As I mentioned above, understanding the activities of various departments can add another layer of challenge to data and vendor management. More often than not, different departments use different language to describe the exact same thing, making it difficult to develop and apply policies across the organization.
That’s where the risk-based translator comes in.
Developed by the LogicManager team, this handy tool maps key terms from each department, using traditional, siloed language to its relevant activity using a common risk-based language that can be leveraged by the company as a whole.
Take “Vulnerability Analysis” for example. Within the information security department, everyone speaks the same language. You’re all on the same page and everyone knows what needs to be done. Head over to the vendor management team to discuss your requirements however, and you might lose them instantly. That’s because they call this analysis “Vendor Due Diligence.”
Using the tool, you can now easily determine the activity type (in this case, “assess”), translate your words to theirs and work with vendor management, or any other department, using a common language.
A risk-based approach doesn’t just help with developing and applying policies. It can also help with another aspect of cybersecurity that often bogs down information security professionals: reporting. Ultimately, engaging across departments helps achieve strategic objectives set by the board, however departments differ in how they prefer to share their progress on those initiatives. Without an efficient process in place, IT can feel like they are spending all their time generating reports on data they don’t understand. With a risk-based approach, data can be aggregated using a central framework, prioritized, and reported out on in many different ways.
In other words, choose a standard of reporting, assess the data once, and then slice and dice into any other way the business needs to see it.