You Need to Understand Risk and Make It Tangible
- Only with a clear understanding of a business’s risk appetite will you be able to look at its risk tolerance for each asset and quantify the risk.
- In presenting to a board or senior executive leadership, you need to make risks and threats tangible for your audience.
“Ultimately you need to convert risk to dollars for the benefit of the top business leaders, because at the end of the day, they are focused on the bottom line. You have to know the business and understand what the risk tolerance is within the business. Understanding all the risk transferal and acceptance is key.”
“The business is always looking to its bottom line,” says Heath Taylor, director of information security and compliance at Live Nation Entertainment, and this is just as true when prioritizing security. In the context of security decisions, he explains, “They’re looking at the situation and asking if this were compromised, what would it cost in fines? What would it cost in payouts? Versus how much would it be to implement this technology, and the people to support that technology, and the processes to support the people and the technology? What is that dollar amount? From there the business can weigh the factors and make smart decisions.