Security Program Management and Risk

by Archie Andrews
Sept. 1, 2017 0 comments SANS Institute Pen Testing & Audits auditing & assessment

This paper argues for building a security management program on a foundation of business risk assessment and risk management. It defines and explains risk, risk assessment, risk management and relates business risk management to security risk management.

https://www.sans.org/reading-room/whitepapers/auditing/security-program-management-risk-1061