As RiskLens Risk Science Director Jack Freund writes in a new column for ISACA, Risk Analysis Requires Business Acumen:
“Far too often, risk analysts are brimming with knowledge of controls and threats but have little understanding of how an organization makes money. This means they are innately unable to complete a risk assessment as they are missing information to appropriately assess business impact.”
Jack, the co-author of the FAIR book Measuring and Managing Information Risk, offers this to-do list of topics to learn:
“Having a working knowledge of these areas of the enterprise enables a risk analyst to better assess loss magnitude forms such as productivity, competitive advantage, fines and judgements, and reputation damage,” Jack writes. “Upgrading your business acumen will improve your ability to assess business loss and by extension risk.”
Also by Jack Freund: ZombieLoad at the Gates - FAIR on Defense (FAIR Institute Blog)