Understanding and quantifying information security risks lies at the heart of many security issues. If you can’t quantify risks, you can’t address how to protect your data assets, corporate secrets, and employees’ and customers’ privacy and information. Managing these risks and improving security is everyone’s responsibility, not just the province of the IT department. Businesses are moving in this direction in part because of the Covid pandemic, and also because more companies are becoming dependent on digital technologies, thus increasing their potential attack surface. More sophisticated attack methods make the world of security risk management more complex and important to understand.

In this post for Linode, I describe what is Information Security Risk Management, why it matters for businesses, how to develop an appropriate plan (such as the above suggestions from a recent Dragos report above) and get management buy-in, and why you should periodic risk assessments.