The practice of risk management is widely deployed in the financial industry.
In the realm of Information Security, Risk Management has a different meaning. The following options are presented to decision makers:
- Should the risk be addressed? This is usually achieved with the technical implementation of a process
- Should the risk be mitigated? This is usually achieved with a combination of business and technical implementations
- Should the risk be accepted? This is usually achieved with a business decision
Effective Risk Management relies on clear communication with the stakeholders of the situation, the possible mitigating controls available, and the potential consequences of ‘doing nothing’. In other words, what can happen if we accept the current situation?
ProGloBix has experienced personnel that can guide your company in the process of making risk-based decisions. These decisions should be revisited as the situation being considered changes, either by internal or external events.