Key Risk Management points include:
- Identify and manage risk within your business. Encourage your workforce to report threats to your company and maintain the details in one or more risk registers. Audit critical systems and identify compensating control requirements.
- Evaluate risks in terms of probability and severity. An assessment will allow you to take a risk-based approach to determine the priorities and allocation of financial and human resources to improve your security posture.
- Decide on the approach to treat identified risks. Reduce the overall risk by reducing the likelihood of an event, reducing the impact, removing the source, or sharing the risk with other parties. If mitigation costs are disproportionate to an event’s consequences, risk acceptance is a viable option for consideration.
- Mitigate risks with tactical remediation and strategic solutions. Identifying risks and fixing current problems is only part of the solution; it is crucial to have robust systems, policies, and procedures to prevent history from repeating itself during ongoing business as usual activities. Fixing backwards and forwards is essential.
- Implement governance throughout the business. Establish risk committees in multiple areas of the organisation to discuss the most critical threats, the action plans, stakeholder management, and a robust framework for reporting risks to the directors and board members.
Robert is an information security professional with over 20 years of experience across a diverse range of organisations, both in the UK and internationally. Robert graduated in 1997 with an honours degree in software engineering for security and safety-critical systems. Robert is contactable directly through Telegram.