All Matches
Solution Library
Expert Answer
Textbooks
Search Textbook questions, tutors and Books
Oops, something went wrong!
Change your search query and then try again
Toggle navigation
FREE Trial
S
Books
FREE
Tutors
Study Help
Expert Questions
Accounting
General Management
Mathematics
Finance
Organizational Behaviour
Law
Physics
Operating System
Management Leadership
Sociology
Programming
Marketing
Database
Computer Network
Economics
Textbooks Solutions
Accounting
Managerial Accounting
Management Leadership
Cost Accounting
Statistics
Business Law
Corporate Finance
Finance
Economics
Auditing
Ask a Question
AI Study Help
New
Search
Search
Sign In
Register
study help
business
risk management financial
Questions and Answers of
Risk Management Financial
“Do I have a method for determining who in my organization is most responsible for assets/facilities/processes?”
“If I were asked to value a specific business asset, how would I be able to identify the best valuation method? What are some possible methods?”
“Who would I ask for help to develop a real-world valuation, and what questions would I ask?”
“Who are the strategic partners in the accounting and finance group who might have already developed asset valuation models that are accepted in my organization?”
“Is there a standard asset list already created by some other function in the organization that can assist with the valuation process? Who would have such a list?”
“What might be the best published standard to apply to my enterprise?”
“Could I leverage the work of other people in my enterprise who manage other types of risk to begin my security risk assessment?”
“Do I have any direct contact with my enterprise’s customers or clients, so that I can fully understand their view of my organization?”
“How can I leverage my information gathered prior to beginning the ESRM program, so that it will assist me in identifying all the risks?
“Have I ever used scare tactic to describe a potential impact from a threat, because I thought the facts of the risk were not sufficient to have my plan implemented?”
“How do I communicate the existence of security risks to my stakeholder audience currently?”
“Is there disagreement in my enterprise over prioritizing one risk over another when leadership is planning budgets, and so on, around security?”
“If I needed to at this time, would I be able to impartially mediate a disagreement between two equally authorized stakeholders on a risk priority? What if I agreed more with one, but both had the
“What industry or professional standard might be the most appropriate to consider for my enterprise?”
“Are there specific laws in my country or specific regulations in my industry regarding risk that I must consider at this point in the ESRM cycle?”
“Do I feel like I am able to escalate security risk mitigation conflicts to the appropriate level in the organization if necessary?”
“Do I have a clear understanding of the risk tolerance of my enterprise, and do I know what level of the organization is proper for risk decision making when it exceeds stated tolerance?”
“Are all security or security-related incidents being reported to my security department for response? If not, what types of incidents are directed to other groups, such as HR or Audit?”
“What methods of reporting exist within my enterprise to ensure that employees can escalate potential incidents and concerning behavior to the security team?”
What’s been depreciated or retired since the last assessment?o Have any products been pulled from the market?o Are some services no longer being offered?o Have any systems been replaced or retired
Have postmortem recommendations been followed or completed?o Has the mitigation process been completed for risks found through the last assessment?o If not, why are open issues still open?
What’s new in the environment?o What assets have been purchased?o Has the business mission changed?o Has the business reorganized into different business units?o Has the business launched any new
Are there any new risks?o Have previously identified risks become more significant?o Are there new mitigation tools that would be more effective and efficient to minimize risk?o Have previously
“Do I have a defined reassessment program for assets in the enterprise that have been through an initial assessment?”
“Once a security program is implemented, have I gone back on a regular basis and reviewed the metric of efficiency or effectiveness of that program?”
What are some political challenges that you feel are worth and not worth overcoming to gain the benefits of a converged environment? Are there scenarios you can think of where you would or would not
If you were the executive in charge of a siloed security organization today, what would your opinion of managing a converged security structure be? In a task-based department? In a riskbased
How can the reputation of the security practitioner impact perceptions of the risk information that is presented to the asset owners and risk stakeholders?
Why are conflict-resolution skills important in the risk prioritization process?
How can the security practitioner best ensure that the asset owners and stakeholders truly understand the security risks that the enterprise faces?
In the security area, why is the most common response to risk to mitigate the risk? Are there places where other options might be acceptable if explored? How might risk acceptance with monitoring
As a security practitioner, how does having a trusted relationship with your strategic partners benefit the business when conflicts arise between stakeholders?
If you are dealing with a risk stakeholder who is attempting to accept a risk that exceeds their authority, what are some ways you can think of to escalate the risk decision to the appropriate level,
If a risk owner refuses all your security risk mitigation recommendations, and they have the appropriate authority to do so, then in the ESRM philosophy, you have successfully completed your role.
Why is root cause analysis so critical to security program improvement? Do you think it’s possible to improve and advance without this aspect?
Why is it important to the ongoing improvement of the security program that all security practitioners continually scan the internal and external environment for new risks?
What are some ideas for encouraging all enterprise personnel to take an active role in securing the environment and to report any incidents or potential security issues they are aware of?
What is your best source of information on internal threats and potential risks? How do you make sure you are hearing the information?
Where could you potentially involve design thinking in your everyday life? Are there aspects of the process, like empathy, testing, and feedback, that could provide benefits outside of the business
Identify and discuss areas of business that you think could benefit from the design thinking process. Are there areas that might not benefit from a formal, iterative design process? Why or why not?
When is the ideal time to start involving your stakeholders in the process of designing your ESRM program? When should you reach out to them and begin to talk about the topic?
