stages. The author urges the basic approach in this article.
Copyright (C) 2018 Attainium Corp - All rights reserved.