• Product
      • circleROAR Platform
      • cogwheelZenComply
      • lockZenRisk
      • globeZenGRC Platform
      • chartRisk Intellect
      • kes tagPricing
    • Solutions
      • By Industry
        • TechnologyTechnology
        • Financial ServicesFinancial Services
        • HospitalityHospitality
        • HealthcareHealthcare
        • GovernmentGovernment
        • Higher EducationEducation
        • retailRetail
        • MediaMedia
        • InsuranceInsurance
        • ManufacturingManufacturing
        • Oli & GasOil & Gas
      • By Framework
        • PopularPopular
          • ISO
          • PCI
          • SOC
          • COSO
          • SSAE 18
        • PrivacyPrivacy
          • CCPA
          • GDPR
        • HealthcareHealth Care
          • HIPAA
        • GovernmentGovernment
          • NIST
          • FedRAMP
          • FERPA
          • CMMC
          • FISMA
        • FinanceFinance
          • SOX
          • COBIT
    • Success
      • customer-successCustomer Success
    • Resources
      • Resource CenterResource Center
      • Reciprocity CommunityReciprocity Community
      • NewsroomNewsroom
      • EventsEvents
      • BlogBlog
      • Customer StoriesCustomer Stories
      • Content RegistryContent Registry
    • Company
      • About UsAbout Us
      • Contact UsContact Us
      • CareersCareers
      • Leadership
      • Trust CenterTrust Center
      • PartnersPartners
      Get a Demo

        Risk Management 101: Plan for Uncertainty

        Published February 28, 2023 • By Chasserae Coyne, Technical Product Manager • Blog
        managing business risk uncertainty with security controls for risk management and compliance

        Benjamin Franklin once said that nothing is certain except death and taxes. It’s a statement most business leaders and risk managers would agree with today.

        Most of us are just trying to do what we can to keep things afloat, grow our businesses, help our employees thrive, increase our profits, keep our board happy and maintain that often tenuous balance between work and family.

        Each of these responsibilities comes with inherent uncertainty and risk, but that’s not necessarily a bad thing. To be innovative and competitive, you have to embrace risk and be willing to journey into uncharted territory – but not without taking the proper precautions.

        See also

        [White paper] Compliance Does Not Equal Security

        Manage Your Risk (and Uncertainty)

        Three years ago, almost every single business was faced with the imminent need to pivot as physical locations shut down for personal safety during the global pandemic. Almost without exception, those businesses that embraced the unknown and pivoted quickly were able to land on their feet and keep moving forward, often finding new and inventive ways to reach their customers and trying things they would never have otherwise.

        While we can’t avoid uncertainty, we can manage it by understanding our risk – whether IT, cyber, operational or otherwise – and what we can do to achieve positive business outcomes.

        Risk isn’t binary, but rather a continuum of how likely something is to happen and how much or little it will impact you. Understanding your risks (and the threats and vulnerabilities that could cause them to manifest) allows you to make informed decisions about how much risk you’re willing to take on as an organization and what controls you can put in place to reduce that risk.

        Start with these 4 fundamental risk management practices:

        4 Fundamental Risk Management Practices: Stay Compliant with Relevant Regulations | Proactively Manage Your Risk | Balance Risk and Reward | Get Strategic about Your Security

        #1. Stay Compliant with Relevant Regulations

        Imagine your organization is an automobile, and as a business leader, you’re in the driver’s seat. It’s your job to take your organization from where you are now to where you want to be.

        How do you make the trip (with minimal risk)?

        Implement Controls

        You have to have some basic ‘controls’ in place to get yourself on the road – a steering wheel, a gas pedal, seats, tires, brakes and so on.

        Follow Standards

        As a driver, being compliant is also important and there are ‘standards’ we all have to follow. This means driving the speed limit, stopping at red lights and stop signs, staying between the lines and keeping a safe distance from the person in front of you.

        You could also be required to have things like seat belts, rear and side mirrors, windshield wipers, airbags and other minimum safety controls. You’ll have to purchase car insurance in case you’re involved in an accident, as well.

        At this point, you’re feeling pretty confident. You’re following all the rules, and you think you’ve implemented enough controls to keep yourself safe and driving forward.

        However, the landscape can be treacherous and full of threats. And sometimes, even though you comply with all the guidelines and have controls in place, an incident can take place that brings your vehicle (or your business) to a screeching halt.

        How do you plan for such threats?

        #2 Proactively Manage Your Risk

        It’s often after these incidents have occurred that we have the most clarity on what went wrong and how we could have prevented it. But how can you ensure that you’re taking steps now to avoid disaster later?

        With a proactive risk management plan. Start by understanding your risk exposure, and the relationship between risks, threats and vulnerabilities.

        Let’s continue with the vehicle analogy to shed some light on the differences between these three concepts.

