Risk Appetite: What Really Matters

When thinking about risk appetite, it might be a rewarding exercise to self-reflect a bit and think about where real risk for an organization will arise. If we really understand risk to be related to the likelihood and severity of bad outcomes an organization wishes to avoid, we should be thinking about how bad things in the technology risk universe can occur in a business context.

Innumerable research reports, including the recent Verizon Data Breach Report, show that the vast majority of attacks on organizations come from outside and not from within. The percentage of organizations that suffer from attacks by malicious insiders is small.

Read more: Risk Appetite: What Really Matters >

Source: isaca.org