Virtual Cyber & Technology Risk Management Forum

Risk Management Hierarchy

Strategic Risk

Organizational Risk Assessment – evaluates the risk to the organization from the highest level based on what the org has and does

Org Risk Assessment Business Process Risk Assessment (BIA)

BIA – designed to help prioritize and recover business processes; Includes other business process dependencies, Vendors, and IT Assets

Tactical Risk

Vendor Risk Assessment - looks at the criticality of Vendors and the risk of outsourcing; includes IT Assets

Vendor Risk Assessment

IT Risk Assessment – evaluates the Inherent and Residual Risk of IT Assets, threats, and controls; the deep-dive

IT Risk Assessment

© 2020 SBS CyberSecurity, LLC www.sbscyber.com

17