IIA Knoxville—Risky Business


Manage episode 201117705 series 1526526
By Karen Griffin and LBMC Information Security. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

No matter the industry—government, healthcare, financial, or even smaller, mom-and-pop businesses—each deal with some type of sensitive customer information, and each has decisions to make when it comes to managing risk. Most security and audit frameworks (HIPAA, ISO, PCI, NIST, SOC 2, etc.) have requirements for risk assessment, making them one of the first things auditors or regulators ask for. Many companies are still using spreadsheets when it comes to performing risk assessments, which can be ineffective and insecure. Such a lack of functionality can keep a company from moving beyond assessment and into true risk management.

In this podcast from the Institute of Internal Audit meeting in Knoxville, LBMC Information Security’s Bill Dean and Mark Fulford discuss the importance of risk management, including the effectiveness of risk assessments and how BALLAST can help organizations automate the risk assessment process.

Listen, and discover these key takeaways:

  • Understanding what’s important to your organization when it comes to managing risks
  • Reasons to consider more targeted risk assessments
  • Why you shouldn’t just do gap assessments
  • How to automate the risk assessment process
  • Why not to stop at the assessment phase

47 episodes