CHAPTER 3: BUSINESS RISK APPETITE

Chapter Overview

The business’ risk appetite is perhaps the most important thing to know when working to secure a system. When I began my career in security I understood how to secure a system; I had a wealth of knowledge, tools and techniques for protecting different systems. What I did not understand at that stage, however, was how do I know which controls to implement and how secure should each system be. What I did not understand was the risk appetite, which is (defined by ISO31000) how much risk is the business willing to accept in trying to achieve its goals. Of course it’s not simply a case of saying I’m this hungry for risk; we need to understand how to define that hunger and then apply it. Risk appetite ...

Get Information Security A Practical Guide: Bridging the Gap between IT and Management now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.