Risk management is the essence of what we do as information security professionals. We identify key security risks and analyze those risks in the context of the business. We then communicate the confirmed or potential outcomes to management. Finally, we decide — or wait for decisions — on how to respond. Many security challenges begin at this step.
Don’t Sit Back and Wait for Security Risks to Disappear
