Excerpt from: Rethinking risk
Everyone agrees that risk is essential. They just have different versions of what risk is, Evan Schuman reports.
It’s time to rethink risk – both how to operationalize it and how to define it. With all the incompatible views of risk from different stakeholders through an enterprise, it’s hardly surprising that so many organizations struggle to get beyond checklist security mentality.
“Start with a listening tour: What (those other LOB executives) care about, what their business objectives are,” says J. Wolfgang Goerlich, advisory CISO of Duo Security. “You must interpret and explain security needs as business outcomes. Security can no longer be about avoiding the bad things. It must align to the business direction.”
Read the full article here: https://www.scmagazine.com/home/security-news/features/rethinking-cyber-risk/Posted by