No matter the industry—government, healthcare, financial, or even smaller, mom-and-pop businesses—each deal with some type of sensitive customer information, and each has decisions to make when it comes to managing risk. Most security and audit frameworks (HIPAA, ISO, PCI, NIST, SOC 2, etc.) have requirements for risk assessment, making them one of the first things auditors or regulators ask for. Many companies are still using spreadsheets when it comes to performing risk assessments, which can be ineffective and insecure. Such a lack of functionality can keep a company from moving beyond assessment and into true risk management.
In this podcast from the Institute of Internal Audit meeting in Knoxville, LBMC Information Security’s Bill Dean and Mark Fulford discuss the importance of risk management, including the effectiveness of risk assessments and how BALLAST can help organizations automate the risk assessment process.
Listen, and discover these key takeaways:
- Understanding what’s important to your organization when it comes to managing risks
- Reasons to consider more targeted risk assessments
- Why you shouldn’t just do gap assessments
- How to automate the risk assessment process
- Why not to stop at the assessment phase
Subscribe to the Cybersecurity Sense Podcast on iTunes.
To learn more about LBMC Information Security or to speak to one of our trusted professionals about our services, including risk management and automating your risk assessment process, contact us today!