2014-06-30

accepted, by whom?

Acceptance is often a reasonable strategy for InfoRisk.

Who does the accepting?

If you have one omnipotent Risk Manager who calls the shots, the answer is simple.

But, to create a risk culture, Risk Management will have to take place on multiple levels.

Suppose the Network Dept assess a certain risk, can they accept it on behalf of the organization? If yes, how are they in a position to judge (and accept) the business impact? If no, how can Risk Mgmt be scalable unless responsibility is delegated?
Post a Comment
20170623