This content is part of the Essential Guide: Enterprise risk management strategy: A planning guide for CIOs
Get started Bring yourself up to speed with our introductory content.

How to assess risk: Business risk assessment and management for CIOs

Business risk assessment isn't reserved for the enterprise. Learn how to assess risk and create a risk management plan in SMBs in this #CIOChat recap.

Formal risk assessment is often associated with larger organizations, where a chief risk officer (CRO) might be employed to identify threat variables that have the potential to damage the organization. But whether there's a resident CRO or not, smaller businesses could also benefit from regular risk evaluation and the methodical execution of a risk management plan.

In SearchCIO's October cybersecurity-themed tweet jam, participants offered advice valuable to SMB CIOs, including how to assess risk, why business risk assessment and management should focus on threats, and how often these assessments should occur. We asked:

Before diving into the business risk assessment process, let's take a look at how and why assessing risk is important. Tweet jam guest expert Elliott Franklin, information security manager at Whataburger Restaurants LLC, kicked things off:

Security isn't just IT's problem. Combatting security threats must be an all-hands-on-deck effort across the organization in order to guarantee success. With everyone on board, SMB CIOs can focus their attention on how to assess risk and craft a business risk management plan, starting with understanding current business objectives and problems:

Step one: Understand the business and portfolio. Step two: Make sure you have a handle on your organization's information assets. Here's what tweet jammers said about information knowledge:

With a solid understanding of business goals and crucial data, CIOs and risk assessment managers can turn their attentions to the systems and services currently in place in their organizations. To what threats do these services expose the business? How do you ensure users are using services securely? Tweet jam participants sounded off:

A solid understanding of business, information and services are all required for effective risk assessment. That next begs the next question: "How often should one be completed?" Answers varied:

Do you think business risk assessment and management should be an ongoing process adopted across the organization? Sound off in the comments section below and stay tuned for more recaps from October's cybersecurity-themed #CIOChat.

Dig Deeper on Small-business IT strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.