The InfoSec Blog

Cyber risk in the business

Posted by Anton Aylward

https://normanmarks.wordpress.com/2015/06/05/cyber-risk-and-the-boardroom/

The take-away that is relevant :

Cyber risk should not be managed separately from enterprise or business risk. Cyber may be only one of several sources of risk to a new initiative, and the total risk to that initiative needs to be understood.

Cyber-related risk should be assessed and evaluated based on its effect on the business, not based on some calculated value for the information asset.