14 Managing Risk

Now that we have covered Governance in detail, we will review the Risk component of the Governance, Risk, and Compliance (GRC) program, along with the importance of risk. As we have stated multiple times, everything we manage as cybersecurity professionals is about risk. As you manage risk as a leader, it is important that you translate the technical component of risk into business terms so that a business can understand it from an impact perspective. It is not our job as cybersecurity leaders (or those on our team) to say no to the business. Our role is to assess the risk level of the identified risk and translate it into business terms for review. If a risk has been identified, it is then a business decision to determine whether ...

Get Resilient Cybersecurity now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Resilient Cybersecurity by Mark Dunkerley

14

Managing Risk

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly