<\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n<\/span><\/p>\nRecommendations<\/strong><\/h2>\nKey Points<\/strong><\/em><\/h3>\n\n- The best security programs are built upon defensible risk management.<\/span><\/span><\/strong>\u202f<\/strong>With an appropriate risk management program in place, you can ensure that security decisions are made strategically instead of based on frameworks and gut feelings. This will optimize any security planning and budgeting.<\/span> <\/span><\/span><\/span><\/span><\/span><\/em><\/span><\/span><\/span><\/span><\/em><\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n
- All risks can be quantified.\u202f<\/span><\/span><\/strong>Security, compliance, legal, or other risks can be quantified using <\/span>the<\/span> methodology.<\/span> <\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n
<\/span><\/p>\nApproach<\/strong><\/em><\/h3>\n\n- Develop a security risk management program to create a standardized methodology for assessing and managing the risk that information systems face.<\/span> <\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n
- Build a risk governance structure that makes it clear how security risks can be escalated within the organization and who makes the final decision on certain risks.<\/span> <\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n
- Use <\/span>t<\/span>he<\/span> risk assessment methodology to quantifiably evaluate the threat severity for any new or existing project or initiative.<\/span> <\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n
- Tie together all aspects of your risk management program, including your information security risk tolerance level, threat and risk assessments, and mitigation effectiveness models.<\/span> <\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/li>\n<\/ul>\n
Methodology and Tools<\/strong><\/h2>\nExecutive Brief<\/strong><\/h3>\nRead <\/span><\/span>the<\/span><\/span> concise Executive Brief to find out why you should develop and implement a security risk management program<\/span><\/span> and<\/span><\/span> review <\/span><\/span>th<\/span><\/span>e<\/span><\/span> methodology.<\/span><\/span> <\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/p>\n\n- Develop a Security Risk Management Program<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/span> \u2013 Executive Brief<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n
- Develop a Security Risk Management Program<\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/span> \u2013 Phases 1-4<\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/span><\/strong><\/span><\/li>\n<\/ul>\n
1.