Risk management is all about perspective, not just of the company, but of each individual working at the company. The answer to what’s valuable and at risk is different depending on who you speak with.
At this year’s “Risk Management Smackdown” panel at the 2012 RSA Conference, two of the panelists had switched jobs since last year’s smackdown and as a result have a new perspective on risk management, explained David Mortman (@mortman), Chief Security Architect for enStratus and moderator of the “Risk Management Smackdown.”
Definition of “risk management” changes given an individual’s job responsibility which offers a different perspective on the business and what the risks for the company are, said Mortman.
The goal of risk management is to see and value your vulnerabilities. But you also have to consider who would exploit these vulnerabilities and how likely are they to be attacked.
Modularize your risk management effort
To move from a theoretical discussion of risk management and to put it into practice, there is no quick answer. Of course you need to just start and do it. But it takes time and discipline to pull it off. Find a specific area and do a test pilot, such as your ecommerce platform or website. Don’t try to do everything at once. It would be crazy, said Mortman.
Stock photo of “Risk” on chalkboard courtesy of Shutterstock.