Best practices to ensure your organization is focused on the right types of risk


All organizations face some type of risk. Risks are determined by organization type, clients, workers, vendors and logistics, among many other potential factors. Basically, anything that is part of the organization, associated with the organization or contributes to operations represents some level of risk to the organization.

In order to properly evaluate potential risk, an organization should:

  1. Evaluate organizational structure
  2. Identify proper threat intelligence sources and gather useful information
  3. Perform risk assessment

Before we go more in-depth in each of these three steps, let’s look at a quick example below.


Tom and Bob, two friends and budding entrepreneurs, decide to start an international shipping company. They perform all of the initial steps to get started:

  • Register their company
  • Obtain all needed licenses
  • Purchase trucks, ships and so on

As an international shipping company, there are risks particular to their industry they need to evaluate. A few issues they face could include:

  • Piracy
  • Theft
  • Loss of shipment(s) to natural disaster(s)
  • Issues related to currency exchange rates

But how do they know that those are their potential issues? They could perform an internet search to do some research, or even watch the news. Current issues with pirates in certain parts of the world have been reported by news outlets. If their shipping routes travel through some of these areas, they could easily determine this is information they would want to pay attention to.

They could also look at other international shipping companies and see areas in which they have had issues or have fallen victim. If those companies have similar structures to Tom and Bob’s company, they could learn from their mistakes and ensure that they don’t overlook the same threats. To get started, they should perform an evaluation of their company’s structure.

Evaluating organizational structure

The first step in (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Tyra Appleby. Read the original post at: