too fat a budget for risk assessment and pen-testing?

May 26, 2017 BY iTGRC Asia

  Organizations are rushing into penetration testing, and they are all good with data protection or meeting regulatory compliance? Done with risk assessment, remediation and penetration ...

Where did the investment go? 

 

Organizations are rushing into penetration testing, and they are all good with data protection or meeting regulatory compliance? Done with risk assessment, remediation and penetration testing, it’s just the beginning of the compliance journey. why organization are spending so much on these activities, and the benefits received may not be immediate?

Re-look at how much is enough and not overspend your budget on work that’s not going to bring values to your business. Understand the significance of risk assessment, and conduct the penetration testing accordingly, cover the essentials that are of business values, the values that tied to your companies’ credibility and responsibilities to users or your customers that give the extra miles to your reputation.

Risk assessment and penetration testing can be done easily or bought in as a service, even in a complex or silo-based environment but returning the values to the business needs to be thoroughly thought through, perhaps by 80/20 rule.

A very recent lesson learned from a highly regarded and remarkable transformation leader in the region, he said – pursue the game of impossible, identify the key performance indicators as the anchor, and intervene through discipline action; i.e., be ruthless with your priority, chunk it down the most meaningful performance indicators, invest the appropriate resources that stress them to the limit within the threshold and let the talent & resources evolve the transformation; it's analogous to, - we shall emulate the same precepts, where any enterprise invests in their privacy or data protection as well as cyber-security initiatives, you need not spend a whole lot to get the right result.

 

Check this out from iTGRC Asia Practitioners’ Advisory group

Email: info@itgrc.asia 

phone: +65 6818 0839