Risk management is at the heart of everything we do in information security . The information security manager must advocate a risk based approach for every security-related decision taken by the business,including even the simplest decisions, such as whether or not to buy a firewall for the perimeter defense or purchase some antivirus software for the desktop.
The Language of Risk
The most effective way to integrate your information security risk management capability with the rest of the organization is to educate everyone on the language of risk. Getting everyone speaking the same language means it becomes easier to communicate security decisions and requirements to the diverse variety of audiences that you will be required to engage with.
Start by making sure your own team (or your assurance team as well as any technical security teams in operations or architecture) understands information security risk management speak. Make sure that they also understand the full information risk management process. If you need to send them on formal training, do so as soon as possible, since this will become the doctrine that underpins everything they do.
Build explanations of language and terminology into your security awareness training course. Provide examples of where the terms are used and put some local business context around them so that your team can see the common usage in your own environment. Your ambition should be to walk up to and discuss a security incident, along with its risk to the business, and they’ll understand how to prioritize it and raise it with the relevant teams. Exactly the same message could be conveyed to an engineer in your networking team, the chief financial officer (CFO) , or the receptionist, and they will understand it.
If you use partners or outsourced service providers, you need to make sure that they are also on the same page in terms of their use of language. You need to make sure that when you talk to your infrastructure outsourcer or your development partner about a threat model or risk assessment, they understand what you mean and what to do with the information you provide them.
Click Here To Sign-Up @ https://namecheap.pxf.io/c/3246283/1183707/5618