CHAPTER

10

Planning Risk Mitigation Throughout Your Organization

AFTER COMPLETING THE BASICS of identifying assets, threats, and vulnerabilities, you can begin identifying controls. Controls mitigate risk throughout an organization. One of the ways to evaluate controls is to identify critical business operations and critical business functions. Controls should be in place to protect against risks for these critical areas of your business.

Compliance is an important topic in IT today. If any laws or guidelines govern your organization, you need to ensure you’re compliant. Noncompliance can be quite expensive. The first step is identifying the relevant laws and guidelines to see if they apply to your organization. If they do apply, you ...

Get Managing Risk in Information Systems, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.