Upcoming Banner

Define Your Organization’s Information Security Risk Tolerance Level

Your best guess at risk mitigation doesn’t cut it anymore.

Security practitioners need to be able to define the context for an environment in which risk-based decisions are made, on top of everything else. When you define how you frame risk, you can improve your assessments of risks, your responses to it and your ability to monitor it all on an ongoing basis.

Your Challenge

  • Organizational context is needed to support decision making. Successful security practitioners need to understand their organizations overall approach to risk in order to support their specific duties.
  • Risk-based assumptions, constraints, and priorities all need to be identified to minimize confusion. Failure to understand common risk assumptions, or organizational priorities (such as investment preferences) when assessing risk results in wasted effort.
  • No security practitioner should define their organization’s risk tolerance level. Business stakeholders need to ultimately make the final decision around how much risk should the organization accept. 

Our Solution

  • Our program establishes a foundation for managing your information security risk through definition of clear risk parameters.
  • Executive leadership is engaged to support definition of risk functions as well as support overall risk tolerance definition.
  • Our program gets you understanding organizational context right away. Business plans and supporting IT strategies are analyzed to understand security implications and ultimate risk influencers.
  • Organizational risk assumptions about the threats and vulnerabilities you face are analyzed in order to develop a baseline understanding of how you can contextualize risk in an ongoing process.
  • Organizational culture and management preferences are analyzed in a practical methodology to provide direct inputs into defining your risk tolerance level. 

Talk to our analyst about this Research

Be recognized for your expertise! Participate in an expert interview with one of our analysts and we will showcase your contribution on our upcoming Info-Tech Client Hall Of Fame.

Each interview lasts approximately 30 minutes to 1 hour and provides you with the opportunity to share your best practices, opinions, tools or templates with your peers.

Analyst Interview

Hide Details

Search Code: 80919
Published: June 14, 2016
Last Revised: June 14, 2016

GET HELP Contact Us
VL Methodology