In security, protection is as strong as the weakest link and so raising the overall security posture of a company is wise. But security organizations just cannot lose sight of critical business risks that can destroy companies. The term Lines of Business (LOB)describes how companies are organized. LOB leaders have the critical information that every security team needs to design and optimize security programs. The security organization’s challenge is to recognize and capture the information quickly and efficiently.
In this article, an exercise called Riches, Ruins & Regulations has been devised to uncover business risks in a non-technical and interesting way. Riches, Ruins & Regulations is moderated by a member of the security team and performed by a small group of LOB leaders. The primary purpose of the exercise is to uncover information assets of significant value if stolen, potential attacks that might cause great damage, and costs associated with failure to meet regulatory requirements. (PDF, 12 pages, 105 KB)