As IT organizations seek to make better risk-based decisions about security practices, perhaps the number one component for success is the IT risk assessment. However, even when organizations actually conduct a risk assessment, they frequently fall prey to mistakes that can greatly devalue the exercise. Here are some of the most common blunders to avoid.
Forgetting To Assess Third Party Risk
Most IT risk experts agree that most enterprises today simply don’t work to gauge the level of IT risk posed by vendor and other partner infrastructure that touches their most sensitive data.
“One area that many companies are not doing enough on is managing their relationships with third party vendors they use,” says Brad Johnson, vice president of consultancy SystemExperts. “Often, once the lawyers have finally signed off on an agreement, both parties tend to have a very hands-off approach with each other and forget the details of making sure things are staying on course.”