Chapter 13: Applying Appropriate Risk Strategies

Enterprise risk is a major consideration for organizations and can have a significant impact on them. Risks must be understood at a strategic level to ensure long-term goals are achieved and must also be addressed for more short-term or tactical business goals. An enterprise should employ security professionals who have expertise in conducting appropriate risk assessments or engage qualified assessors to assist the enterprise. Once risks are identified, the business must have a strategy for responding to risks; these responses may be dictated by regulatory compliance or business drivers. Risk is a constant threat to a business and must be managed on a continuous cycle. In order to understand if ...