This Week's Online-Exclusive Feature
Evolving Cyberrisk Practices to Meet Board-level Reporting Needs
18 January 2017
Jack Jones, CISA, CRISC, CISM, CISSP
Imagine being an executive sitting on the board of directors for an organization. Of the following two risk report statements, which one would likely be more meaningful and useful?
Read More >>
Indicates Online-Exclusive Content
- The current deficiency in control X represents a high level of risk. By spending US $400,000 to implement technology Y, the organization will bring control levels into alignment with best practice and reduce the potential for significant loss.
- The current deficiency in control X represents an annualized loss exposure of US $22 million. By spending US $400,000 to implement technology Y, the organization can reduce this exposure to US $4 million. The risk reduction benefit is represented visually in figure 1.