Those known knowns, unknown unknowns, and known unknowns. ISO 270001 Risk management is about setting the best course of action to take for those elements of uncertainty. We cannot plan for everything but we can have a policy and approach about how we deal with it. Risk is all about the uncertainty that surrounds future events and the outcomes. It allows the business to decide what controls to put in place and to what level. It is a sensible approach to information security. I like a risk based management approach to information security.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |