Previously, we looked at practical ideas for conducting the complex information security risk assessments that all enterprises should regularly perform. The right methodology will guide identifying the threats and vulnerabilities to which an organization is subject. Once that is done, it’s time to reinforce the right controls to mitigate them.
While it may seem counter-intuitive, the most important first step is to evaluate your control environment independent of the risk assessment process itself. This can be challenging when your mind is set to assessing risk. But starting by instituting controls against a particular type of threat that may be pinpointed in the risk assessment, for instance ransomware, will produce an unwieldy volume of controls when factored against the multitude of risks that may be identified.
It’s better to s ..
Support the originator by clicking the read the rest link below.
