Explore
Managing Risk and Information Security: Protect to Enable
Malcolm W. Harkins
2016
The challenge we sometimes face is how to characterize that responsibility. Is our responsibility to limit liability for our organizations? Or is it a duty of care to the people whose information we store? What values are we using when we make decisions about cyber risk, and what bias do those values create in our decisions? Are we forwardlooking enough, or will the decisions we make to fix our problems today create other problems in the future? As Benjamin Franklin once said, “All human situations have their inconveniences. We feel those of the present but neither see nor feel those of the future; and hence we often make troublesome changes without amendment, and frequently for the worse.” As security and privacy professionals, a key part of our role is to ensure the right dialogue and debate occurs. We need to ask “high-contrast” questions that sharply define the implications of the choices our organizations make. We need to make sure that the opportunities are as clearly defined as the obligations to mitigate risk, so that our organizations make the right decisions. And we need to take equal responsibility for the outcomes of those choices, as opposed to abdicating that responsibility solely to the business. Once the choice is made, we must transition out of the debate about what is right and focus on taking the right actions—on making tomorrow better than today.
This book is included in DOAB.
Why read this book? Have your say.
You must be logged in to comment.
Rights Information
Are you the author or publisher of this work? If so, you can claim it as yours by registering as an Unglue.it rights holder.Downloads
- 140 - mobi (CC BY-NC-ND) at Unglue.it.
- 44 - pdf (CC BY-NC-ND) at Unglue.it.
- 36 - epub (CC BY-NC-ND) at Unglue.it.
Keywords
- CISO
- governance
- Information Security
- Risk assessment
- vulnerabilities