Tag: reasonable assurance
An important part of an information security professional’s job is communicating risk. Clear, concise communication that leadership can understand and act upon is the heart of a risk management system. The challenge is that many IT risk scenarios appear abstract, vague, or irrelevant to colleagues working outside of InfoSec. Consider a common interaction that might…
Read MoreBeyond the overall status of the program, you need be able explain cyber risk in terms that executives can understand. Keep it simple and remember this important nuance: many people don’t realize that risk has two components: likelihood and impact. For example, some people tend to react to catastrophic impacts (what are we doing…
Read More