Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Doing risk management correctly
Cyber Security: A Peer-Reviewed Journal,
3
(1),
14-24
(2019)
Abstract
This paper aims to help organisations better understand what risk management is, why we need to do it, the methodology and expected outcomes of risk management. All organisations understand risk — it is a critical part of business. Companies invest millions of dollars in new initiatives designed to spur growth, expand into new markets and extend product or service offerings to better serve customers. These initiatives always have large risks; businesses have to worry about financial, legal, compliance, reputational and many other risks. And since most organisations today leverage technology to run their business, IT issues can lead to additional business risk. This paper will discuss how we should perform risk analysis in order to properly identify and manage IT issues that may lead to these business risks. As an industry, we all need to be experts at managing IT risk and translating that to our businesses, in order for them to properly understand how to move forward.
Keywords: risk management; assessments; frameworks; governance; control objectives
The full article is available to subscribers to the journal.
Author's Biography
Randall Frietzsche is the Enterprise CISO for Denver Health. He has worked in information security for almost 20 years. Holding a Master’s in information security, Randall also teaches for Harvard and Regis Universities. He also holds the ISSA Distinguished Fellow, and was Chapter President in Louisville, KY for eight years. In addition to the CISSP, C|EH and C|HFI, Randall also holds 23 other IT and technical certifications. Prior to his career in IT, Randall was a Deputy Sheriff, and recently graduated from the FBI Citizens Academy.
