Risk tolerance is defined as the amount of risk an organization is willing to accept, given the value they would like to establish and create in an organization. Each retail organization needs to understand the value they are creating, and how the risk associated with that value needs to be determined, controlled, and eventually mitigated should an attack occur.
Obviously, there is no such thing as a perfect system. Because of this, it is imperative to determine the risk appetite of the organization. Some would argue that the financial crisis of 2007-2008 occurred due to lack of risk assessment, and direction about who or what was responsible for that risk. Likewise, companies in a retail setting need to understand and determine the risk to protect their trade secrets and customer information.
The retail industry should be regulated like the banking industry due to the highly sensitive data they possess. They would need to develop a low risk appetite, meaning implementing controls and safeguarding information to a point of overreaching. If a new company were to establish itself without a risk plan, they could outsource their IT infrastructure and personnel to partially relieve themselves from the burden. This is referred to as risk transferrence and it would be a preferred method for smaller retail locations who would need to just focus on selling and producing goods for purchase. This strategy is also not perfect as the organization would need to fully research the IT company with which they are entrusting their data, and also that the risk would not be 100% transferred.
Analyzing risk appetite is an important aspect of overall risk management.
-Angie
No comments:
Post a Comment