One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 1501880 |
| Date de publication | 2020-01-19 09:00:00 (vue: 2020-01-19 17:42:45) |
| Titre | NBlog Jan 19 - exercising in private |
| Texte |  Continuing this mini-series of bloggings inspired by business continuity exercises, today I'm talking about other sources of creative inspiration for security awareness purposes - specifically, information from within and around the organization concerning incidents, near-misses, information risks and other issues that are known internally but haven't (yet!) been picked up by the news media. There's a wealth of information there, behind closed doors.Most organizations care enough about various kinds of risks to manage them explicitly. All organizations seeking certification against ISO/IEC 27001 are required to manage information risks (by which I mean "risks pertaining to information"), a process that starts by identifying the risks to be managed.How do they do that?One approach involves considering the organization's risks in general: what threatens achievement of corporate/business objectives? And which of those risks has an information element? Large, mature organizations typically have some sort of 'corporate risk register', perhaps even a dedicated team or department of risk experts primarily responsible for risk management, especially (if not exclusively) for the "significant", "substantial", "strategic" or "bet-the-farm" risks. Other organizations have more diffuse arrangements for managing risks, perhaps just an implicit, integral or informal part of 'governing', 'managing' or 'doing business'. Either way, the risks typically identified at that high level may not be labelled or even considered to be "information risks" but many are, or have an information aspect. Fluctuating exchange and interest rates, for instance, can have significant implications for corporate financial management, and so need to managed carefully: the rates, plus the factors influencing them, plus the details around how the rates affect corporate finances, plus the financial management systems and processes themselves, all revolve around information ... hence there are information risks. Pick any other significant corporate risk and you can almost certainly find significant information risks.Another approach explores business processes, systems etc. For business continuity purposes, a classical Business Impa |
| Envoyé | Oui |
| Condensat | a it large mature that those 2003 27001 about absolutely achievement activities actually adverse affect again against all almost another any appreciation approach approaches are around arrangements aspect aspects assessment associated attic awareness because been behind being bet bias bitten blind blinkers bloggings both bound broader broadly building business but can capabilities care carefully: caused certainly certification challenges classical close closed colleagues come compliance computer concerned concerning concerns considered considering content context continue continuing continuity contractual contribute controls corporate corporate/business corporation coverage covering creative creatively critical culture cyber damage dark data dealing dedicated deeper deeply department details diffuse dig directly disaster discover doesn doing don doors driven dusting either element employees enough escaped especially etc even events ever every excellent exchange exclusively exercises exercising expect experienced experts explicitly exploiting explore explores extend extremely factors farm field finances financial find flows fluctuating focuses focusing fortunate four fourth from general general: generic go: governance governing happens has have haven help hence high highlighting how however i mean identified identifying impact impacts impetus implications implicit important incident incidents include including industry influencing informal information inspiration inspired instance insurance integral intellectual interest interesting internally investigations involved involves involving iso/iec issues its itself jan just kinds known labelled latitude laws learning let level library little locale long looking looks lot love main maintaining makes manage managed management managing many map mapping massive materialised matter matters may means media members mini misses month more most must narrower narrowly natural nblog near need neighbours news nice not now objectives obvious occasion off office once one operating opportunities order organization organizations other others out outside pain part particularly partners peers people perhaps personal perspective perspectives pertaining pertinent pick picked plenty plus points policies post previously primarily prioritizing privacy private process processes program property prosper protection purposes raise rates reaction reactions really reason register registers related relates relating relationships relevant reports required resources responsible revolve right rights risk risks rummage run same say security seeking sense sensitivities series serious set short should shy sided significance significant simply since since information situations social some sort source sources specifically starts strategic strategic/corporate stuff subset substantial such survive systems talk talking team technology term terms the awareness the same them themselves there these thing things thinking third those threatens threats thrive through to information today topics tough training twice typically understanding unique usually value various view vulnerabilities warned way wealth wearing weren what whatever when where whether which within worked worth yet you your |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.