If you therefore choose to mitigate this particular risk, you should spend no more than approximately $388K. Based upon your desired risk appetite, the following (fig. 8) illustrates when you should mitigate a risk versus when you should choose other risk options. Increasing the slope of the line indicates your risk appetite is lower, since mitigation occurs more often. By decreasing the slope of the line, you demonstrate a higher risk, since you mitigate less often. If you think about past 'risk appetite measurements' and where risk decisions fell on the graph historically, the business intelligence this data provides is both interesting and valuable.
Making a decision to mitigate or manage a key risk can be difficult. Risk mitigations must be right-sized for your business by not costing too much or taking too long to implement.
By monetizing key risks, you will be able to convey impact in a more meaningful way. By providing consistent and methodical risk guidance, executives will be able to more effectively collaborate with you to improve alignment between business objectives and security.
Sign up for CIO Asia eNewsletters.