The case of Volkswagen, discussed in Figure 4.1, demonstrates the importance of understanding the risk implications of technology decisions. Enterprise risk management (ERM) provides a foundation for examining an organization's full portfolio of risks. As a result of the stringent regulations that align with ERM as a practice, there are many tools and professional services to help directors meet their obligations.
At a high level, ERM methods are used to understand individual risks that are faced by the business. They consider how risks interrelate and support validation of appropriate mitigations. For ERM to be effective as part of an overall governance program, a board must have overt conversations about their risk-tolerance level. Every incremental level of risk prevention comes at a cost, and not every preventive measure is necessary or even prudent. Risk and security professionals often tend toward an absolute, so it is critical that the board balance the threat against both the probability of an incident and their tolerance of the event. Mitigations, including insurance, may be an effective alternative to investing in costly prevention measures – this chapter will help you make those trade-off decisions.
Risk is not an absolute thing, but a derived value, considering:
Threat – potential events ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month, and much more.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
