Cyber Risk Integration
Risk Management is a fundamental aspect of operations in ALL contexts of organisational execution, no matter what the mission is.
Ensuring it is effective and encompasses all aspects of risk is critical.
Complicating factors include:-
1. Complexity of Technology – IT / OT or other.
2. Assuring Compliance – differing legislative and regulatory requirements.
3. Risk Articulation – expressing risk in easily understandable BUSINESS SPEAK without TECHNO BABBLE is fundamental.
4. Multiple Risk Management Frameworks – which one is best to use ?
5. Temptation to express specific risk on separate, dedicated governance structures – ultimately ALL risk should be articulated under unified governance.
6. Lack of Independence and evidence base – risk assessments and management should be repeatable and non chaotic.
7. Complexity of Supply Chain – much analysis had been done on characterising up to 3rd party supply risk. Recent events have demonstrated substantive (direct and indirect) threat exists in Nth party supply risk, where N is greater than or equal to 4.
At PO Consulting, we keep things simple. We can assist in integrating cyber risk into unified risk management by :-
1. Using ISO31000 as the basis of risk management.
2. Expressing cyber risk in Business Context.
3. Ensuring that risks are characterised and managed using evidence based approaches.
4. Reviewing all material regularly as aspects change using the Plan Do Check Act paradigm. This ensures agility of approach to match the rapidly changing threat.
Audit and Risk Committees can have the assurance that ALL risks are represented and managed under unified governance.
