Business Continuity NewsBriefs - January 24, 2018
These NewsBriefs are produced and delivered weekly by Attainium to keep our friends and clients current on topics relating to Business Continuity, Disaster Recovery and Crisis Management.

Risk Management & Business Continuity

January 24, 2018 - Teddy Roosevelt said "Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you." His words are indicative of his understanding of the benefits and dangers of risk. He was himself a risk-taker, but he knew the importance of controlling risk. In this issue, we are looking at assessing/managing risk – whether it benefits us, how it benefits us, and what are the best approaches. What are your thoughts?

"Risk is like fire: If controlled it will help you; if uncontrolled it will rise up and destroy you." 
-- Theodore Roosevelt --

1. The dreaded risk assessment

Since many of the major regulatory frameworks, including HIPAA, PCI, and SSAE 16, all call for risk assessments, organizations have been forced, some kicking and screaming, to engage in reviewing their risks. Many companies treat the requirement for a completed risk assessment as an exercise in "papering the file" -- it must be done, so get through it as fast as possible, put it on file, and move on to something important.

2. Why You Must Take a Strategic Approach to Risk Management

The world is a scary place to do business. There are risks all over the place from unseen hackers to known competitors to weather to regulatory changes to employee theft. The lesson is that every organization must take a comprehensive, top to bottom, strategic approach to risk management involving everyone in the organization.

3. Business Continuity -- Is Risk Assessment Relevant?

Risk Assessments have always been a 'best practice' in Business Continuity Management. That classic legacy approach has required a thorough examination of threats & vulnerabilities, probability & impacts -- resulting in some manifestation of risk index. But at the end of the day, Business Continuity Planning is about the ability to respond to disruptions.

4. Including resiliency and incident response in the risk equation

Most risk equations include the standard approach of probability and impact. Nowadays, with the changing threat landscape, a new approach to the risk equation should be looked at. In this article Adesh Rampat explains why adding resilience and incident response to the risk equation provides a more useful and measurable metric.

5. The risk of shadow IT to business continuity

If you've not yet come across shadow IT, think yourself fortunate that you're reading this. Shadow IT is a rapidly growing risk to all businesses when it comes to IT continuity and security, heightened by the increasing ease of adoption of cloud services. It's likely to be already happening within your business; you just may not be aware of it yet.

6. A Call for Nonprofit Risk Management

The call for nonprofit risk management is clear. But although nonprofits are increasingly aware of the need to adopt risk management, there's still little guidance about when and how they should adopt such a program, or what it should look like in its early stages. The author urges the basic approach in this article.

Copyright (C) 2018 Attainium Corp - All rights reserved.