The Industry Risk Assessment Disconnect and the Solution
There is a disconnect between traditional Risk Assessments and what our legal system is asking us to do. A standard has recently emerged, Duty of Care Risk Analysis (DoCRA), that bridges this gap. DoCRA helps organizations develop criteria by which they can prioritize risk and develop consensus on acceptable risk between business, legal and information security. The standard, when implemented correctly, allows organizations to articulate and defend their decisions to interested 3rd parties, regulators, and the courts.