A word that I'm hearing a lot these days from clients is "Risk". And yes, it has a capital R. Every time. Once “inside” the flowchart, I found that I was impressed with the emphasis on business and organizational language – this standard is written to get buy-in from management (this is a good thing).
I can’t cover every aspect of a 68 page standard in 1 page, but suffice to say that this one is well worth the purchase price – yes, it’s an ISO standard so you’ll have to buy it to use it. If you've got a "risk management" war story, or a comment on this post, please use our comment form, we'd love to hear from your!
References: (2011). ISO/IEC 27005 - Information technology - Security techniques - Information security risk management (ISO/IEC 27005:2011). Geneva, Switzerland: International Standards Organization (2009). Cloud Computing: Benefits, risks and recommendations for information security. Crete, Greece: ENISA - European Network and Information Security Agency.
=============== |
Rob VandenBrink 556 Posts ISC Handler Oct 17th 2012 |
Thread locked Subscribe |
Oct 17th 2012 8 years ago |
The big thing here is, what is the cost of things goinjg wrong. You do not spend $101 to protect against something that will never cost more than $100.
And then there is also the likelyhood of things happening. IT Security has to be more pragmatic these days, how do we get most security for the money. Lower the risk by 80% for 20% of the price is often the best option. Unless you can remove all your users from the computers, there will always be a residual risk. |
Anonymous |
Quote |
Oct 18th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!