What are some strategies you can use to engage executives and other strategic partners in learning about ESRM?
How does working with functional leaders who have the most complaints and issues with a process benefit the enterprise? Can you think of concrete benefits from engaging your most difficult partners
What are some reasons a business leader might not want a security risk identified? How can you work around some of these issues?
Why is it important to have examples of what other risk-based organizations need to properly perform their duties, when explaining ESRM to executives or other business function leaders?Are the
How does security benefit from transparency? Can you think of any instances in an ESRM program where transparency of risk and process (not investigations or private details) would not be a benefit?
How would you define authority and scope within your department’s area of responsibilities?What would you do if other groups were attempting to limit your scope in areas they think they should
How can you leverage your business’s understanding of corporate governance to assist with implementing ESRM governance?
Why is a security council an important part of the ESRM program?
How might implementing ESRM be more difficult without a security council? Give examples of ways the security organization could implement a council-like advisory group if it is not possible to
What are some ways a security department might be structured to take advantage of strategic management of various technical disciplines, rather than just organizing according to discipline?
How can understanding risk and risk management help you in developing an optimal structure for your security department?
Under what circumstances are postmortem reports most appropriate as part of the wrap-up of an investigation? When might a postmortem report be unnecessary? As a security practitioner, how can you
Why is it especially important that the security investigations processes and procedures be transparent to your strategic partners? How might you benefit from your partners understanding more about
How might different members of a security council react to an investigation into wrongdoing in another part of the enterprise? In their own part of the enterprise?
Does having business partners who perceive physical security as the sum all of security responsibilities truly hurt the department? What if it is the majority of what the department does anyway? What
What topics might be included in an assessment to add to the overall understanding of enterprise assets?Can you think of critical asset areas that are easily overlooked? How can you drive more
The process of managing a security risk decision-making process is fundamentally different from managing a risk mitigation activity. What are some effective ways to explain this to the non-security
If an IT department objects to having a security risk-management program and governing council oversee technology-based security risks to the enterprise, what reasons might they give? Can you think
In an environment with two separate teams – one for technology-based security and the other for remaining areas of security, such as physical security and investigations – how can the leaders of
Business leaders may argue that that discussing workplace violence is too scary and disturbing to employees. What are some ways you could counter these objections?
How can increased visibility of a specific type of security incident, like workplace violence in this case, help or hinder a security program? Can you think of instances in which news events have led
How could awareness of domestic violence in the workplace help convince employees that they should be more vigilant in helping to enforce a security culture in your organization?
Why might some continuity and crisis professionals insist on complex plans, teams, and programs, even in industries and organizations where regulations would not require them? What arguments might
How can a well-functioning continuity and crisis program assist with all areas of an ESRM security program? How can the partnerships formed on the crisis team assist with implementing other aspects
In what circumstances – and why – might executives fail to recognize security risk as something that needs to be managed at the enterprise level? What are some ways that you could show the
What arguments or objections might you expect to receive from the executive level on the importance of managing security risk in a department that has transparency, independence, authority, and
What are some potential obstacles that could happen in the process of building a unified budget?
What are some of the aspects of the security budgeting process that require strong partnerships with other departments in the enterprise? What are the advantages of developing strong partnerships
What are some reasons that people who receive metrics and reports about a traditional security program might not find them relevant? Discuss ways to determine how to enhance relevance in security
Discuss reasons that a “less is more” philosophy towards metrics and reporting might ultimately benefit the overall message of a metrics report.
Discover how ESRM can help advance you in the security field, no matter if you are a student, a newcomer, or a professional.
Identify the challenges at each step of your career development.
Recognize how all roles and departments in an organization can work together to handle risks using the ESRM model.
Involve the Board in ESRM and help members see the benefits.
Define ESRM.
Understand why ESRM is important both for your security program and for the entire security profession.
Explain how ESRM is different from enterprise risk management (ERM) and why your organization needs both.
Explore how security has traditionally been viewed both inside and outside of the security profession.
Understand how ESRM can change the perception of security in your enterprise to help you better communicate the value of security risk management.
See how ESRM is the best methodology to meet the changing global security risk climate.
Do the up-front research to embark on an ESRM program.
See how to relate your security program to your business environment.
Identify the stakeholders in your security program, and understand their needs.
Understand the difference between an asset owner and a risk stakeholder, and determine how to best work with each.
Understand corporate culture, which will be the foundation for a risk-based security program.
Understand the overall ESRM life cycle.
Compare the ESRM life cycle to other industry life cycles and models.
Get a view of the ESRM cycle in action.
Explore and identify what is an asset for risk management purposes.
Find all the stakeholders associated with any specific asset.
Assign business value to assets, in partnership with the asset owners.
Recognize the role of security, and the role of the asset owner in determining asset priorities.
Clearly communicate the difference between a threat and a risk to your stakeholders.
Follow a clearly defined risk assessment process based on an industry standard.
Prioritize risks in partnership with the business leaders of your organization to protect your enterprise in line with set tolerances.
Clarify the definition of risk mitigation within the larger context of risk treatment.
Explore the ESRM approach to presenting mitigation activities as risk response.
Explain to your strategic partners the roles of security and of the business stakeholders in making risk mitigation decisions.
Understand how the ESRM cycle continues to identify and mitigate new risk.
Showing 1000 - 1100
of 1698
First
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17