Risk today is a complex problem for any enterprise. Regardless of your industry, your business model or your mission, risk comes in all forms and no risk stands alone. A security breach can become a compliance violation can become a public relations mess can become a hit to the bottom line… The web of risk is undeniable. 20 years ago a security vulnerability on some desktop couldn’t lead to an executive losing his/her job and a drop in stock price but today it can – and has – happened. A localized event on the other side of the world rarely affected an entire business but it can – and has – happened. Risk Management must be approached with a holistic, and integrated, strategy.
In 2013, RSA Archer published a GRC Reference Architecture outlining the many layers of a GRC program. We recently updated this publication to reflect today’s reality of the need for integrated business risk management. The RSA® Archer® Business Risk Management Reference Architecture is a high-level visual representation of the framework needed within an organization to understand and manage risk and compliance obligations across the enterprise.
When building your own approach to risk management, some key objectives must be folded into your strategy:
Depth and Breadth. Business risk management requires several disciplines working together in a flexible framework that goes deep into the organization to fulfill the changing needs of today’s modern enterprise.
Adaptable. The (Read more...)
*** This is a Security Bloggers Network syndicated blog from RSA Blog authored by Steve Schlarman. Read the original post at: http://www.rsa.com/en-us/blog/2018-01/rsa-archer-business-risk-management-reference-architecture.html