This white paper has been shared courtesy of RiskLens.
Too often, information security risk decisions fall victim to one or both of the following fundamental problems: decisions are made by the wrong people and/or they’re made with inadequate information. Failure to understand and agree upon who should be making which risk decisions can lead to:
Unmet expectations and objectives
Lack of executive management support
Impact to other business priorities
Making decisions without adequate information, on the other hand, generally results in spending on the wrong things, spending too much, or not spending enough.
This article will provide insight into the factors that drive risk decisions, the role of business management and security experts in decision making, as well as the information that’s necessary in order to make well-informed risk decisions.