Discover a practical approach to implementing a risk management program for small or immature organizations in this BSidesLV conference talk. Learn about the fundamental components of risk management, including threat events, vulnerabilities, and secondary loss events. Explore the reasons for establishing a risk management program and examine current options available for smaller entities. Follow a step-by-step guide to creating a basic plan, starting with defining scope and inventorying assets. Gain insights into performing Binary Risk Assessments and understand their role within a comprehensive program. Delve into risk treatment strategies and decision-making processes, including determining appropriate sign-off levels for different risk categories. Address the weaknesses of Binary Risk Assessments by incorporating Factor Analysis of Information Risk. Acquire knowledge on essential documentation, including risk management policies and templates for risk treatment decisions. Enhance your organization's security posture with this minimum viable risk management framework. Read more