STEVE GREENHAM

Wikipedia defines Security Management as "… the identification of an organization's assets (including information assets), followed by the development, documentation, and implementation of policies and procedures for protecting these assets." The problem is, this sounds a lot like Information Risk Management... There are many approaches to Risk Assessment and Risk Management, but most are an iterative process where risk scenarios are identified, assessed, treated with controls, and the residual risk accepted, transferred or treated to reduce it further... Some risk management methodologies create exhaustive lists of information assets, the business impact if they are compromised, and the threats and vulnerabilities that may result in a compromise. Other methodologies are more scenario based and lend themselves to a more strategic approach that aligns information risk management to other risk disciplines, such as operational risk or holistic enterprise risk.

Primary location: United Kingdom