Matt Topper continues his SOC 2 series with an in-depth look at Risk Assessment and the importance of establishing clear objectives.
In this video Topper makes a clear case for why an organization needs to establish controls that are tailored to its unique vulnerabilities.
Risk assessment can't be a one-size-fits-all exercise because that approach neglects to consider issues specific to a given environment. Predetermined threats and vulnerabilities based on a standardized, generic checklist may help pass an audit, but they won't necessarily address all of the actual risks a company faces.
Topper offers a detailed look at some important topics surrounding Risk Assessment, including:
- Types of Objectives
- Risk Assessment Process
- Fraud Considerations
- Assessing Changes