8 RISK REPORTING AND PRESENTATION
The process of communicating within the information risk management programme is extremely important, and serves a number of purposes. It allows the information risk management programme manager to:
- maintain a two-way flow of information between the programme manager and those stakeholders who are closely involved in the process of impact, threat and vulnerability assessments;
- keep the organisation’s senior management and other stakeholders informed of general progress;
- flag up any risks deemed to be very severe, and which require immediate attention;
- present business cases requesting approval of recommendations and funding;
- report on those risks that have been successfully treated and those that remain untreated. ...