Quora on Andrew Sheves

What is a risk mitigation plan?

Fri, 13 Jul 2018 00:00:00 +0000

This post originally appeared on Quora in response to the question ‘What is a risk mitigation plan?’ Link

What is a risk mitigation plan

The risk mitigation plan is a series of specific actions or steps you will take in response to a risk once you have completed your risk assessment. However, before you start to develop the mitigation plan in detail, you need to determine a general course of action based on one of five main options: avoid, tolerate, treat, transfer and terminate (A4T). Which of these is most applicable will depend on your risk tolerance (short term), risk appetite (longer term) and what you can reasonably achieve with the resources available (ALARP).

Convincing people to take risks

Fri, 06 Jul 2018 00:00:00 +0000

This post first appeared on Quora in response to the question ‘How do you convince people to take a risk in a company?’ Link.

How do you convince people to take a risk in a company?

Firstly, I don’t think we should ever push people to take risks that 1) they are uncomfortable with and 2) that don’t serve the company’s objectives.

However, I also know that sometimes people might overestimate and subsequently avoid a risk that might actually benefit them and the company. That is something we can help with.

Risk management and the security manager – a quick note

Sat, 30 Jun 2018 00:00:00 +0000

This post originally appeared on Quora in answer to the question “How does risk management fit in security risk management profession?” Link

How does risk management fit in security risk management profession?

Ideally, a security manager will use a risk management foundation for their security management system. This will help integrate security risks into the organization’s understanding of its overall risk environment. This focus also ensures that the security program is focussed on protecting the organization’s objectives which aligns with the ISO definition of risk: