4 Security and Risk Management

This chapter is about security and risk management. We will be discussing the importance of risk management and why you need it. Security and risk management is the process of balancing cyber risks, the controls to thwart attacks, and a budget. Business is about making money, and security and risk management is the process of choosing the controls that work for your company’s budget. Your company can’t be 100% secure, nor can there be 0% risk. Security is a balance of what is most important, what can wait, and what risks are acceptable to your business.

In this chapter, we’re going to cover the following main topics:

What is risk management?
Identifying risks
Monitoring your controls
Key performance indicators ...

Get A CISO Guide to Cyber Resilience now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

A CISO Guide to Cyber Resilience by Debra Baker

4

Security and Risk Management

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly