Risk management in information security, are there practical materials?

A

Alistair O2016-09-30 11:16:20

Information Security

Alistair O, 2016-09-30 11:16:20

Good afternoon, I read books on risk management in relation to IT, in almost all books half is just water, they write about the abstract, I think there is little use in such books. I wanted to ask you, dear information security specialists, how you carry out risk management, you can write, using an example, the sequence of stages in risk management.
thank you very much in advance.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Andrew, 2016-09-30
@OLS

If you are engaged in information security in practice, then you carry out risk management constantly and continuously. Any change in infrastructure aimed at improving information security, or the introduction of dedicated protection tools, is an activity generated by some threats. That is, you always have risk management.
Another thing is that for many specialists this process is much easier to carry out if it is formalized, if someone from the outside sorts out all the possible risks that companies of a given level or a given field of activity face.
That is why during various audits, etc. it is welcomed and sometimes required that the risk management procedure be formalized. For the majority (both from the implementing and from the verifying side) it is easier, clearer, more transparent; less likely to miss something.
If there are no supervisory authorities over you, make a decision on the formalization of risk management yourself, but informally - it always exists.