Inter-Organizational Information Risk

Information handling can be outsourced. Accountability can not. When things go wrong, the image loss remains with the owner.

Risk is managed at multiple levels.

Organization: clarify boundaries of responsibility, align policies and practices, establish process
System: assign risk ownership - what if our assets are transmitted through your infrastructure?
Individual: which person carries which role?

When systems transcend boundaries of organizations, how do we make sure the ball is not dropped?

No comments: