Educause Security Discussion mailing list archives
Security Risks vs Operational Risks
From: Colin Abbott <colin.abbott () MCGILL CA>
Date: Fri, 4 Mar 2016 19:17:04 +0000
Hello, As part of building our ISMS we are currently defining our processes for Risk management. We have been asked to expand the process outside of security and also address how security impacts operational activities. We are being asked to do this mainly because often even when there is a security vulnerability that is rated as critical operation teams don't immediately want to address it due to lack of resources, competing projects, testing effort, production instability. We are trying to build a framework that helps operations managers reduce their operation risks and guide them to make decisions. Has anyone already defined a framework to assess security risks against operational risks? Thanks Colin [cid:image001.png@01D1760C.2CCD4430]Colin Abbott, Associate of (ISC)2 working towards CISSP | IT Security Architect | McGill University | Network and Communication Services | '514-398-5070
Current thread:
- Security Risks vs Operational Risks Colin Abbott (Mar 04)