Risk Management: How to Put Theory into Practice
Risk Management: How to Put Theory into Practice

NIST long ago articulated its Risk Management Framework, which aims to improve organizations' abilities to manage security risks posed by cyber threats, system vulnerabilities and evolving business requirements. But why do organizations still struggle to put theory into practice?

Join this discussion featuring NIST's Ron Ross and DHS's John Streufert, who offer insights on:

  • Goals of leading IRM implementation;
  • Assessing risk in volatile times;
  • Handling conflicts among stakeholders.


The information risk management framework has been around for years, but a growing number of organizations struggle in implementing a successful program.

Part of the problem is cultural; information risk management isn't integrated into the fabric of many enterprises, as it should be. Top leaders often do not actively encourage information risk management best practices. Without such support, an information risk management framework won't get propagated throughout the organization. And that proves costly.

By implementing an information risk framework enterprisewide, organizations not only save money by doing it once, but help reduce vulnerabilities by making sure proper controls are implemented throughout the organization.

And because threats intensify daily, the need for organizations to implement an information risk management framework is more important than ever.

In this session, an expert panel, including Ron Ross of NIST, reviews:

  • Common mistakes made by organization implementing an information risk management framework;
  • How to overcome organizational challenges and ensure a successful implementation.

Around the Network