Essential Guide

Enterprise risk management strategy: A planning guide for CIOs

A comprehensive collection of articles, videos and more, hand-picked by our editors

How to assess risk: Business risk assessment and management for CIOs

Business risk assessment isn't reserved for the enterprise. Learn how to assess risk and create a risk management plan in SMBs in this #CIOChat recap.

Formal risk assessment is often associated with larger organizations, where a chief risk officer (CRO) might be

employed to identify threat variables that have the potential to damage the organization. But whether there's a resident CRO or not, smaller businesses could also benefit from regular risk evaluation and the methodical execution of a risk management plan.

In SearchCIO's October cybersecurity-themed tweet jam, participants offered advice valuable to SMB CIOs, including how to assess risk, why business risk assessment and management should focus on threats, and how often these assessments should occur. We asked:

Before diving into the business risk assessment process, let's take a look at how and why assessing risk is important. Tweet jam guest expert Elliott Franklin, information security manager at Whataburger Restaurants LLC, kicked things off:

Security isn't just IT's problem. Combatting security threats must be an all-hands-on-deck effort across the organization in order to guarantee success. With everyone on board, SMB CIOs can focus their attention on how to assess risk and craft a business risk management plan, starting with understanding current business objectives and problems:

Step one: Understand the business and portfolio. Step two: Make sure you have a handle on your organization's information assets. Here's what tweet jammers said about information knowledge:

With a solid understanding of business goals and crucial data, CIOs and risk assessment managers can turn their attentions to the systems and services currently in place in their organizations. To what threats do these services expose the business? How do you ensure users are using services securely? Tweet jam participants sounded off:

A solid understanding of business, information and services are all required for effective risk assessment. That next begs the next question: "How often should one be completed?" Answers varied:

Do you think business risk assessment and management should be an ongoing process adopted across the organization? Sound off in the comments section below and stay tuned for more recaps from October's cybersecurity-themed #CIOChat.

This was first published in November 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Enterprise risk management strategy: A planning guide for CIOs

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close