You Can’t Manage What You Can’t Describe

managing business

The current situation in many organizations is a siloed operation in digital coexistence, often lacking a unified tactical approach to risk management, which in turn drives performance, regulatory and organizational compliance management, legal management, audit management, third-party risk management, digital risk management, and business continuity management.

Peter Drucker’s famous quote “you can’t manage what you can’t measure” is a key to solving this situation. However, the CEO of Corporater, Tor Inge Vasshus, once said “you can’t manage what you can’t describe” to help executives complement their metrics and get to a deeper understanding of their business.

“You can’t manage what you can’t describe.”

– Tor Inge Vasshus, CEO | Corporater

To bridge the communication gap for cyber risk, you must start describing your digital assets, assigning responsibilities, valuing them, risk assessing them using a VaR approach, and then add a comment from an SME to complement your metrics.

Here are a few examples of metrics you should consider monitoring holistically:

  • The ability to recover from a cyber-attack expressed as cyber resilience in a BCM context
  • The value of your assets
  • Risk exposure
  • Effectiveness for risk and compliance management
  • Effectiveness for assurance

This is an excerpt from the thought leadership article “Cyber Threat Risk Management in the Era of Digital Transformation”. To download the full article, please click here.