Defining your information security risk tolerance level is the essential step for any security professionals looking to mature their security program beyond reactive technological controls. This storyboard will walk you through the steps necessary to use Info-Tech's methodology in defining micro and macro risk tolerance levels. The storyboard includes the following sections:
- Define an executive risk function to ensure defined responsibility and accountability for risk tolerance
- Evaluate your organizational culture and informal risk appetite
- Create specific definitions for business impact levels
- Optimize the sensitivity of your risk tolerance screening test