Enterprise risk management addresses anything that could impact the business – or the enterprise – negatively. It covers a large range of domains, such as financial risks, competition, legal risks, health crises (if we can see them coming early enough), etc … and also of course some IT and Cloud specific domains such as cyber attacks, data breaches, loss of visibility and governance when outsourcing to 3rd parties, etc …
The general purpose of enterprise risk management is to design an environment where if a potential risk becomes a reality and threatens the viability of the enterprise, the impact is at minimum contained. Or possibly to avoid a particular risk by structuring the business differently so that with the new structure or organisation that risk becomes irrelevant.
Information risk management is just one of the domains covered in the big picture enterprise risk management function. It focuses on protecting the information that is vital for your business to run properly, against the risks that could impact your ability to access and use that information, or keep it confidential when sensitive.
------------------------------
Guillaume Boutisseau
CCSK Authorized Instructor , CCSP
------------------------------
Original Message:
Sent: Mar 27, 2020 04:17:54 PM
From: Kaela Knoblich
Subject: What is the primary goal of enterprise risk management?
While going over Module 3, I am interested to learn more about the purpose of enterprise risk management. Should enterprise risk management be a more central focused topic versus information risk management when evaluating risk, or should they be looked at and assessed equally?
------------------------------
Kaela
------------------------------