Sunday, October 13, 2013

RIsk Management Practice

All organizations need some sort of risk management process to identify the risks and hazards in the workplace. In the cyber realm, the risk management process helps to identify the vulnerabilities and shortcomings so that IT personnel can develop measures that help protect the organization.

So what does this mean for the everyday organization or business? It means that this process is a necessary one and a without a risk management process or an emphasis on it, your business is at risk for an attack or intrusion on the data within the organization.

So the bottom line is that a risk management process should be identified early on in the strategic goals to allow for the implementation of this process without accepting risk in other areas. The process should be simple in nature to allow for easy implementation. Remember risk management is a balancing act between the risk and the overall opportunity. You have to be able to determine  if we can accept that risk and that gives us the opportunity and ability to exploit that situation.

In order for a security-based risk management strategy to be successful, it is clear that we need to better align our security efforts with the goals of the business. That partnership with our business counterparts is crucial to the success and advancement of our careers.

If you would like to learn more, read the following:

http://www.infosecisland.com/blogview/22624-Fifteen-Tips-to-Improve-Your-Infosec-Risk-Management-Practice.html

https://securosis.com/research/threat-intelligence-for-ecosystem-risk-management

http://www.infosecisland.com/blogview/18897-Risk-Management--More-Than-Just-Risk-Assessment.html

No comments:

Post a Comment