“As security risks increase in variety and scope, knowing what not to do is as important as knowing what to do when it comes to risk assessment.”
Glenn Baruck, eDot
“The way we’ve always done it” is not a great way to handle the security risk assessment process for any business or organization. As security risks continue to increase and multiply in complexity, using this strategy (and several others outlined here) can put your organization on shaky footing when it comes to identifying, assessing, avoiding, and mitigating both digital and physical risks.
Regardless of business/organizational size, understanding some of the common mistakes made by security practitioners in conducting risk assessments and how to avoid them is critical. If you are in management or part of the risk assessment process, this recent piece written by The Security Executive Council from SECURITYINFOWATCH.com may prove invaluable.