Almost every organization has something valuable in their IT-related systems – social insurance numbers, bank account numbers, controls over an electrical utility, product formulas, customer lists and so on.
Obviously, some systems or data are more important than others. Loss of some will bring the organization to its knees because it can’t function or its reputation has been damaged. Loss of other systems may merely be annoying for a short period.
An organization’s risk tolerance sets the policies and technologies it will adopt to mitigate the risk of such losses. But consultant Craig Shumard points out, it’s not easy to create a risk process – there’s no generally accepted template for creating one.
For some organizations, unfortunately, this will be their beginning. But at least it will be a step.