Risk Management
Chapter 3 covers risk management, the umbrella under which all of controls are identified and ultimately implemented. Several key questions are then presented.
Keywords
NIST; factor analysis of information risk (FAIR)
I mentioned that risk management is an umbrella under which all of these controls are identified and ultimately implemented. The first questions you should ask, and you can ask this of anyone, nontechnical or technical, are:
What could go wrong at our organization?
What are the bad things that can happen that we’re worried about?
It’s important that you have an open, honest conversation about the risks ...
Get Infosec Management Fundamentals now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
