Created by the Security Executive Council
This chart provides an easy to understand diagram of a process with which to make security risk management decisions. Although most security practitioners will recognize the role threats, vulnerabilities and risk play in making those decisions, this chart will help them to remember the equally important aspects necessary to ensure a proper alignment with the organization's goals.
Here are some things to keep in mind when using the chart:
- Know your organization's critical facilities and where valued assets are located and match these up with your organization's enterprise security risk assessment.
- Having an external organization perform an enterprise security risk assessment will provide a different perspective that can be key to identifying risk not seen in assessments performed in-house.
- Business risk owners must understand their role in the risk mitigation process - this helps make sure security programs are aligned with the organization's goals.
- Implementing a mitigation strategy is not sufficient - you must have an effective metrics program to measure and demonstrate the value of the strategy.
The SEC has extensive real-life experience in all the process steps shown in this chart. We know their intricacies and can help navigate past the "gotchas" that lie hidden beneath these seemingly simple steps.