|
Post by SecurityPlus on Sept 23, 2015 14:34:47 GMT
7. Manage Risk, not Security
Few companies in the world are in the business of security yet all need to be sufficiently secure to continue in business. Information security programs should focus on managing risk and working with the business to determine, achieve and maintain a level of appropriate risk for their business. Risk levels are usually best determined by a combination of security advice and business acumen. Partnering with the business to determine and manage risk usually works best. Corporate information security departments should manage risk in conjunction with Risk Management, Legal and Regulatory Compliance, Internal Audit and other Governance related functions, not impose maximum security.
-----------------------------
This is the main contents. Please refer the original contents.
Please comment on regarding modifications of subject, this content and
additional content.
1. Category needs to be deleted.
2. Revise Content : If the contents need to be revised, please kindly
inform us your opinion in detail.
3. New Proposals
|
|