When Quantifying Risk, Make It Real and Tangible
- In the real world of rapidly changing infrastructure, shifting threat vectors, agile business activities, and evolving perceptions of risk, there are often security solutions with overlapping functions.
- Business leadership wants to see how a program addresses risk. That requires measuring risk in a way that enables them to see its potential impact on business performance.
“Not everyone shares the same view on risk. Some prefer to wait and see what happens. Some will put the money down and say, ‘Spend what you need.’”
One management challenge many organizations face relates to the way they have built their security strategy over time. Ideally, you would make decisions based on a multi-tier model of your network that includes perimeter, internal systems, external systems, and mobile devices. You look for the best-in-class technologies and services to secure all those things, and you try to minimize overlapping functions in the solutions you adopt.