Thursday, June 24, 2021

First steps to determine a firm’s risk tolerance

Almost every organization has something valuable in their IT-related systems – social insurance numbers, bank account numbers, controls over an electrical utility, product formulas, customer lists and so on.

Obviously, some systems or data are more important than others. Loss of some will bring the organization to its knees because it can’t function or its reputation has been damaged. Loss of other systems may merely be annoying for a short period.

An organization’s risk tolerance sets the policies and technologies it will adopt to mitigate the risk of such losses. But consultant Craig Shumard points out, it’s not easy to create a risk process – there’s no generally accepted template for creating one.

In fact because organizations are so different it has to be unique for each one.
 
 
RELATED CONTENT
 
 
In creating a risk tolerance model Shumard suggests are three steps to take: delegate someone to make security risk decisions, categorize whether risks affect the entire enterprise or business units, and document how issues are resolved.

For some organizations, unfortunately, this will be their beginning. But at least it will be a step.

Read the whole story here

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News