It is not just a huge help for general management when company risk assessments are based on concrete business goals. Business-based risk assessments also help information security managers to prioritize what scarce resources they have.
Risk assessments must align with business goals
[fa icon="calendar'] Monday, 16 December 2019 / by Jakob Holm Hansen under information security, Risk assessments, risk treatment
Risk Assessments - What are they for?
[fa icon="calendar'] Monday, 27 June 2016 / by Jakob Holm Hansen under Risk assessments, risk treatment, Risk management
It is now considered good practice to perform risk assessments - or at very least to acknowledge that they should be done.
Unfortunately, far too often we see that businesses only conduct risk assessments in order to satisfy some sort of compliance requirement or other types of requirements (audit, contract, statute etc.). If you are lucky, you might have the resources to conduct them once per year.
Typically, you will conduct your risk assessment, speak with your organisation and then finally you submit a fancy report. And then your "project" is done. However, it would be wrong to consider the risk assessment as a project. Risk assessments should be a process. It is a process that involves feedback and continual adjustments.
Hacking online meetings
[fa icon="calendar'] Monday, 09 November 2015 / by Jakob Holm Hansen under Information risk management, Risk assessments, Risk management
By Gaffri Johnson, Neupart
Why risks related to information sharing via calendars and online meeting tools should be included in your annual it risk assessment.
Risk assessment is a process - 3 reasons to do it again (and again)
[fa icon="calendar'] Friday, 10 July 2015 / by Jakob Holm Hansen under Information risk management, Risk assessments, Risk management
Information security risk assessments are an integral part of managing information security. Unfortunately, it is not uncommon for businesses to consider risk assessment as something they need to get over with in order to meet certain requirements.
How to assess your business risks when going cloud
[fa icon="calendar'] Sunday, 11 August 2013 / by Jakob Holm Hansen under IT Outsourcing, Information risk management, Threat assessments, Risk assessments, Cloud computing security
Cloud computing promises many benefits. Cost reductions, improved efficiency and improved security is what many companies can gain from moving into the cloud.
IT Risk Management increases your IT outsourcing success
[fa icon="calendar'] Monday, 03 June 2013 / by Jakob Holm Hansen under ISO 27001, IT Outsourcing, Information risk management, Threat assessments, Risk assessments, Outsourcing, SecureAware, ISO 27005
IT outsourcing can be a highly positive experience.
4 responsible shortcuts to good enough risk assessments
[fa icon="calendar'] Wednesday, 23 May 2012 / by Jakob Holm Hansen under ISO 27001, Information Security Standards, Threat assessments, Risk assessments
Information security standards have at least two characteristics: 1) they can cure most sleep problems and 2) some describe a relatively perfect world where those responsible for information security have plenty of time and where there are enough resources to analyse needs and document decisions. Even though I may have started this post a little sarcastic, I'm actually a big supporter of standards and "best practice"; I see no reason to reinvent good stuff. I cannot do anything about the standards being boring, but I write this post to suggest some responsible shortcuts to a good start on risk assessments and as a pragmatic approach to ISO 27001 compliance (should you want that).