Aug 12, 2016 Assessing Cybersecurity? Think (Business) Risk!
Most information security professionals are pretty good at assessing technical risks, and remediating against them. The problem is that such an approach isn’t enough. They also need to think in terms of business risk–and communicate technical challenges and remediation strategies in business terms.
Back in 2014, the National Institute of Standards and Technology (NIST) developed a cybersecurity risk framework. And last year, Nemertes teamed up with G2-Inc to provide the Business Risk Portfolio approach to translating that NIST standard into real-world terms. We presented that approach at the RSA conference in 2015 and currently work with clients to implement that risk assessment in their enterprise organizations. If you’re interested in a risk assessment of your organization, contact us!