Friday Dec 03, 2021
Assessments and Integrated IT Risk Management - Part 1
- Problems with and limitations in many assessments
- Many assessment report results from automated tools can be incomplete, incorrect, or pretzel talk
- What realistic expectations should you have from a paid and unpaid assessment
- There are certain security baselines simply so your organization can be insurable.
- There are certain security baselines in order for your organization to be serviceable by an IT service provider.
- Small organizations can easily find themselves spending $50,000 that they don't have in order to recover from a cybersecurity event.
- It's not just about money. Are you sure that you can get access to all the personnel in order to get your organization back up and running in the designated time?
- You need to mitigate risk proactively in order to make sure the cybersecurity event never happens.
- Do not evaluate your risk based upon what you think the value of your data is. Evaluate your risk based upon whether or not you want to stay in business.