SBN

How to prioritize security investment through risk quantification

Think of a circus juggler balancing dishes, bowls, and other flat objects on sticks. He needs to pay constant attention so as not to let them fall, rotating them at sufficient speed and at the right time.

Benefits of security investment prioritization
  • more efficient allocation of people, processes, and budget
  • increased focus around the risks that matter most
  • increased success rate: with risks treated according

This situation is similar to managing investments in security, where the juggler is the organization, the rotating objects are the risks, and the action of rotating them refers to the resources invested.

By understanding the rotating dishes situation, the equivalent of analyzing the risks, the juggler can decide on the order in which he needs to work on them, and the necessary speed to apply to each one of them, so none of them fall (i.e., the risks do not occur).

In this article, we will use the juggler analogy, and how he keeps the objects rotating, to explain how to prioritize risks through risk quantification.

Benefits of security investment prioritization

The juggler does not need to keep all the objects rotating at the same speed at the same time to keep them from falling. If he did that, he would soon become tired from the effort and would no longer be able to act, and the objects would start to fall.

This first analogy leads us to some of the benefits of security investment prioritization:

– more efficient allocation of people, processes, and budget: prioritization helps organizations to invest only the needed resources required to handle risks – no more, no less.

– increased focus around the risks that matter most: prioritization gives employees guidance on what the organization sees as important.

– increased success rate: with (Read more...)

*** This is a Security Bloggers Network syndicated blog from ISO 27001 & ISO 22301 Blog – 27001Academy authored by ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: https://advisera.com/27001academy/blog/2020/09/29/how-to-prioritize-security-investment-through-risk-quantification/