Learning to identify risk

The first step, it is thought, to performing a risk assessment is to identify the risks.  Then you institute measures to control them, and to mitigate the impact if your controls don’t work.

Bank examiners have recognized that there’s an important preliminary step: learning how to recognize this risks in the wild.

“Examiners Head for Cybersecurity School,” Wall Street Journal, December 1, 2014 C3. Regulators recognized the need for additional skills to deal with cybersecurity risks.

Is the same thing true of information governance?  Is it time for new skill sets?  Should the directors and senior managers get “dipped” in information governance and information-related risks?

Leave a comment

Filed under Board, Business Case, Compliance, Compliance, Duty of Care, Governance, Management, Oversight, Risk

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s