http://risktical.com/2008/12/12/risk-convergence-frustrations/ Assessing, Articulating & Quantifying Information Security Risk Mon, 31 Oct 2011 20:19:19 +0000 hourly 1 http://wordpress.com/ http://risktical.com/2008/12/12/risk-convergence-frustrations/#comment-162 Fri, 26 Dec 2008 08:49:22 +0000 http://risktical.com/?p=128#comment-162 I have three points to share regarding risks:
a) Any risk identification or mitigation in any form should be the responsibility of the function where it exists or has been detected and is the accountability of the leadership which would be leading the area where the risk impact is bound to surface.
b) There are adequate simple and complex methodologies existing for identifying risks (mitigation, of course, depends on the people who want to act on these identified risks) but most of such identification exercises go bust because of excessive hype around the “risk identification and mitigation planning exercise” and what i call “sleeping over a set of risks”.
c)Attaching Dollar value to the risks sells it better but there are several risks which have cascading, jeopordising, and non-monetary impact and they should be (but mostly are not) treated with equal priority and gusto.

]]>