AvePoint
Resources Blogs Implementing an Effective Risk Management Framework

Implementing an Effective Risk Management Framework

author
calendar05/11/2015
clock 2 min read
feature image

I recently had the opportunity to author an article for Help Net Security discussing how organizations can implement a risk management strategy that is effective and measurable.

In today’s marketplace, almost every employee is now a content contributor. Although beneficial to the collective of information available, this influx brings about new risk. Legal systems worldwide are clamping down and demanding greater compliance – particularly on IT systems – making it essential for organizations to implement compliance and risk management protocols. So how do we balance the benefit of the free flow of information with the risk of inappropriate access and/or disclosure? What are the consequences of not doing so?

I have heard some companies even describe their calculations as follows: “If something bad happens, we need to address the following questions: Will my CEO go to jail? Will the company suffer crippling fines, penalties, or potential legal liabilities? Will the cost of a preventative solution outweigh the costs of what the company would pay in the worst case scenario?” This approach lends itself to a lot of speculation. Implementing a more mathematical approach provides a company with a more repeatable process. Analysis of this risk requires a balance of standards, exposure, and what it means to your business.

In the article, I discuss four simple steps that organizations can take to implement a risk management strategy that identifies policies and controls reflecting real life data protection and risk management. These benefits include:

1. Assess: Understand what kind of sensitive data the company holds and how the systems it uses will collect and protect that data.

2. Validate: Prove that the data that may put the organization “at risk” is in the proper systems.

3. Control: Protect sensitive information with controls for security, geography, retention, and classification – reducing risk across the enterprise.

4. Report: Provide executive reports on Key Performance Indicators (KPIs) or Key Control Indicators (KCIs) to highlight areas in the organization that need to be addressed to reduce risk, or report on progress made throughout the lifecycle.

To read more about the benefits of implementing a risk management strategy and how to do so, please visit Help Net Security.

To learn how AvePoint can help organizations with creating a comprehensive risk management framework, please visit our website.

author

Dana Simberkoff

Dana Louise Simberkoff is the Chief Risk, Privacy and Information Security Officer at AvePoint. She oversees a global team of subject matter experts who monitor industry trends, emerging technologies, and best practices in risk management and compliance. Dana also provides strategic guidance on product direction, technology enhancements, customer challenges, and market opportunities, partnering closely with internal and external executive stakeholders. Dana is an industry leader, previously serving on the Education Advisory Board for the International Association of Privacy Professionals (IAPP) and as a founding member of the Women Leading Privacy Advisory Board. Dana has been featured in the Wall Street Journal, Forbes, Security Magazine and more, and is consistently recognized by organizations like IDC and CSO as an influential woman in cybersecurity. Dana holds a Bachelor of Arts degree from Dartmouth College and a Juris Doctor from Suffolk University Law School.

complianceCompliance Guardianrisk management