25. Risk Tolerance
Risk Tolerance
Risk Tolerance is:
- How much risk are they willing to take?
- Does management welcome risk or want to avoid it?
The level of risk tolerance varies across organizations, and even internally(same company but different sectors): Different departments may have different attitudes toward what is acceptable or unacceptable risk.
Understanding this is the starting point of for getting management to take action regarding risks.
Executive management and/or the Board of Directors determines what is an acceptable level of risk for the organization.
Security professionals aim to maintain the levels of risk within management’s limit of risk tolerance.