The first break-out panel I attended this year was "A Consolidated Approach to Risk and Standards Management" by Matthew Dalton from The Ohio State University. OSU has a nice tool for doing risk assessments, which I plan to steal (once he's made it available). It is a method for defining your assets, measuring the likelihood and impact of different events, and creating a risk report that C-level folks can easily understand. It also contains a way to track mitigating controls (including their costs and their effectiveness) that affect those risks. Pretty slick.
If you use all those frameworks from NIST,
Regulators will never be pissed.
You'll look like a pro
And put on a good show
When the auditors search for what's missed.
_____________________
Measuring your risk:
Teaspoons carefully poured, then:
A tsunami comes.
Red, yellow, and green.
Sunset flairs above lush grass.
Or fire, tornado.
No comments:
Post a Comment