Monitoring Changing Risk

Once we’ve performed a risk assessment, it isn’t sufficient to call it done at that point. We need to monitor that risk assessment on an ongoing basis going forward. We need to make sure that the assumptions that we’ve made continue to hold true as time goes on. Your company changes, the threat landscape evolves, even your personnel changes within the organization can result in a change of your risk landscape and profile. We have to keep current. And to do that, we’re going to monitor risk factors internally and externally. We're going to keep an eye on developments, both in our industry and in the global landscape of information security. We're going to update the components of our risk assessment as those monitoring activities determine new risks or identify risks that we thought were significant that have dropped off of the radar. We're going to monitor our mitigation activities and we’re going to make sure that all those controls we put in place are working to the level we thought they were going to work. And above all, we’re going to continuously re-affirm scope, purpose, and our core assumptions of the assessment to make sure that all of these conceits against which all of our stakeholders are operating, remain true and vital for the organization going forward.  

Related Videos