One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1495750 |
| Date de publication | 2019-11-10 11:20:08 (vue: 2020-01-03 15:00:04) |
| Titre | NBlog Nov 10 - strategic risk management |
| Texte |  There's an old old joke about a passing stranger asking for directions to Limerick. "Well," says the farmer, "If oi was you, oi wouldn't start from here".So it is with infosec strategies. Regardless of where your organization may be headed, by definition you set out from a less than ideal starting point. If it was ideal, you wouldn't be heading somewhere else, would you? That naive perspective immediately suggests two alternatives:Bear in mind where you are today, planning your route accordingly.Regardless of where you are today, focus exclusively on the destination and how to get there.Actually, those are just two of many possibilities. It's even possible to do both: strategic thinking generally includes a good measure of blue-sky idealist thinking, tempered by at least a modicum of reality and pragmatism. 'We are where we are'. We have a history and finite resources at our disposal ... including limited knowledge about our history, current situation and future direction. What's more, the world is a dynamic place and we don't exist in a vacuum, hence any sensible infosec strategy needs to take account of factors such as competitors, compliance and other challenges ahead - situational awareness plus conjecture about how the situation might conceivably change as we put our cunning strategy into practice (as in chess). That's risk, information risk in fact, amenable to information risk management in the conventional, straightforward, systematic manner:Identify and characterise the risk/s, both negative and positive (opportunities, the possibility that things might turn out even better than planned);Quantify and evaluate the risk/s;Decide what to do about them;Do it! Finalise the strategy, negotiate its approval (with all that entails) and make it so;Manage and monitor things as the strategy unfolds and changes inevitably happen; |
| Envoyé | Oui |
| Condensat | that ;quantify about accordingly account achieve activities actually addition adopters ahead all almost alternatives:bear always amenable any anywhere approval are asking assurance awareness behind better biased blind blog blue both both: bullet challenges change changes characterise chess compared competitors compliance conceivably conjecture constrained/ controls conventional creative cunning current curve definition destination different direction directions discover disposal don dynamic early else ended energy enough entails estimate evaluate even events exclusively exist fact factors failures farmer figuring final finalise finite flaws floundering focus forth: frequently from future gaining generally get good governance happen;learn hard have headed heading hence here history how ideal idealist immediately impacts implicit includes including inertia inevitably information infosec it:do its joke just kinds knowledge late learning least less limerick limited little load longer looking lost make management manner:identify many may measure middle might mind miss modicum monitor more much naive nblog needs negative negotiate new nov often old one opportunities organization other out over overcome part passing past peers perspective place plan planned planning plus point points positive possibilities possibility possible practice pragmatism process pushing put quite reality reasons redeploy regardless resource resources result right risk risk/s risk/s;decide route says security sensible set sided situation situational sky slack so;manage somewhere sorts start starting straightforward stranger strategic strategies strategy strengths struggle stuff successes such suggests systematic take tempered than that them;do there things think thinking those threats tightest time today too turn two typically under unexpected unfolds usually vacuum variation vulnerabilities waffling way weaknesses well what where which why within world would wouldn your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.