Contents

Related Topics

CISO

Risk vs Opportunity

Our three step process to mitigate risk when you embrace new opportunities confidently

Risk = Likelihood x impact

Understanding risk is simple. Identifying it – not so much. But risk is your responsibility right? So as long as they’ve got you, other departments don’t have to worry about risk… right? They can focus on finding the new digital initiatives that will keep your business moving. That’s great for them. For you, it can be another story. It’s up to you to make sure your business can pursue these new opportunities with confidence. So, when you look at today’s leading digital initiatives, you probably see things a little differently. Knowing the risks is just the start. Next is applying the equation to weigh the risks up against the opportunity – and no two initiatives are ever the same.

Step 1 – Visibility

What solutions have you deployed that help you identify the risks of a digital initiative?

This is usually a mix of technologies and static processes. Start by taking stock of them all (and their insights). Then, you’ll have a better understanding of how well you can spot and handle emerging risks in areas like:

  • Real time visibility of users, devices and usage
  • Cloud adoption
  • Apps and infrastructure endpoints
  • Encrypted traffic
  • Movement of company data

Step 2 – Intelligence

How will you analyse the issues and what do you need to measure risk against opportunity?

If you work in security, it might be as simple as getting your hands on a vulnerability scanner. A quick once over will likely reveal a load of potential issues. Of course, you’ll have to consider each one carefully – some will apply to your new digital initiative more than others.

To figure out which should make it on to your list, keep the risk equation in mind. What are the odds of the risk becoming real and what would that mean for your business?

Step 3 – Control the risk

What are you going to do to treat the risk? Once you’ve got your list, you can prioritise the risks, riskiest to least risky.

If you’ve gathered all your insights and applied the risk equation to each, this should be the easy bit. For each, pick one of the following options:

  • Mitigate. Put a safeguard in place to reduce the likelihood or impact of the risk.
  • Accept. Maybe the likelihood or the impact of this risk is negligible. In which case, a disaster recovery process might be the better option.
  • Transfer. Outsource to a third party and let them manage the initiative (and the risk) for you.
  • Avoid. If the risk is too likely or too great and there are no safeguards up to the task, well, maybe this digital initiative isn’t for you.

Get in touch with BlueFort