Blog

Developing a Portfolio View — RockCyber

- by Your Trusted Cybersecurity Partners - Leave a Comment

[ad_1]

Last time I talked about the 4th point under the principle of Coso’s management of Performance, Which is the risk answers. This week I will go to the 5th point pursuing that is Develops portfolio views

The performance has 5 points:

  1. Identifies the risk

  2. Evaluates the weight of the risk

  3. Prioritize the risk

  4. Realizes risky answers

  5. Develops portfolio views

The portfolio view allows the management and the council to look at the type, severity and interdependencies of the risks and how they can affect effectiveness. Using the portfolio view, the organization identifies severe risks at the organizational and business unit level. Risk registers of a business unit must be aggregated and therefore they can be evaluated and prioritized in business units in the risk profile of businesses. Cyber ​​assessment, along with other types of risks and common business goals, allows for proactive and effective risk solutions to the company management.

I broke how this is done in the process of 4 steps:

  • ·Step 1, ERM GuideIt involves getting the risk direction from the top of the organization and your ERM team. Corporate advice and executive leadership teams use external and internal factors together with their strategy to determine the levels of risk acceptance and distribution of resources to balance risk treatment throughout the organization. Operational leaders convey the resources and financial guidelines to the level of the business unit.

  • Step 2, Cyber ​​Risk Rates: In Step 2, cyber risk assessments are held at a business unit level. Understanding the management of Step 1 allows the cybersecurity teams to work with operating managers to determine, evaluate, manage, respond and report cyber risks within the business unit and in accordance with the organizational strategy.

  • Step 3, Risk Treatment and Monitoring: Step 3 reports the results of the risk and monitoring of stakeholders of the organization. Risk, decisions and condition are transmitted through the register of risk of the enterprise and are adjusted as needed.

  • Step 4, Risk Aggregation and Normalization: In Step 4, the ERM team collects, aggregates and normalizes the risk register information. This process allows the ERM team to:

    • Report an understanding of the actual and potential risks of threats and failures in the information and technology system of the enterprise.

    • Create a risk taxonomy and normalize risk management throughout the organization.

    • Inform the risk reduction activities at a business unit level and connect them with the organizational strategy and budget guidelines for prioritizing and applying risk answers.

    • Prepare disclosures at the risk level of the required accounting, public documents and even hearing at the congress.

Adjustments made in risk priorities, risk appetites and budgets are repeated as input back in step 1 as updated ERM guides.

Congratulations! You have done it through the 3rd leading principle of coso of Performance! Next time we will start on the 4th principle of the leading coso of Review and reviewS

As always, I love your comments and if you want to have a direct conversation, please shoot me a message and we will set up something. Thank you and have a great week.

[ad_2]

Related Posts

The Only Constant is Change. Can You Keep Up? — RockCyber

How Hungry Are You For Risk?

Strategy, Frameworks and More Frameworks — RockCyber

About Your Trusted Cybersecurity Partners

View all posts by Your Trusted Cybersecurity Partners →

Leave a Reply

Your email address will not be published. Required fields are marked *