Look at information security through the lens of business risk, and you’ll begin to make decisions about security in light of their impact on the business. With security threats emerging faster than ever, what information is most important to protect? What happens if it’s not protected? What strategic business advantage do you gain if it is protected?


To find the answers, you need a GRC framework for business risk management within which you can identify key business priorities and align them with security information and decisions.


Join Marshall Toburen, GRC Strategist for RSA Archer®, as he shares a seven-step methodology for a GRC-based business risk management framework, including tips for:

  • Defining what information needs to be protected and identifying the location and amount of important information
  • Establishing a “risk tolerance” and understanding your organization’s cyber risk appetite
  • Conducting information risk assessments to help determine levels of inherent and residual risk