        Threats

        When you’re driving, there is any number of threats that could impact you and your vehicle, and they can vary based on where you live, what season it is or even what route you take when you drive.

        Threats can be things like snowstorms, ice, tornadoes, a lack of signage and clearly-marked lines – or my Michigan favorite – potholes. They could be situations caused by other parties but that still impact you: for example, drivers crossing the line or running stop signs; drivers going too fast or tailing too closely; inebriated drivers; or even a deer jumping out into the road.

        Some threats will be more relevant to you than others, so you need to understand which ones are the most impactful to your situation and need your attention.

        Vulnerabilities

        You also need to consider any weaknesses that affect you or your vehicle. Vulnerabilities could be things like having low tire pressure, not replacing the brake pads and rotors, being an inexperienced driver, having poor eyesight or not having safety equipment in your car like a tire jack or a spare tire.

        The more vulnerabilities you have and the longer they go unaddressed, the more likely it is that a threat will be able to exploit them. And just like threats, not all vulnerabilities are created equal: some are merely minor inconveniences while others could cause serious damage if they’re not taken care of.

        Risks

        Risks are the potential harm you could face if you’re impacted by a threat. Possible risks could include expenses associated with managing a loss event; fines and judgments; lost, damaged or stolen assets; or ineffective remediation action.

        Essentially, risks are how a threat could impact you – either on its own or by exploiting a vulnerability.

        For example, if you have multiple drivers in the family (vulnerability), you could have difficulty maintaining personal accountability (risk) if someone hits a pothole (threat) and damages the car (another risk).

        Unlike threats and vulnerabilities, which can change and evolve over time, risks are predetermined and finite. Using a prescriptive risk register is a great way to ensure that you know your risks ahead of time and that you aren’t overlooking a potentially impactful risk.

        #3 Balance Risk and Reward

        Do the risks associated with driving a vehicle keep you from taking to the open road? For some people, it might, but for a lot of us, the risk of driving is worth the reward of having the freedom to commute and explore.

        If I expected that driving the speed limit and following the rules of the road was going to keep me safe, I would definitely not have purchased the all-wheel-drive SUV I have parked in my garage. Instead, I thought about the threats I might experience based on where I live and how much I drive and used that information to make a strategic decision about the vehicle that made the most sense for my situation and was within my budget.

        For your first vehicle, I’m guessing that you had a more basic set of controls to work with (as well as a more flexible opinion about the rules of the road).

        It was experience and having a better understanding of the threats and risks associated with driving a vehicle, as well as how to remediate vulnerabilities along the way, that made you a more proficient driver. Maybe that’s what caused you to invest in a vehicle that had anti-theft alarms, high safety ratings and three rows of seats. Or maybe that’s why you got that sweet sportscar because you understood the risks and decided that it was worth the reward.

        That’s really what managing risk is all about: you can’t avoid uncertainty; however, if you know what threats impact your business, manage your vulnerabilities and understand your risks, you’re giving yourself the tools you need to make strategic business decisions to successfully drive your organization into the future.

        #4 Get Strategic about Your Security

        Of course, when you’re leveraging risk like that, you’ll need to take extra precautions – and not just implement more compliance controls.

        Risk management is about planning for uncertainty, and compliance standards written months or years ago can’t protect you from evolving threats and vulnerabilities. In other words? Compliance does not equal security.

        Get strategic about your security with this FREE whitepaper today – so you can securely accelerate your organization’s strategic business objectives tomorrow.

        Why sign up for the Risk Insiders newsletter?

        To stay in the know! Get new blogs, resources, CPE opportunities, industry research & more — direct to your inbox.

        Thank you for subscribing to the Risk Insiders newsletter!

        Recommended

        Image
        Up Your Lean Risk Management Team’s Efficiency
        Best Practices for Lean Risk Management Teams
        Risk

        Up Your Lean Risk Management Team’s Efficiency

        Read more
        Image
        Duty of Care Risk Analysis (DoCRA) Explained
        hand tapping digital risk management icons
        Risk

        Duty of Care Risk Analysis (DoCRA) Explained

        Read more
        Image
        The Secret to Reframing Risk
        reframing cybersecurity risk
        Risk

        The Secret to Reframing Risk

        Read more

        Discover the Power of the Reciprocity ROAR Platform

        Get a Demo
        Reciprocity Logo
        Product
        • ROAR Platform
        • ZenComply
        • ZenRisk
        • ZenGRC Platform
        • Risk Intellect
        • Pricing
        Solutions
        • Industries
        • Frameworks
        Success
        • Customer Success
        Resources
        • Resource Center
        • Reciprocity Community
        • Newsroom
        • Events
        • Blog
        • Customer Stories
        • Content Registry
        Company
        • About Us
        • Contact Us
        • Careers
        • Leadership
        • Trust Center
        • Partners
        Contact Us
        Contact Us

        © 2023 All rights reserved

        Privacy Policy