Combine Security Risk Management Components Into One Program | Info-Tech Research Group

Do not fill in this field

Enter no text in this field

Get Instant Access
to This Blueprint

Business Email

Full Name

Company

Phone

Job Title

Companies are aware of the need to discuss and assess risk, but many struggle to do so in a systematic and repeatable way.
Rarely are security risks analyzed in a consistent manner, let alone in a systematic and repeatable method to determine project risk as well as overall organizational risk exposure.

Our Advice

Critical Insight

The best security programs are built upon defensible risk management. With an appropriate risk management program in place, you can ensure that security decisions are made strategically instead of based on frameworks and gut feelings. This will optimize any security planning and budgeting.
All risks can be quantified. Security, compliance, legal, or other risks can be quantified using our methodology.

Impact and Result

Develop a security risk management program to create a standardized methodology for assessing and managing the risk that information systems face.
Build a risk governance structure that makes it clear how security risks can be escalated within the organization and who makes the final decision on certain risks.
Use Info-Tech’s risk assessment methodology to quantifiably evaluate the threat severity for any new or existing project or initiative.
Tie together all aspects of your risk management program, including your information security risk tolerance level, threat and risk assessments, and mitigation effectiveness models.

Combine Security Risk Management Components Into One Program Research & Tools

1. Establish the risk environment

Lay down the foundations for security risk management, including roles and responsibilities and a defined risk tolerance level.

2. Conduct threat and risk assessments

Define frequency and impact rankings then assess the risk of your project.

3. Build the security risk register

Catalog an inventory of individual risks to create an overall risk profile.

4. Communicate the risk management program

Communicate the risk-based conclusions and leverage these in security decision making.

Member Testimonials

After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve. See our top member experiences for this blueprint and what our clients have to say.

8.2/10

Overall Impact

$15,436

Average $ Saved

7

Average Days Saved

Client

Experience

Impact

$ Saved

Days Saved

Testimonial

Ground Transportation Systems Canada Inc

Guided Implementation

8/10

N/A

2

Soboba Band of Luiseno Indians

Guided Implementation

10/10

$11,699

4

EBSCO Industries Inc

Guided Implementation

10/10

$6,499

8

Jon was an amazing partner to work with. His knowledge and expertise were essential to our success in establishing a more rigid Risk Management Pr... Read More

Seneca Gaming Corporation

Workshop

8/10

$12,999

10

Primary benefits of the workshop to SGC: 1 - Opportunity to formally introduce concepts to senior management. It is often helpful when a third-p... Read More

AgHeritage Farm Credit Services d/b/a Insight Technology Unit (ITU)

Workshop

8/10

$30,549

10

I attended a workshop recently that was truly excellent. The leader, Fritz, had a deep understanding of our specific needs and was able to guide us... Read More

UCLA

Workshop

5/10

N/A

N/A

The Stride model and tool were not explained at the beginning of the sessions. I was not clear on the methodology or intended outcomes. The initi... Read More

Load More Testimonials

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Table of Contents

Need Extra Help?
Speak With An Analyst

Get the help you need in this 4-phase advisory process. You'll receive 7 touchpoints with our researchers, all included in your membership.

Guided Implementation 1: Establish the risk environment

Call 1: Discuss current risk management processes in the organization.
Call 2: Identify the organizational risk tolerance.

Guided Implementation 2: Conduct threat and risk assessments

Call 1: Build data element inventory.
Call 2: Identify STRIDE threats.
Call 3: Assign countermeasures and review final results.

Guided Implementation 3: Build the security risk register

Call 1: Establish a risk register and review risk assessment methodology.

Guided Implementation 4: Communicate the risk management program

Call 1: Review what reporting requirements are necessary per your risk management program.

Authors

Cameron Smith

Filipe De Souza

Ian Mulholland

Search Code: 80570
Last Revised: March 22, 2019

TAGS:

risk tolerance, risk analysis, risk assessment, risk management, threat assessment, STRIDE, risk acceptance, project risk, initiative risk, risk audit, risk governance, security risk, managing risk, threat and risk assessment, risk communication, risk response, Video, Whiteboard, Whiteboard Series

Visit our Exponential IT Research Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019