Look at information security through the lens of business risk, and you’ll begin to make decisions about security in light of their impact on the business.
A GRC framework for business risk management can help you identify key business priorities and align them with security information and decisions.
View part two of this on-demand webcast series. This session details a seven-step methodology for a GRC-based business risk management framework, including tips for:
- Defining what information needs to be protected and identifying the location and amount of important information
- Documenting processes and enterprise risk controls—documenting the activities as business processes and documenting the risks associated with the processes
- Determining levels of inherent and residual risk and answering the question of what to do with a residual risk level that exceeds risk tolerance and appetite