Implementing Enterprise Risk Management
Before Getting Started in enterprise risk management
Organizations are at a pivotal point in terms of the manner in which they address their enterprise risk management practices within their cyber security programs. For the first time, it is becoming significantly more expensive for organizations to do nothing about security than to address it. As a result, organizations are moving in droves to implement corrective action as quickly as possible.
This enterprise risk management framework is designed to help with that mission by providing a step-by-step approach that anyone can follow. These steps are designed to be followed in a linear order, but some organizations may encounter situations where they will need to go back to earlier steps. Examples of these situations would be cases where perhaps acquisitions have occurred changing the included entities on the network, or significant organizational changes to the business. In these situations, you can go back and start from any step that makes sense to enable use of valid data. When this occurs, your next step will always be to the next level from which you went back to.
Below are the five steps to building a risk management program for any organization. Accomplishment of these steps will provide your organization with a mature Enterprise Risk Management Program.
Step 1: Inventory and centralization of all enterprise risk findings within the organization
Many organizations are interested in developing a enterprise risk management program for their environment, but are unsure of where to start. Identifying and organizing all previous findings is important because it enables an organization to understand what has been measured, the associated story for those findings, as well as a good indicator of current state. This step is absolutely critical in order to start the process for informing management about requesting funding.