topic Industry emphasis on Risk Management? in Tech Talk

Industry emphasis on Risk Management?

Daniel-Nash1 — Mon, 09 Oct 2023 08:59:59 GMT

Recently I have heard of more and more inquiries as to how Risk Management is being handled and what is being used as far as tools. This appears to be a current topic of renewed interest. What have others seen or heard?

Re: Industry emphasis on Risk Management?

Krisboike — Mon, 29 Oct 2018 15:19:11 GMT

In my organization, ($800M revenue), we have not been able to receive funding for a GRC tool. So I have used the Gartner/CEB spreadsheet template, constructed within SharePoint a Risk Register and a Security Risk Exception repositories and request and approval workflows. Not bad for a poor-person's solution. It has passed SOC2, Type II and ISO 27001 External Certification two years now, and Hitrust Certification as well.

Re: Industry emphasis on Risk Management?

Damyen — Thu, 08 Nov 2018 18:07:57 GMT

I'm in the same boat as you, we have not been able to receive funding for a GRC tool. Where could I get a copy of the Gartner/CEB spreadsheet template?

Re: Industry emphasis on Risk Management?

danyo — Thu, 08 Nov 2018 20:23:15 GMT

My org has updated to RSA Archer 6.x. As a submitter, I find it pretty easy to use and our information protection team has customized intake questionnaires to expedite the assessment/review process.

Re: Industry emphasis on Risk Management?

Jazyrn — Sat, 17 Nov 2018 15:54:14 GMT

I am relatively new to my organization, it does not appear the we have a culture that is thinking integrated risk management at this time. I appreciate the insight about the Gartner spreadsheet, perhaps I can use this as an introduction to the need for change towards an integrated risk management approach within the organization.