Beyond Asset-Based Risk (E13a)
Enterprise Security Standards of today typically prescribe the creation of “asset-based” risk assessments to protect their enterprise information. Today’s multi-vector threat landscape requires us to think of risk in a more broader sense. One solution is to re-address the risk assessment process to also include “process-based” risk models aimed at assessing business value risk (through the combination of related assets) as well as risk contributed by business partner integrations within an enterprise.