The science, and sometimes art, of logical business information security.
The principles of information security & risk management are no different to other security disciplines. The unique challenge lies in the vast range of forms data and information take when at rest, in motion or being processed. Technology provides multiple avenues and vectors to both reap the benefits of, and exploit, information. Society is relentless in its hunger to evolve the manner in which we obtain, absorb and share information, often without perceiving the negative effects of such innovation. Knowing and understanding your information is the 1st step in being able to effectively manage and secure it.
When it comes to risk management, be pragmatic, know your business and the operating environment, but always ask “what if…” and facilitate open and honest dialogue. Understand the tension between operations and risk and address it rather than hide behind it. Risk management is only effective when trusted relationships, mutual respect, and knowledge are unified by a common goal. Today’s organisations are too complex for a single unit or team to effectively manage risk, so collaboration between assurance and risk management (business unit risk management, information security, internal audit, etc) is the key to success.
Blog: ‘A website that allows users to reflect thoughts and opinions‘
Posts on this site are my own (shortened) opinions and references to other sites. Drop me a comment if you would like to discuss anything further.
Follow me on Twitter @rob_bainbridge