Coming October 25: PeerSpot Awards will be announced! Learn more
2019-01-17T08:14:06Z
Ariel Lindenfeld - PeerSpot reviewer
Director of Content at PeerSpot (formerly IT Central Station)
  • 1
  • 18

When evaluating Digital Risk Protection, what aspect do you think is the most important to look for?

Let the community know what you think. Share your opinions now!

1
PeerSpot user
1 Answer
2020-08-04T13:44:14Z
04 August 20

The first step in selecting a solution is to establish a clear picture of

your current capabilities when it comes to the discovery, assessment and


remediation of digital risks. Frequently, organizations find that they


have deep risk protection capabilities in a few key areas, but poor


visibility of the less obvious security weaknesses they may have. For


example, Shadow IT or Forgotten IT can essentially be invisible to an


organization. 

Related Questions
Evgeny Belenky - PeerSpot reviewer
Director of Community at PeerSpot (formerly IT Central Station)
Jan 11, 2022
Hi infosec/GRC members of the community, Can you please share with our community members your recommendations on how an enterprise risk management plan should look like in 2022? How is it different from previous years? What major factors should be taken into account? Thanks 
See 1 answer
PG
Cyber Security Expert - Business Advisor with 11-50 employees
11 January 22
An Enterprise Risk plan should start with a Baseline understanding of the following: 1. An understanding of the Business  environment. Business size, scope of industry verticals, risk tolerances etc. 2. An understanding of the types of Data involved to run and manage the Enterprise. 3. Full understanding of Industry Mandated requirements. HIPAA, FISMA, FEDRamp, CMMC, GDPR etc.  4. Understanding of People, Process Technology of IT/IS, Finance, Legal etc.  5. GRC should be structured as a Program with  supporting Projects to deliver a Programmatic approach to reducing risk. GRC is a journey with many moving parts. 6. Start with a baseline Risk Assessment (People and Process’), Vulnerability Assessment, PenTest and Wireless Network Assessment (Technology).  7. Consider a Compromise Assessment to see if you have been breached and do not know it. 8. Gather these findings and prioritize a remediation plan to reduce Enterprise risk as it relates to budgeted funding. 9. Cost out the cumulative OpEx and CapEx funds required to execute the various Projects that: A. Are Mandated by your industry.B. Should be done but are not necessarily mandated. C. The right thing to do. 10. Build out your prioritized Remediation Plan as it relates to available resources (Budget, People, Process and Technology.) 11. Perform Remediation per #10.   12. Rinse, Repeat. Execute in a Programmatic manor. Review on a quarterly basis. 13. Build the above findings into the Budget request plan. Allocated funds should represent the risk tolerance of the Executive Team. Reach out for help. Peter@Gaileysolutions.com