What we’re reading this week from the world of risk management.
TechRepublic: 11+ security questions to consider during an IT risk assessment
A list of questions that boards and investors should be asking about IT risk. Also a succinct definition of what we’re really measuring with risk assessments: “the cost of preventing a risk from occurring vs. the cost of recovering from a potential risk”.
CIO.com: ‘Vendor overload’ adds to CISO burnout
Headline aside, this article is really about the changing role of the CISO, who needs to understand a firm’s risks and their potential impact in order to make the right investments in security products.
ISACA: WIRED Editor David Rowan Predicts Future of Audit, Governance, Risk Management
Rowan was the keynote speaker at a recent European ISACA conference. “We are in a networked world of ever increasing transparency, as well as increasing vulnerability to data breaches. Starting with transparency, the recent breaches of client confidentiality over Panamanian accounts, and the Snowden disclosures before that, are a stark reminder that every professional’s decisions could tomorrow be scrutinized on the front page of the New York Times.”
RSA Blog: Risk Intelligence reveals opportunity for competitive advantage
RSA’s Joe Hewitson writes: “The overwhelming majority of today’s enterprise organizations view risk management as a reactive protocol. Unfortunately, this could not be further from the truth… At its most effective, risk management is an overarching business process that enables both the mitigation of unacceptable risk and proactive vigilance to prepare for future risk.”