How to assess risk: Business risk assessment and management for CIOs

Emily McLaughlin, Associate Site Editor

Formal risk assessment is often associated with larger organizations, where a chief risk officer (CRO) might be employed to identify threat variables that have the potential to damage the organization. But whether there's a resident CRO or not, smaller businesses could also benefit from regular risk evaluation and the methodical execution of a risk management plan.

In SearchCIO's October cybersecurity-themed tweet jam, participants offered advice valuable to SMB CIOs, including how to assess risk, why business risk assessment and management should focus on threats, and how often these assessments should occur. We asked:

Before diving into the business risk assessment process, let's take a look at how and why assessing risk is important. Tweet jam guest expert Elliott Franklin, information security manager at Whataburger Restaurants LLC, kicked things off:

Security isn't just IT's problem. Combatting security threats must be an all-hands-on-deck effort across the organization in order to guarantee success. With everyone on board, SMB CIOs can focus their attention on how to assess risk and craft a business risk management plan, starting with understanding current business objectives and problems:

Step one: Understand the business and portfolio. Step two: Make sure you have a handle on your organization's information assets. Here's what tweet jammers said about information knowledge:

With a solid understanding of business goals and crucial data, CIOs and risk assessment managers can turn their attentions to the systems and services currently in place in their organizations. To what threats do these services expose the business? How do you ensure users are using services securely? Tweet jam participants sounded off:

A solid understanding of business, information and services are all required for effective risk assessment. That next begs the next question: "How often should one be completed?" Answers varied:

Do you think business risk assessment and management should be an ongoing process adopted across the organization? Sound off in the comments section below and stay tuned for more recaps from October's cybersecurity-themed #CIOChat.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: