How to Approach Risk Management: Advice from Rapid7 Customers

How to Approach Risk Management: Advice from Rapid7 Customers

It’s no secret that in the world of vulnerability management, reducing your risk is the name of the game, but eradicating it entirely is, well, impossible. The result is a world in which organizations need to define what they believe to be an acceptable amount of risk to take on, then work their hardest to meet that goal.


But because it can be difficult to know exactly how you’re supposed to determine what constitutes “acceptable” risk, we decided to ask some of our customers to weigh in on their approach. Read on to learn about how these security professionals approach risk in their organizations and their best advice for others looking to better their approach to risk management:


Chris Bailey, Security Architect


I look at what type of data it is (confidential, sensitive, or public), then determine which controls protect that data. Based on that information, a security assessment is performed and a recommendation is provided to the business about whether the risk is low, medium, or high.


Steven Maske, Information Security Manager


Acceptable risk all boils down to probability and impact vs. reward or cost. An oversimplified example would be, you wouldn’t spend $1 million to protect a $100,000 asset.


Anonymous, Biotechnology Company


Risk always changes. Technology is always changing and businesses adapt to the new technologies, so there are always new risks inherent with the technology. Even if you avoid risk by not changing, you risk going out of business because your services will become stale or irrelevant.


Chad Kliewer, Information Security Officer at Pioneer Telephone Cooperative, Inc.


I look at risk from ..

Support the originator by clicking the read the rest link below.