When you think about it sometimes our attention gets locked on our risk assessment programs and we neglect our more fundamental risk management activities. Focus is typically good but in this case overlooking, or rushing through, some initial aspects of risk framing can negatively impact the very same risk assessments you are attempting to focus on. Three areas are especially important:
- Incorporating cyber risk into your overall risk management program
- Ensuring you focus your program on the correct assets
- Implementing a balanced set of security controls
I’m going to be talking about this issue at the upcoming ISACA CSX Conference in October. ISACA has published my introductory thoughts on their ISACA Now Blog.