Quora

This post originally appeared on Quora in response to the question ‘What is a risk mitigation plan?’ Link What is a risk mitigation plan The risk mitigation plan is a series of specific actions or steps you will take in response to a risk once you have completed your risk assessment. However, before you start to develop the mitigation plan in detail, you need to determine a general course of action based on one of five main options: avoid, tolerate, treat, transfer and terminate (A4T). Which of these is most applicable will depend on your risk tolerance (short term), risk appetite (longer term) and what you can reasonably achieve with the resources available (ALARP). ...

This post first appeared on Quora in response to the question ‘How do you convince people to take a risk in a company?’ Link. How do you convince people to take a risk in a company? Firstly, I don’t think we should ever push people to take risks that 1) they are uncomfortable with and 2) that don’t serve the company’s objectives. However, I also know that sometimes people might overestimate and subsequently avoid a risk that might actually benefit them and the company. That is something we can help with. ...

This post originally appeared on Quora in answer to the question “How does risk management fit in security risk management profession?” Link How does risk management fit in security risk management profession? Ideally, a security manager will use a risk management foundation for their security management system. This will help integrate security risks into the organization’s understanding of its overall risk environment. This focus also ensures that the security program is focussed on protecting the organization’s objectives which aligns with the ISO definition of risk: ...