1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

IDG Contributor Network: It's all about critical processes

Discussion in 'CSO' started by RSS, Jul 27, 2016.

  1. RSS

    RSS New Member Member

    Risk assessments, vulnerability management, and penetration tests are often seen by my students as focused on a server or a set of hardware and software in isolation. While this might occur in a business trying to test a subset of a system, it is not the best way to protect the business. To fully manage risk, we need to focus on business processes.

    The challenge

    Business processes run the business. According to Chris Anderson, writing for bizmanualz, the top 10 core business processes include:

    • Marketing
    • Employee satisfaction [e.g., payroll]
    • Quality management
    • Financial analysis
    • Management operations
    • Sales
    • Product development
    • Product/service delivery
    • Accounting [e.g., accounts receivable and accounts payable]
    • Technology management

    In addition to needing attention following a catastrophic business continuity event, these processes must also be the targets of risk assessments. What happens if just one of these processes is interrupted? What is the potential business impact? In addition, we have to assess the likelihood that one or more components of each of these processes will be compromised by an attack or simply fail.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page