A two minute reflection exercise on risk

This exercise will help you reflect on whether your current risk management approach is able to provide you with sufficient answers.

Regarding your current IT risk management

  • How do you know when your risk management works?
  • If it does not work, would you know?
  • If it does not work, what would the consequences be?
  • Are the board and executive management satisfied with soft, qualitative statements of risk?

Regarding your current IT-risk

  • What is the combined risk for the IT area in your organization?
  • How much risk reduction can your organization achieve by investing, e.g. $100.000, in IT security initiatives?
  • Which of your current IT security measures reduces your risks the most/least?
  • What is the probability that your organization, within the next 12 months, will be hit by a severe cyber incident with 2-3 weeks of lost access to critical IT systems?
  • Is the risk of an IT specialist with essential knowledge leaving your organization greater or less than a cyber incident causing the loss of 10 social security numbers?
  • How much money should you invest in security, and in what order should the initiatives be initiated to bring the risk level below your current risk tolerance?

If you can satisfyingly answer these questions, your risk management strategy is where it should be. If that is the case, we would like to understand how you achieved it.

If, instead, you felt uncertain on some questions or perhaps unsafe, do reach out to us and let’s talk about how ACI can help you reduce that uncertainty.

A quick warning: Learning how to perceive risk quantitatively can change your professional life for good.


Contact us

Telephone: +45 3999 0121
Email: info@aci.dk



Should we contact you?

    This site is protected by reCAPTCHA and is subject to Google’s Privacy Policy og Terms of Service.